User:Bipface/Installing H@H on Debian or Ubuntu: Difference between revisions
No edit summary |
|||
| Line 11: | Line 11: | ||
* One or more 'active' [https://e-hentai.org/hentaiathome.php Hentai@Home Clients] on your account. | * One or more 'active' [https://e-hentai.org/hentaiathome.php Hentai@Home Clients] on your account. | ||
* An open port through which the client can accept connections from the internet, as explained in the [[Hentai@Home#Minimum Requirements|minimum requirements]] section | * An open port through which the client can accept connections from the internet, as explained in the [[Hentai@Home#Minimum Requirements|minimum requirements]] section.<br>Check for firewall rules by running <code># iptables --list-rules</code>. | ||
* This guide assumes a server-style environment, typical of VPS/cloud-hosted systems. Installation on desktop or IoT systems, for example, may require doing some things differently. | * This guide assumes a server-style environment, typical of VPS/cloud-hosted systems. Installation on desktop or IoT systems, for example, may require doing some things differently. | ||
| Line 105: | Line 105: | ||
Now start the service: | Now start the service: | ||
<pre># systemctl start hath</pre> | <pre># systemctl start hath</pre> | ||
==Using Port 443== | |||
H@H will work on most port numbers, however making it accessible on port 443 is recommended as more users will be able to connect to it.<br>On Linux, ports numbers below 1024 are considered ''privileged''. Additional steps are required in order for H@H to utilise ports in the privileged range. | |||
There are multiple options for achieving this. The most common approaches are as follows. | |||
Before proceeding, stop the H@H service (<code># systemctl stop hath</code>) and configure your client to use port 443 on the [https://e-hentai.org/hentaiathome.php Hentai@Home Clients] page. | |||
===POSIX Capabilities=== | |||
The easiest solution is to enable the corresponding ''capability'' on the Java binary. | |||
Firstly ensure the <code>setcap</code> utility is installed, by running: | |||
<pre># apt install libcap2-bin</pre> | |||
Next, [[#Defining the H@H Service|edit the H@H unit file]] again, and add the following line in the <code>[Service]</code> section: | |||
<pre>ExecStartPre=+/bin/sh -c 'setcap "cap_net_bind_service=+ep" "$(readlink -f /usr/bin/java)"'<pre> | |||
This will ensure that the Java binary can bind to privileged ports before launching the H@H client. | |||
Now start the service again: | |||
<pre># systemctl start hath</pre> | |||
Note that this approach may not be suitable if your system is using Java for other purposes as well. Using <code>setcap</code> has been known to cause adverse effects in some cases, so be sure to test any other Java applications present on your system. | |||
===Port Forwarding=== | |||
An alterative approach is using port forwarding to redirect traffic from your internet-facing port 443 to your H@H client listening on a non-privileged port. | |||
==Testing and Monitoring== | ==Testing and Monitoring== | ||
Revision as of 11:37, 21 March 2020
Prerequisites
- Basic familiarity with Linux.
- A server running Debian version 9 (Stretch) or newer, or Ubuntu version 16 (Xenial Xerus) or newer.
To use earlier versions you will need to determine how to install a Java 8 runtime, which may not be a straightforward process and is beyond the scope of this guide.
- Root access to your server (i.e.
su/sudo).
- PuTTY or any other SSH program to connect to your server. This allows for copying/pasting of commands.
- One or more 'active' Hentai@Home Clients on your account.
- An open port through which the client can accept connections from the internet, as explained in the minimum requirements section.
Check for firewall rules by running# iptables --list-rules.
- This guide assumes a server-style environment, typical of VPS/cloud-hosted systems. Installation on desktop or IoT systems, for example, may require doing some things differently.
Optional Tools
To perform the installation, you may also require the following:
- A command-line HTTP client such as
wgetorcurl.
- A zip-file extractor such as
unzip.
- A text editor such as
nanoorvi.
On some distributions, such as Minimal Ubuntu, standard command-line tools might not be present by default. Use # apt install to install these packages as needed.
Take Note
- Linux is case-sensitive with file names. Therefore, it is best to use lowercase names everywhere to make it easier for yourself.
- Commands starting with $ are to be run as current user, those starting with # as root.
- Before installing packages, refresh the package manager by running
# apt update.
- H@H 1.6.0 and above uses SSL certificates. For them to work properly, you need the ntp package, which keeps the server's date and time in sync. It is normally installed by default.
Overview
At a glance, the steps to install H@H are as follows, with further details in the subsequent sections:
- Install a Java version 8 (or newer) runtime environment.
- Obtain and configure the latest H@H client software.
- Define a service (systemd unit file) to run it.
Installing Java
Start by checking whether a Java runtime is already available by running:
$ java -version
A result such as openjdk version "1.8.0_242", where the version number is 1.8 or greater, indicates that your server has a suitable Java runtime and you can skip to the next section.
If you see a result such as java: command not found, no Java runtime is installed yet.
Examine the default JRE package:
# apt show default-jre-headless
You should expect to find a line in the output such as Depends: openjdk-8-jre-headless, java-common. If openjdk-7 or lower is listed instead, your OS version may be too old to install a Java 8 runtime by conventional means — refer to the Prerequisites section.
Install the JRE:
# apt install default-jre-headless
If you're planning to use H@H in GUI mode at any point, you should instead install the package default-jre (without the -headless suffix). Otherwise, the headless package will suffice.
Once complete, run $ java -version again to verify the result.
Preparing the H@H Client
It is recommended to create a dedicated service account to run the H@H client.
This is achieved with the command:
# adduser hath
Login as the newly created user, then download and extract the H@H client software:
(Replace VERSION with the version number of the latest release, which can be found on the Hentai@Home Clients page)
# login hath $ wget 'https://repo.e-hentai.org/hath/HentaiAtHome_VERSION.zip' $ unzip HentaiAtHome_VERSION.zip
Launch the client by running:
$ java -jar HentaiAtHome.jar
You should be prompted to enter your Client ID and Client Key, which can be found on the Hentai@Home Clients page.
Once the client has successfully authenticated with the server, press ctrl+C to quit the client, then proceed to the next section.
Defining the H@H Service
Use the following command to create a new unit file defining the service:
# systemctl edit hath.service --full --force
Insert the following text and save the file:
[Unit] Description=Hentai@Home After=local-fs.target remote-fs.target network.target [Service] Type=simple User=hath WorkingDirectory=/home/hath SuccessExitStatus=143 ExecStart=/usr/bin/java -jar HentaiAtHome.jar Restart=on-failure [Install] WantedBy=multi-user.target
(The line SuccessExitStatus=143 is needed because the Java process may return a non-zero exit code even after a graceful shutdown).
Now start the service:
# systemctl start hath
Using Port 443
H@H will work on most port numbers, however making it accessible on port 443 is recommended as more users will be able to connect to it.
On Linux, ports numbers below 1024 are considered privileged. Additional steps are required in order for H@H to utilise ports in the privileged range.
There are multiple options for achieving this. The most common approaches are as follows.
Before proceeding, stop the H@H service (# systemctl stop hath) and configure your client to use port 443 on the Hentai@Home Clients page.
POSIX Capabilities
The easiest solution is to enable the corresponding capability on the Java binary.
Firstly ensure the setcap utility is installed, by running:
# apt install libcap2-bin
Next, edit the H@H unit file again, and add the following line in the [Service] section:
ExecStartPre=+/bin/sh -c 'setcap "cap_net_bind_service=+ep" "$(readlink -f /usr/bin/java)"'<pre> This will ensure that the Java binary can bind to privileged ports before launching the H@H client. Now start the service again: <pre># systemctl start hath
Note that this approach may not be suitable if your system is using Java for other purposes as well. Using setcap has been known to cause adverse effects in some cases, so be sure to test any other Java applications present on your system.
Port Forwarding
An alterative approach is using port forwarding to redirect traffic from your internet-facing port 443 to your H@H client listening on a non-privileged port.
Testing and Monitoring
You can see the current status of your H@H service by running:
# systemctl status hath
The output should indicate whether the service is active, and shows the last few lines of console output from the H@H process itself.
You can also read the two log files log_out and log_err, which are found in /home/hath/log/.
One way to confirm that the client is listening for connections is to open https://ADDRESS:PORT/robots.txt in a web browser, where PORT is the port number configured for the client and ADDRESS is the internet-facing IP address of your server. If the connection is established the browser will most likely present a HTTPS certificate error – bypass the error and a text file should be served to you.
