Skip to content

Deployment Overview of Linux Game Server Manager (LGSM and Web-LGSM) on Server

Prerequisites and Basic Requirements

The deployment requires a Debian-based Linux distribution. The system must have sudo privileges configured to allow the application user to execute commands without a password prompt. The following base dependencies are installed on the server to support the application:

  • bsdmainutils
  • bzip2
  • jq
  • lib32gcc-s1
  • lib32stdc++6
  • netcat
  • pigz
  • unzip
  • git
  • python3
  • python3-venv
  • python3-pip

The application user, defined as lgsm_user, is created with the /bin/bash shell and added to the sudo group. The /tmp directory is configured with 1777 permissions to ensure proper operation of temporary file operations.

File and Directory Structure

The application files are organized within the home directory of the lgsm_user. The primary components are located as follows:

  • LGSM Installation: Located in {{ home_dir }}/{{ server_name }}.
  • Web-LGSM Repository: Located in {{ home_dir }}/{{ web_lgsm_dir }}.
  • Web-LGSM Backend Script: {{ home_dir }}/{{ web_lgsm_dir }}/web-lgsm.py.
  • Web-LGSM Installer: {{ home_dir }}/{{ web_lgsm_dir }}/install.sh.
  • Ansible Temporary Directory: {{ home_dir }}/.ansible_tmp.
  • Nginx and Certbot Configuration: Located in /root/nginx.
  • Nginx User Configuration: Mounted at /data/nginx/user_conf.d.
  • Let's Encrypt Secrets: Stored in the nginx_secrets volume at /etc/letsencrypt.

Application Installation Process

The installation process involves downloading the core LGSM script and cloning the Web-LGSM repository.

  1. LGSM Core Installation: The linuxgsm.sh script is downloaded from https://linuxgsm.sh to the user's home directory. The script is executed with the specific server name argument to generate the game server instance. After execution, the linuxgsm.sh script is removed from the system.

  2. Web-LGSM Installation: The Web-LGSM repository is cloned from https://github.com/BlueSquare23/web-lgsm.git into the designated directory. The install.sh script within the repository is made executable and run to complete the web interface setup.

  3. Systemd Service Creation: A systemd unit file is created at /etc/systemd/system/web-lgsm.service to manage the Web-LGSM backend. This service is configured to start automatically on boot and restart on failure.

Access Rights and Security

Security configurations are applied to ensure the application runs with the correct privileges while maintaining system integrity.

  • Sudo Configuration: The lgsm_user is granted passwordless sudo access via a configuration file in /etc/sudoers.d/. The requiretty, targetpw, and rootpw defaults are explicitly removed or validated to ensure non-interactive sudo operations function correctly.
  • Directory Permissions:
    • /etc/sudoers.d is set to 0750 with root ownership.
    • /tmp is set to 1777 with root ownership.
    • The user's temporary directory {{ home_dir }}/.ansible_tmp is set to 0700 with lgsm_user ownership.
  • Service Isolation: The Web-LGSM backend runs as a systemd service, isolating the process from direct user shell execution.

Databases

The provided configuration data does not specify a database connection method, storage location, or specific database settings for the Linux Game Server Manager or Web-LGSM components.

Docker Containers and Their Deployment

Docker is utilized to deploy the Nginx reverse proxy and Certbot for SSL management. The deployment uses a docker compose configuration located at /root/nginx/compose.yml.

The nginx service is configured with the following parameters: - Image: jonasal/nginx-certbot:latest - Restart Policy: unless-stopped - Network Mode: host - Environment: - CERTBOT_EMAIL is set to [email protected]. - Additional environment variables are loaded from /data/nginx/nginx-certbot.env. - Volumes: - nginx_secrets (external) mounted to /etc/letsencrypt. - /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d. - /home mounted to /home.

The container is started using the command docker compose up -d within the /root/nginx directory.

Proxy Servers

The Nginx container acts as a reverse proxy and handles SSL certificate management via Certbot.

  • SSL Certificates: Managed by the jonasal/nginx-certbot image, storing secrets in the nginx_secrets volume.
  • Configuration: Custom Nginx configurations are placed in the host directory /data/nginx/user_conf.d, which is mounted into the container.
  • Domain Handling: The proxy is configured to handle traffic for custom domains, with the email [email protected] registered for certificate renewal notifications.

Permission Settings

File and directory permissions are strictly enforced during the deployment process:

  • Sudoers Files: Configuration files in /etc/sudoers.d are set to 0440 with root ownership.
  • Web-LGSM Directory: The main directory {{ home_dir }}/{{ web_lgsm_dir }} is set to 0755 with lgsm_user ownership.
  • Installer Script: The install.sh script is set to 0755.
  • Systemd Unit File: The service file /etc/systemd/system/web-lgsm.service is set to 0644 with root ownership.
  • Nginx Configuration Directory: The /root/nginx directory is set to 0644 with root ownership.

Starting, Stopping, and Updating

The Web-LGSM backend is managed via the systemd service manager.

  • Start Service: systemctl start web-lgsm.service
  • Stop Service: systemctl stop web-lgsm.service
  • Enable on Boot: systemctl enable web-lgsm.service
  • Reload Daemon: systemctl daemon-reload (required after modifying the unit file)

The service is configured to listen on 127.0.0.1 port 12357. Health checks verify the service is responding with HTTP status codes 200, 301, 302, 401, or 403.

For the Docker-based Nginx proxy: - Start/Update: docker compose up -d executed from /root/nginx. - Stop: docker compose down executed from /root/nginx.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×