How to change port of Gunbot’s GUI for better security

As of Gunbot v8.0.3, Gunbot’s GUI (gunthy-gui) defaults to port 5000 and for security reasons, you might want to change it. (the default for

What’s Going On

Gunbot v8 and later (XT, CS and RT) can run in two modes – by itself on the command-line (aka “Gunbot Core”) or with a GUI (aka “Gunbot GUI”).

Gunbot v8, v9: Gunbot itself is the “gunthy” executable (named either gunthy.exe, gunthy-linx64, gunthy-macos, or gunthy-arm) and is what runs in both modes.  The GUI is optional.  The GUI (named gunthy-gui) presents a friendly interface for configuration, control and surface-level monitoring, and then runs the gunthy executable for you.

Gunbot v10 and later: Gunbot executable is just one file, and based on your configuration file (config.js), it will either run in “Gunbot Core” mode or “Gunbot GUI” mode.  This is in the “GUI” section of the config file.

“enabled”: [true | false]
“start”: [true | false]
“port”: 5000

In Gunbot v10 and up, if “enabled” is true, then the GUI will run on the “port” specified.  “start” indicates whether or not Gunbot Core should automatically start when Gunbot runs.

Both gunthy and gunthy-gui use what’s known as a network port to communicate with itself or other components.  For Gunbot, this is configured in the “ws” section of the config.js file and contains “port” and “clientport” settings. For the GUI, this is an HTTP port (not configurable from the config.js file in Gunbot versions before v10) and is part of the URL you can use to access the GUI, both locally on the box and from an external system.

Default port

The default port that Gunbot GUI runs on is 5000.  This means you would access “http://localhost:5000” when you’re actually accessing the system that runs Gunbot directly, or “http://<ip address>:5000” when accessing the system remotely.  If you have a DNS server or hosts file, you can configure those to point a user-friendly name to the IP address, such as myvpsisawesome.gunbotuniversity.com.  If you do that, you would still add the “:5000” at the end so the full URL is http://myvpsisawesome.gunbotuniversity.com:5000.  Without the “:5000” at the end, then your browser tries to connect to port 80 (http) or port 443 (https) and this won’t work.

Why Security is Important to Some

If you leave the Gunbot GUI settings at default and use the default port of 5000, then you run the risk of being too-easily discovered by remote systems.  Once it’s known that the default port is 5000 for Gunbot, there are hackers, crawlers and systems such as http://shodan.io that can collect data and tell others that you’re running Gunbot.  Shodan even has a gunbot query already set up so that you can search for Gunbots on the network.

I don’t know about you, but I’d rather my Gunbot GUI not be so easily found.  It won’t be long before we hear of some Gunbotter whose system was hacked, DDOS’ed or otherwise compromised and losses occur.

The first step in making your Gunbot more secure is to change from the default port.  There are other steps you can take, such as using a VPN to access your GUI, limiting the IP addresses that can talk to your server, on these ports, and adding SSL certificates (Gunbot v8, v9 require a reverse proxy; Gunbot v10 and up can have SSL natively supported if you have a certificate).  Those steps are not covered in this guide.

How to Fix

Change your port number

How to change your port number is different with various Gunbot versions.  You want to pick a port number that makes sense and will work:

  1. Well known ports are ports 0 – 1023. You should not pick these ports unless you know what you’re doing and have taken appropriate security precautions.
  2. Registered ports are 1024 – 49151.  It’s ok to pick a port in this range, as long as you don’t pick a port that conflicts with something else running on your machine.  You may or may not want to use common registered ports that systems frequently search for, like 8000, 8080
  3. Make sure you do not pick the same port that’s listed in config file under ws:port.  or clientport.  Generally, this means avoiding 5001 and 3000.
  4. Dynamic / private ports are those from 49152 to 65535.

Gunbot v10 and later:

In the `config.js` file, Change the “GUI”: port parameter from something other than port 5000.

"GUI": {
   "enabled": true,
   "start": false,
   "port": 5000, <--- change this

For example, if you change it to 5158, then you would access Gunbot GUI at http://<your IP address>:5158

Gunbot v8, v9:

In order to change the default port that gunthy-gui uses, you need to set an “environment variable” called PORT to the port number you want the GUI to use.  Depending on what operating system you use, how you change this varies.

For Windows users, you set the port before you run the command:

set PORT=5003
gunthy-gui.exe

This should now make the GUI respond to URL with :5003 at the end instead of :5000.

You can also make a batch file to launch Gunbot GUI:

@echo off
set PORT=5003
start /d gunthy-gui.exe

For Linux/MAC/ARM users, you can do it all on one line.  From the directory gunbot is installed, running the following will launch the GUI and use port 5003:

env PORT=5003 ./gunthy-gui

If you use pm2, you can do the same thing on one line:

env PORT=5003 pm2 start ./gunthy-gui --name binance

Then use your normal pm2 list all and pm2 info binance and other commands to manage the gunthy-gui process.

Websocket port

It’s important to note that the PORT that the GUI uses to speak HTTP is not the “clientport” in the config file.

"ws": {
"port": 5001,
"clientport": 3000,
"hostname": "127.0.0.1"
},

In Gunbot v8, websockets were important and it impacted how clients talked with graphs and such on the GUI.  This is less so in later versions and supposedly websockets are not used at all.  However, both of these ports *are* used.

This 5001 port here can be changed as well, but it needs to NOT conflict with any other port being used on the system.  You cannot use the same port for ws:port and PORT=xxxx.  They must be different ports.

Multiple instances on same device

Most of the time, you don’t need to change ws: port setting.  However, if you run multiple Gunbot instances on the same machine manually, then each port needs to be unique.

For example, the first time you install Gunbot on a machine, it can run with port:5000 for the GUI and port:5001 for ws:port.  If you put a second Gunbot instance in another folder and want to run it, you need to change ws:port from 5001 to something else, like 5003.  If you also wanted a second GUI running, you would use the changes described earlier, and maybe use 5002 for that.

Also, if you are accessing your Gunbot GUI from a remote system, you will want to change the hostname setting inside of ws to be the IP address or FQDN (fully-qualified domain name) of the machine running Gunbot GUI.  For example, if you’re using a VPS, you would put in the IP of the VPS. Otherwise, in Gunbot 8.0.3 and earlier, the GUI will be slow and open up a lot of websocket connections to a box that won’t respond (again, this was much more the case in Gunbot v8 than later versions, but I still highly recommend changing hostname anyway)

For example:

"ws": {
"port": 5021,
"clientport": 3000,
"hostname": "4.2.2.1"
},

Or

"ws": {
"port": 5021,
"clientport": 3000,
"hostname": "myawesomegunbot.gunbotuniversity.com"
},

Gunbot version 9 no longer uses websockets and doesn’t officially require the hostname update, although GBU still recommends the change.

Note: in previous versions, running multiple GUIs, even when changing the port, didn’t work well for me.  I haven’t tested it in version 8.  Instead, I just spin a new VPS for another instance so that I’m not subject to any IP address problems, resource constraints, or interoperability issues.  As of version 10, there aren’t any known issues with this.

Summary:

  1. If you keep default settings for things like what port the GUI listens to, you increase your risks.
  2. It’s fairly trivial to change the GUI port so you’re not so easily found.
  3. While the instructions differ for older versions, the port can be configured in the config.js file under the GUI: port setting.