How to change port of Gunbot’s GUI for better security

As of Gunbot v8.0.3, Gunbot’s GUI (gunthy-gui) defaults to port 5000 and for security reasons, you might want to change it.

What’s Going On

Gunbot (XT, CS and RT) can run in two modes – by itself on the command-line (aka “Gunbot Core”) or with a GUI (aka “Gunbot GUI”).  Gunbot itself is the “gunthy” executable (named either gunthy.exe, gunthy-linx64, gunthy-macos, or gunthy-arm) and is what runs in both modes.  The GUI is optional.  The GUI (named gunthy-gui) presents a friendly interface for configuration, control and surface-level monitoring, and then runs the gunthy executable for you.

Both gunthy and gunthy-gui use what’s known as a network port to communicate with itself or other components.  For Gunbot, this is configured in the “ws” section of the config.js file and contains “port” and “clientport” settings- otherwise known as “Websockets”. For the GUI, this is an HTTP port, not configurable from the config.js file, and is part of the URL you can use to access the GUI, both locally on the box and from an external system.

The default port that Gunbot GUI runs on is 5000.  This means you would access “http://localhost:5000” when you’re actually accessing the system that runs Gunbot directly, or “http://<ip address>:5000” when accessing the system remotely.  If you have a DNS server or hosts file, you can configure those to point a user-friendly name to the IP address, such as myvpsisawesome.gunbotuniversity.com.  If you do that, you would still add the “:5000” at the end so the full URL is http://myvpsisawesome.gunbotuniversity.com:5000.

Why Security is Important to Some

If you leave the Gunbot GUI settings at default and use the default port of 5000, then you run the risk of being too-easily discovered by remote systems.  Once it’s known that the default port is 5000 for Gunbot, there are hackers, crawlers and systems such as http://shodan.io that can collect data and tell others that you’re running Gunbot.

I don’t know about you, but I’d rather my Gunbot GUI not be so easily found.  It won’t be long before we hear of some Gunbotter whose system was hacked, DDOS’ed or otherwise compromised and losses occur.

The first step in making your Gunbot more secure is to change from the default port.  There are other steps you can take, such as limiting the IP addresses that can talk to your server, and adding SSL certificate.  Those steps are not covered in this guide.

How to Fix

In order to change the default port that gunthy-gui uses, you need to set an “environment variable” called PORT to the port number you want the GUI to use.  Depending on what operating system you use, how you change this varies.

For Windows users, you set the port before you run the command:

set PORT=5003
gunthy-gui.exe

This should now make the GUI respond to URL with :5003 at the end instead of :5000.

You can also make a batch file to launch Gunbot GUI:

@echo off
set PORT=5003
start /d gunthy-gui.exe

For Linux/MAC/ARM users, you can do it all on one line.  From the directory gunbot is installed, running the following will launch the GUI and use port 5003:

env PORT=5003 ./gunthy-gui

If you use pm2, you can do the same thing on one line:

env PORT=5003 pm2 start ./gunthy-gui --name binance

Then use your normal pm2 list all and pm2 info binance and other commands to manage the gunthy-gui process.

Websocket port

It’s important to note that the PORT that the GUI uses to speak HTTP is not the “websocket” port or the “clientport” in the config file.

"ws": {
"port": 5001,
"clientport": 3000,
"hostname": "127.0.0.1"
},

This 5001 port here can be changed as well, but it needs to NOT conflict with any other port being used on the system.  You cannot use the same port for ws:port and PORT=xxxx.  They must be different ports.

Most of the time, you don’t need to change ws: port setting.  However, if you run multiple Gunbot instances on the same machine manually, then each port needs to be unique.

For example, the first time you install Gunbot on a machine, it can run with port:5000 for the GUI and port:5001 for ws:port.  If you put a second Gunbot instance in another folder and want to run it, you need to change ws:port from 5001 to something else, like 5003.  If you also wanted a second GUI running, you would use the changes described earlier, and maybe use 5002 for that.

Also, if you are accessing your Gunbot GUI from a remote system, you will want to change the hostname setting inside of ws to be the IP address or FQDN (fully-qualified domain name) of the machine running Gunbot GUI.  For example, if you’re using a VPS, you would put in the IP of the VPS. Otherwise, in Gunbot 8.0.3 and earlier, the GUI will be slow and open up a lot of websocket connections to a box that won’t respond.

For example:

"ws": {
"port": 5021,
"clientport": 3000,
"hostname": "4.2.2.1"
},

Or

"ws": {
"port": 5021,
"clientport": 3000,
"hostname": "myawesomegunbot.gunbotuniversity.com"
},

Gunbot version 9 no longer uses websockets and doesn’t require the hostname update.

Note: in previous versions, running multiple GUIs, even when changing the port, didn’t work well for me.  I haven’t tested it in version 8.  Instead, I just spin a new VPS for another instance so that I’m not subject to any IP address problems, resource constraints, or interoperability issues.

Summary:

  1. If you keep default settings for things like what port the GUI listens to, you increase your risks.
  2. It’s fairly trivial to change the GUI port so you’re not so easily found.
  3. The “PORT” environment variable dictates which port the GUI uses for HTTP.