Skip to content

Deployment Overview of TeamSpeak 3 Server on Server

Prerequisites and Basic Requirements

The deployment requires a Linux server running an operating system compatible with the apt package manager (e.g., Ubuntu or Debian). The following components must be available or installed:

  • Root or sudo privileges to install system packages and configure services.

  • A valid domain name or hostname configured to point to the server's IP address.

  • Network access to download the latest TeamSpeak 3 server binaries from the official repository.

  • System packages including php-fpm, php-mysql, php-cli, libapache2-mod-php, apache2, mysql-server, phpmyadmin, certbot, and python3-certbot-apache.

File and Directory Structure

The application files and configuration are organized within a dedicated home directory for the service user. The default structure includes:

  • {{ ts_home }}/files: Stores virtual file system data for the server.

  • {{ ts_home }}/logs: Contains server log files, including ts3server_1.log.

  • {{ ts_home }}/server: Holds the active server binaries and configuration files.

  • {{ ts_home }}/backup: Stores database backups.

  • {{ ts_home }}/ts3server.ini: The main configuration file for the TeamSpeak 3 server.

  • {{ ts_home }}/query_ip_whitelist.txt and {{ ts_home }}/query_ip_blacklist.txt: Files defining IP restrictions for query access.

  • {{ ts_home }}/ts3server_minimal_runscript.sh: The execution script for the server.

  • {{ ts_home }}/{{ ts_sqlitedb }}: The SQLite database file used for server data.

Application Installation Process

The TeamSpeak 3 server is installed by creating a dedicated system user and downloading the latest available version from the official repository.

  • A system user is created with a non-login shell (/bin/false) and a dedicated home directory.

  • The installation script retrieves the latest version number by parsing the index.html file from the download repository.

  • The server binary package (.tar.bz2) is downloaded and extracted into a version-specific directory.

  • A symbolic link named ts3server_latest is created to point to the current version directory, allowing for seamless updates.

  • The ts3server.ini configuration file is generated and placed in the home directory.

  • The ts3server_minimal_runscript.sh is copied to the home directory for execution.

Access Rights and Security

Security measures are implemented at the user, file, and network levels:

  • A dedicated system user is created to run the TeamSpeak 3 service, isolating it from other system processes.

  • The secure_mysql.sh script is executed to harden the MySQL installation by:

  • Setting a root password.

  • Removing anonymous users.

  • Disallowing remote root login.

  • Removing the test database.

  • File permissions are set to 0700 for the home directory and subdirectories (files, logs, server, backup).

  • Configuration files and database files are set to 0600 permissions.

  • Executable scripts are set to 0700 permissions.

  • The query_ip_whitelist.txt and query_ip_blacklist.txt files control which IP addresses can access the server query interface.

Databases

The TeamSpeak 3 server utilizes an internal SQLite database for storing server data.

  • The database file is located at {{ ts_home }}/{{ ts_sqlitedb }}.

  • During the initial installation, if the database file does not exist, the server generates a new one.

  • Before performing an update, the existing database file is automatically backed up to {{ ts_home }}/backup/.

  • A separate MySQL server is installed on the system to support phpMyAdmin, with a user admin created with full privileges (*.*:ALL).

Proxy Servers

The deployment includes an Apache web server configured to host phpMyAdmin and manage SSL certificates.

  • Apache is installed, started, and enabled to run on system boot.

  • The default Apache site configuration is cleared to prevent conflicts.

  • A symbolic link is created to enable the phpMyAdmin configuration in /etc/apache2/conf-enabled/.

  • phpMyAdmin is accessible via a symbolic link at /var/www/html/phpmyadmin.

  • Access to phpMyAdmin is restricted using HTTP Basic Authentication via an .htaccess file and an .htpasswd file located at /etc/phpmyadmin/.htpasswd.

  • Certbot is installed with the Apache plugin to obtain and manage SSL certificates for the server's hostname.

  • The SSL certificate is obtained non-interactively for the domain lamp{{ hostid }}.hostkey.in.

Permission Settings

Strict ownership and permission rules are enforced to ensure the security of the application:

  • The entire home directory {{ ts_home }} and all its contents are owned by the dedicated service user and group.

  • Directories (files, logs, server, backup) are set to mode 0700.

  • Configuration files (ts3server.ini, query_ip_whitelist.txt, query_ip_blacklist.txt) are set to mode 0600.

  • The systemd service file is set to mode 0644.

  • The ts3server_minimal_runscript.sh and other executables are set to mode 0700.

Starting, Stopping, and Updating

The TeamSpeak 3 server is managed as a systemd service.

  • The service file is created at {{ ts_service_path }}/{{ ts_service }}.service.

  • To start the service: 

    systemctl start {{ ts_service }}

  • To stop the service: 

    systemctl stop {{ ts_service }}

  • To restart the service: 

    systemctl restart {{ ts_service }}

  • Updates are performed by checking the repository for a newer version. If a newer version is found:

  • The current service is stopped.

  • The new version is downloaded and extracted.

  • The ts3server_latest symlink is updated to point to the new version.

  • The service is started.

  • Upon the first installation, the server generates an admin token which is logged in {{ ts_home }}/logs/ts3server_1.log and saved to /root/admintocken_teamspeak.out.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×