Skip to content

Deployment Overview of Linux Game Server Manager (LGSM and Web-LGSM) on Server

Prerequisites and Basic Requirements

The following environment specifications are required to deploy and run the application:

  • Operating System: Debian-based Linux distribution (e.g., Ubuntu, Debian).

  • Privileges: Root access or a user with sudo privileges is required for the initial setup.

  • User Account: A dedicated system user named mcbserver is created during installation.

  • Network Ports:

    • Port 443 (HTTPS) for external web access via the reverse proxy.

    • Port 12357 (TCP) for the internal Web-LGSM backend service.

  • Dependencies: The installation script automatically installs the following packages:

    • bsdmainutils

    • bzip2

    • jq

    • lib32gcc-s1

    • lib32stdc++6

    • netcat

    • pigz

    • unzip

    • git

    • python3

    • python3-venv

    • python3-pip

FQDN of the Final Panel

The Web-LGSM panel is accessible via the following Fully Qualified Domain Name (FQDN) format on the hostkey.in domain:

  • URL: web-lgsm<ServerID>.hostkey.in:443

    • Replace <ServerID> with the specific identifier assigned to the server.

    • The path is set to /.

File and Directory Structure

The application and its components are organized within the home directory of the mcbserver user. The primary locations are:

  • User Home Directory: /home/mcbserver

  • Linux Game Server Manager (LGSM) Directory: /home/mcbserver/mcbserver

  • Web-LGSM Directory: /home/mcbserver/web-lgsm

  • Web-LGSM Python Script: /home/mcbserver/web-lgsm/web-lgsm.py

  • Ansible Temporary Directory: /home/mcbserver/.ansible_tmp

  • Systemd Service Unit: /etc/systemd/system/web-lgsm.service

  • Nginx/Certbot Configuration: /root/nginx

  • Nginx Compose File: /root/nginx/compose.yml

  • SSL Certificates: Stored in the external Docker volume nginx_secrets mounted at /etc/letsencrypt.

Application Installation Process

The deployment process involves creating a user, installing dependencies, and deploying both the LGSM core and the Web-LGSM interface.

  1. User Creation: The user mcbserver is created with a home directory at /home/mcbserver and is added to the sudo group.

  2. LGSM Deployment:

    • The script linuxgsm.sh is downloaded to the user's home directory.

    • The script is executed to create the mcbserver directory structure.

    • The source script linuxgsm.sh is removed after successful creation.

  3. Web-LGSM Deployment:

    • The web-lgsm directory is prepared.

    • The repository https://github.com/BlueSquare23/web-lgsm.git is cloned to the directory, checking out the master branch.

    • The installation script install.sh is made executable and run within the web-lgsm directory.

  4. Service Activation:

    • A systemd service unit file is created at /etc/systemd/system/web-lgsm.service.

    • The service is enabled and started, ensuring the backend listens on 127.0.0.1:12357.

Access Rights and Security

Security measures and access controls are implemented as follows:

  • Sudo Configuration:

    • The mcbserver user is granted passwordless sudo access (NOPASSWD: ALL) via a dedicated entry in /etc/sudoers.d/99-mcbserver-nopasswd.

    • The requiretty default is explicitly removed from sudoers to allow non-interactive sudo execution.

    • The targetpw and rootpw defaults are removed to ensure compatibility with NOPASSWD.

  • Directory Permissions:

    • The /etc/sudoers.d directory is owned by root:root with permissions 0750.

    • The /tmp directory is set to 1777 (sticky bit) to ensure safe temporary file creation.

    • The user-specific temporary directory /home/mcbserver/.ansible_tmp is created with 0700 permissions.

  • User Restrictions: The application processes run under the mcbserver user context, isolating them from the root user where possible.

Databases

The provided configuration data does not specify external database connections, storage locations, or specific database settings for the LGSM or Web-LGSM components. The application appears to manage game server state and configuration through local file structures within the user's home directory.

Docker Containers and Their Deployment

A Docker-based proxy and SSL management stack is deployed using docker compose to handle external traffic.

  • Docker Compose Location: /root/nginx/compose.yml

  • Image: jonasal/nginx-certbot:latest

  • Deployment Method: Executed via docker compose up -d.

  • Container Configuration:

    • Network Mode: host (uses the host network stack).

    • Restart Policy: unless-stopped.

    • Environment Variables:

    • Volumes:

      • nginx_secrets: Mapped to /etc/letsencrypt for SSL certificate storage.

      • /data/nginx/user_conf.d: Mapped to /etc/nginx/user_conf.d for custom Nginx configurations.

      • /home: Mapped to /home to access user data.

Proxy Servers

The application utilizes a reverse proxy to expose the internal Web-LGSM service on standard HTTPS ports.

  • Proxy Software: Nginx managed via the jonasal/nginx-certbot Docker container.

  • SSL/TLS: Managed automatically by Certbot within the container.

  • Routing Configuration:

    • External Port: 443

    • External Path: /

    • Internal Target: 127.0.0.1:12357

    • Internal Path: Empty (root path)

  • Custom Domain: The proxy is configured to serve the hostkey.in zone with the prefix web-lgsm.

Permission Settings

File and directory permissions are strictly defined to ensure security and proper operation:

  • Home Directory: /home/mcbserver is owned by mcbserver.

  • LGSM Directory: /home/mcbserver/mcbserver is owned by mcbserver.

  • Web-LGSM Directory: /home/mcbserver/web-lgsm is owned by mcbserver with permissions 0755.

  • Systemd Service File: /etc/systemd/system/web-lgsm.service is owned by root:root with permissions 0644.

  • Nginx Config Directory: /root/nginx is owned by root with permissions 0644.

  • Compose File: /root/nginx/compose.yml is owned by root with permissions 0644.

Location of Configuration Files and Data

The following paths contain the primary configuration files and data directories for the deployed system:

  • LGSM Configuration: Located within /home/mcbserver/mcbserver.

  • Web-LGSM Configuration: Located within /home/mcbserver/web-lgsm.

  • Nginx Custom Configs: /data/nginx/user_conf.d (host path) mapped to /etc/nginx/user_conf.d (container path).

  • Nginx Environment Variables: /data/nginx/nginx-certbot.env (referenced in Docker Compose).

  • Systemd Unit File: /etc/systemd/system/web-lgsm.service.

Available Ports for Connection

The following ports are configured for connectivity:

  • Port 443: External HTTPS traffic handled by the Nginx Docker container.

  • Port 12357: Internal TCP port where the Web-LGSM backend service listens on 127.0.0.1.

Starting, Stopping, and Updating

The Web-LGSM service is managed via systemd. The LGSM game server processes are managed through their respective command-line interfaces.

Service Management Commands

To manage the Web-LGSM backend service:

  • Start: 

    sudo systemctl start web-lgsm.service

  • Stop: 

    sudo systemctl stop web-lgsm.service

  • Restart: 

    sudo systemctl restart web-lgsm.service

  • Enable on Boot: 

    sudo systemctl enable web-lgsm.service

  • Check Status: 

    sudo systemctl status web-lgsm.service

Docker Management Commands

To manage the Nginx/Certbot container stack:

  • Start/Deploy: 

    cd /root/nginx
docker compose up -d

  • Stop: 

    cd /root/nginx
docker compose down

  • Logs: 

    docker compose logs -f

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×