A smart, automated wizard that configures everything needed to connect the Hermes Desktop app to a remote Hermes backend server.
No YAML editing. No manual systemd setup. One command does it all.
Run this on your remote Linux machine:
curl -fsSL https://raw.githubusercontent.com/MiaAI-Lab/HermesGW-Desktop-setup/main/setup-gateway.sh | bashThat's it. It generates credentials, starts the server, and sets up a systemd service — all with sensible defaults.
⚠️ Requires Hermes v0.18.0+. If you get'hermes serve' not available, runhermes updatefirst.
bash setup-gateway.shbash setup-gateway.sh myuser MySecurePass123 9119curl -fsSL https://raw.githubusercontent.com/MiaAI-Lab/HermesGW-Desktop-setup/main/setup-gateway.sh | bash -s -- --clean- Detects your network — finds your LAN and Tailscale IPs automatically
- Checks prerequisites — Hermes CLI,
hermes servesubcommand, systemd, openssl - Creates credentials — username, password, and a stable auth secret that survives restarts
- Configures the backend — starts
hermes serveon your chosen port - Sets up systemd — creates a service with
Restart=alwaysso it bounces back if it crashes - Enables linger — so the server starts on boot even without you logging in
- Prints final instructions — exact URL, credentials, and Desktop app steps
bash setup-gateway.shUses sensible defaults: admin username, auto-generated password, port 9119.
bash setup-gateway.sh myuser MySecurePass123 9119Arguments: [username] [password] [port]
bash setup-gateway.sh --clean
# or with custom values
bash setup-gateway.sh --clean myuser MySecurePass123 9119The --clean flag skips the "already configured" check and overwrites existing credentials.
INTERACTIVE=1 bash setup-gateway.shPrompts for every choice with a 10-second timeout. If you don't respond, uses the default.
- Open Settings → Gateway
- Under Remote gateway, enter:
http://<your-lan-ip>:9119 - Click Sign in
- Enter the username and password
- Click Save and reconnect
# Check status
systemctl --user status hermes-serve.service
# Start/stop/restart
systemctl --user start hermes-serve.service
systemctl --user stop hermes-serve.service
systemctl --user restart hermes-serve.service
# View logs
journalctl --user -u hermes-serve.service -f- LAN-only: Username/password auth is for trusted networks (LAN/Tailscale only)
- Internet exposure: Use OAuth (Nous Portal) instead of basic auth for public access
- Password: Generated automatically if not provided. At least 8 characters recommended
- Secret: A stable auth secret is generated and stored in
~/.hermes/.envso sessions survive restarts - File permissions: The
.envfile is set to600(owner-only read/write)
| File | Purpose |
|---|---|
~/.hermes/.env |
Auth credentials (username, password, secret) |
~/.config/systemd/user/hermes-serve.service |
Systemd service unit |
| Issue | Fix |
|---|---|
hermes not found |
Install Hermes CLI: curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash |
'hermes serve' not available |
Upgrade: hermes update (v0.18.0+ required) |
| Port already in use | Use a different port: bash setup-gateway.sh admin pass 9120 |
| Service won't start | Check logs: journalctl --user -u hermes-serve.service -n 50 |
| Can't connect from Desktop app | Verify IP with hostname -I, ensure firewall allows port 9119 |
| Want to reconfigure | Run with --clean: bash setup-gateway.sh --clean |
- Linux with systemd (user services)
- Hermes Agent v0.18.0+ (
hermescommand on PATH) - openssl (for secret generation)
- Network access on the chosen port