Running with systemd
Running the agent as a systemd service ensures it starts automatically on boot and restarts if it crashes.
Prerequisites
Section titled “Prerequisites”- Linux system with systemd
- EpochProxy agent installed to
/usr/local/bin/epoch-agent - Agent already activated (has valid state file)
Quick Setup
Section titled “Quick Setup”1. Create the Service File
Section titled “1. Create the Service File”sudo nano /etc/systemd/system/epoch-agent.servicePaste the following:
[Unit]Description=EpochProxy AgentDocumentation=https://docs.epochproxy.cloudAfter=network-online.targetWants=network-online.target
[Service]Type=simpleUser=rootExecStart=/usr/local/bin/epoch-agent --state-file /var/lib/epoch-agent/state.jsonRestart=alwaysRestartSec=10StandardOutput=journalStandardError=journal
# Security hardening (optional but recommended)NoNewPrivileges=trueProtectSystem=strictProtectHome=read-onlyReadWritePaths=/var/lib/epoch-agent
[Install]WantedBy=multi-user.target2. Create State Directory
Section titled “2. Create State Directory”sudo mkdir -p /var/lib/epoch-agent3. Initial Activation
Section titled “3. Initial Activation”If you haven’t activated the agent yet, run it manually first:
sudo epoch-agent --activation-code YOUR_CODE --state-file /var/lib/epoch-agent/state.jsonPress Ctrl+C after you see “Agent is ready”.
4. Enable and Start the Service
Section titled “4. Enable and Start the Service”# Reload systemd to recognize the new servicesudo systemctl daemon-reload
# Enable the service to start on bootsudo systemctl enable epoch-agent
# Start the service nowsudo systemctl start epoch-agent5. Verify It’s Running
Section titled “5. Verify It’s Running”sudo systemctl status epoch-agentYou should see “active (running)”.
Managing the Service
Section titled “Managing the Service”View Status
Section titled “View Status”sudo systemctl status epoch-agentStart/Stop/Restart
Section titled “Start/Stop/Restart”sudo systemctl start epoch-agentsudo systemctl stop epoch-agentsudo systemctl restart epoch-agentView Logs
Section titled “View Logs”# Recent logssudo journalctl -u epoch-agent -n 50
# Follow logs in real-timesudo journalctl -u epoch-agent -f
# Logs since bootsudo journalctl -u epoch-agent -bDisable Auto-Start
Section titled “Disable Auto-Start”sudo systemctl disable epoch-agentRunning as Non-Root User
Section titled “Running as Non-Root User”For additional security, run the agent as a dedicated user:
1. Create the User
Section titled “1. Create the User”sudo useradd --system --no-create-home --shell /usr/sbin/nologin epoch-agent2. Set Up Directories
Section titled “2. Set Up Directories”sudo mkdir -p /var/lib/epoch-agentsudo chown epoch-agent:epoch-agent /var/lib/epoch-agent3. Update the Service File
Section titled “3. Update the Service File”Change the User line:
[Service]User=epoch-agentGroup=epoch-agent4. Reload and Restart
Section titled “4. Reload and Restart”sudo systemctl daemon-reloadsudo systemctl restart epoch-agentConfiguration with Config File
Section titled “Configuration with Config File”Instead of command-line arguments, use a config file:
1. Create Config Directory
Section titled “1. Create Config Directory”sudo mkdir -p /etc/epoch-agent2. Create Config File
Section titled “2. Create Config File”sudo nano /etc/epoch-agent/config.toml[api]url = "https://api.epochproxy.cloud"
[shell]path = "/bin/bash"3. Update Service File
Section titled “3. Update Service File”ExecStart=/usr/local/bin/epoch-agent --config /etc/epoch-agent/config.toml --state-file /var/lib/epoch-agent/state.jsonTroubleshooting
Section titled “Troubleshooting”Service Won’t Start
Section titled “Service Won’t Start”Check the logs:
sudo journalctl -u epoch-agent -n 100 --no-pagerPermission Denied Errors
Section titled “Permission Denied Errors”Ensure the state directory is writable:
sudo chown -R epoch-agent:epoch-agent /var/lib/epoch-agentService Keeps Restarting
Section titled “Service Keeps Restarting”The agent may be failing to connect. Check:
- Network connectivity to
api.epochproxy.cloud - Valid activation code or state file
- Firewall rules allowing outbound connections