/
Run zend from a specified lower port using authbind

Run zend from a specified lower port using authbind

Jun 03, 2022

  • Set port variable

  • Install and configure authbind

  • Update firewall rule

  • Overwrite zend systemd unit files and reload the daemon

  • Replace port 9033 with new port in zen.conf

  • Restart zend and zentracker

NOTE: After executing the following steps for this guide, if you have a need to run zend manually, you will need to instead use the following: authbind --deep /usr/bin/zend

  • If you need to run zend manually or need to run a rescan or reindex, those would be accomplished as follows

    • authbind --deep /usr/bin/zend

    • authbind --deep /usr/bin/zend --rescan

    • authbind --deep /usr/bin/zend --reindex

Description

Command

Description

Command

1

Set a port variable, replace <port> with your port number, remove <brackets>

PORT=<port>
2

Install and configure authbind using the custom port set in the previous step

sudo apt-get install authbind -y
sudo touch /etc/authbind/byport/$PORT
sudo chown $USER /etc/authbind/byport/$PORT
chmod 755 /etc/authbind/byport/$PORT
3

Add your port to your firewall rule set

sudo ufw allow $PORT/tcp
4

Overwrite existing zend systemd unit file, copy and paste the entire block of text

echo \ "[Unit] Description=Zen daemon [Service] User=$USER Type=forking ExecStart=/usr/bin/authbind --deep /usr/bin/zend -daemon -pid=$HOME/.zen/zend.pid PIDFile=$HOME/.zen/zend.pid Restart=always RestartSec=10 [Install] WantedBy=multi-user.target" | sudo tee /lib/systemd/system/zend.service
5

Overwrite existing zenupdate systemd unit file, copy and paste the entire block of text

echo \ "[Unit] Description=zenupdate.service [Service] Type=oneshot ExecStart=/usr/bin/certbot -q renew --deploy-hook \"cat /etc/letsencrypt/live/$FQDN/chain.pem|sudo awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > \"/usr/local/share/ca-certificates/intermediate-cert\" n \".crt\"}' && update-ca-certificates --fresh && systemctl restart zend\" PrivateTmp=true" | sudo tee /lib/systemd/system/zenupdate.service
6

Overwrite existing zenupdate timer systemd unit file, copy and paste the entire block of text

echo \ "[Unit] Description=Run zenupdate unit twice a month @ 06:00:00 (UTC) [Timer] OnCalendar=*-*-01 06:00:00 OnCalendar=*-*-03 06:00:00 Unit=zenupdate.service Persistent=true [Install] WantedBy=timers.target" | sudo tee /lib/systemd/system/zenupdate.timer
7

Reload the systemd daemon to load the changes

sudo systemctl daemon-reload
8

Replace port 9033 with new port in zen.conf

sed -i "s/port=9033/port=$PORT/g" ~/.zen/zen.conf
9

Remove the old 9033 firewall rule

sudo ufw delete allow 9033/tcp
10

Restart zend and zentracker

sudo systemctl restart zend zentracker