Skip to content

Deployment Overview of TeamSpeak 3 Server on Server

Prerequisites and Basic Requirements

The deployment requires a Linux server running an operating system compatible with the apt package manager (e.g., Ubuntu or Debian). The following components must be available or installed: - Root or sudo privileges to install system packages and configure services. - A valid domain name or hostname configured to point to the server's IP address. - Network access to download the latest TeamSpeak 3 server binaries from the official repository. - System packages including php-fpm, php-mysql, php-cli, libapache2-mod-php, apache2, mysql-server, phpmyadmin, certbot, and python3-certbot-apache.

File and Directory Structure

The application files and configuration are organized within a dedicated home directory for the service user. The default structure includes: - {{ ts_home }}/files: Stores virtual file system data for the server. - {{ ts_home }}/logs: Contains server log files, including ts3server_1.log. - {{ ts_home }}/server: Holds the active server binaries and configuration files. - {{ ts_home }}/backup: Stores database backups. - {{ ts_home }}/ts3server.ini: The main configuration file for the TeamSpeak 3 server. - {{ ts_home }}/query_ip_whitelist.txt and {{ ts_home }}/query_ip_blacklist.txt: Files defining IP restrictions for query access. - {{ ts_home }}/ts3server_minimal_runscript.sh: The execution script for the server. - {{ ts_home }}/{{ ts_sqlitedb }}: The SQLite database file used for server data.

Application Installation Process

The TeamSpeak 3 server is installed by creating a dedicated system user and downloading the latest available version from the official repository. - A system user is created with a non-login shell (/bin/false) and a dedicated home directory. - The installation script retrieves the latest version number by parsing the index.html file from the download repository. - The server binary package (.tar.bz2) is downloaded and extracted into a version-specific directory. - A symbolic link named ts3server_latest is created to point to the current version directory, allowing for seamless updates. - The ts3server.ini configuration file is generated and placed in the home directory. - The ts3server_minimal_runscript.sh is copied to the home directory for execution.

Access Rights and Security

Security measures are implemented at the user, file, and network levels: - A dedicated system user is created to run the TeamSpeak 3 service, isolating it from other system processes. - The secure_mysql.sh script is executed to harden the MySQL installation by: - Setting a root password. - Removing anonymous users. - Disallowing remote root login. - Removing the test database. - File permissions are set to 0700 for the home directory and subdirectories (files, logs, server, backup). - Configuration files and database files are set to 0600 permissions. - Executable scripts are set to 0700 permissions. - The query_ip_whitelist.txt and query_ip_blacklist.txt files control which IP addresses can access the server query interface.

Databases

The TeamSpeak 3 server utilizes an internal SQLite database for storing server data. - The database file is located at {{ ts_home }}/{{ ts_sqlitedb }}. - During the initial installation, if the database file does not exist, the server generates a new one. - Before performing an update, the existing database file is automatically backed up to {{ ts_home }}/backup/. - A separate MySQL server is installed on the system to support phpMyAdmin, with a user admin created with full privileges (*.*:ALL).

Proxy Servers

The deployment includes an Apache web server configured to host phpMyAdmin and manage SSL certificates. - Apache is installed, started, and enabled to run on system boot. - The default Apache site configuration is cleared to prevent conflicts. - A symbolic link is created to enable the phpMyAdmin configuration in /etc/apache2/conf-enabled/. - phpMyAdmin is accessible via a symbolic link at /var/www/html/phpmyadmin. - Access to phpMyAdmin is restricted using HTTP Basic Authentication via an .htaccess file and an .htpasswd file located at /etc/phpmyadmin/.htpasswd. - Certbot is installed with the Apache plugin to obtain and manage SSL certificates for the server's hostname. - The SSL certificate is obtained non-interactively for the domain lamp{{ hostid }}.hostkey.in.

Permission Settings

Strict ownership and permission rules are enforced to ensure the security of the application: - The entire home directory {{ ts_home }} and all its contents are owned by the dedicated service user and group. - Directories (files, logs, server, backup) are set to mode 0700. - Configuration files (ts3server.ini, query_ip_whitelist.txt, query_ip_blacklist.txt) are set to mode 0600. - The systemd service file is set to mode 0644. - The ts3server_minimal_runscript.sh and other executables are set to mode 0700.

Starting, Stopping, and Updating

The TeamSpeak 3 server is managed as a systemd service. - The service file is created at {{ ts_service_path }}/{{ ts_service }}.service. - To start the service: 

systemctl start {{ ts_service }}
- To stop the service: 
systemctl stop {{ ts_service }}
- To restart the service: 
systemctl restart {{ ts_service }}
- Updates are performed by checking the repository for a newer version. If a newer version is found: 1. The current service is stopped. 2. The new version is downloaded and extracted. 3. The ts3server_latest symlink is updated to point to the new version. 4. The service is started. - Upon the first installation, the server generates an admin token which is logged in {{ ts_home }}/logs/ts3server_1.log and saved to /root/admintocken_teamspeak.out.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×