Deployment Overview of Linux Game Server Manager (LGSM and Web-LGSM) on Server¶

Prerequisites and Basic Requirements¶

The deployment requires a Debian-based Linux distribution with the following specifications:

• Operating System: Debian or Ubuntu (tested with apt package manager).

• Privileges: Root access or a user with sudo privileges is required for initial setup.

• User Account: A dedicated system user named mcbserver is created during installation.

• Dependencies: The following packages are installed as part of the setup:

• bsdmainutils, bzip2, jq, lib32gcc-s1, lib32stdc++6, netcat, pigz, unzip, git, python3, python3-venv, python3-pip.

• Ports:

• Internal application port: 12357 (localhost only).

• External HTTPS port: 443.

FQDN of the Final Panel¶

The Web-LGSM panel is accessible via the following Fully Qualified Domain Name (FQDN) format:

• Domain: hostkey.in

• Prefix: web-lgsm

• Format: <prefix><Server ID>.hostkey.in:<port>

• Example: web-lgsmmcbserver.hostkey.in:443

File and Directory Structure¶

The application files, configuration, and data are organized within the home directory of the mcbserver user.

• User Home Directory: /home/mcbserver

• LGSM Server Directory: /home/mcbserver/mcbserver

• Web-LGSM Directory: /home/mcbserver/web-lgsm

• Nginx Configuration Directory: /root/nginx

• Nginx User Configuration: /data/nginx/user_conf.d

• SSL Certificates: Stored in the Docker volume nginx_secrets mounted at /etc/letsencrypt within the container.

• Ansible Temporary Directory: /home/mcbserver/.ansible_tmp

Application Installation Process¶

The installation process involves setting up the Linux Game Server Manager (LGSM) and the Web-LGSM interface.

1. User Creation: A system user mcbserver is created with sudo privileges and passwordless sudo access.

2. LGSM Installation:

   • The linuxgsm.sh script is downloaded to /home/mcbserver/linuxgsm.sh.

   • The script is executed to generate the mcbserver game server instance.

   • The linuxgsm.sh script is removed after successful execution.

3. Web-LGSM Installation:

   • The Web-LGSM repository is cloned from https://github.com/BlueSquare23/web-lgsm.git into /home/mcbserver/web-lgsm.

   • The install.sh script within the Web-LGSM directory is executed to finalize the setup.

4. Service Registration:

   • A systemd service unit file is created at /etc/systemd/system/web-lgsm.service.

   • The service is enabled and started automatically.

Access Rights and Security¶

Security configurations are applied to ensure proper access control and system stability.

• Sudo Configuration:

• The mcbserver user is added to the sudo group.

• Passwordless sudo is enabled via /etc/sudoers.d/99-mcbserver-nopasswd.

• The requiretty and targetpw/rootpw defaults are explicitly removed to ensure non-interactive sudo execution.

• Directory Permissions:

• /tmp and /var/tmp are set to mode 1777.

• The user-specific temporary directory /home/mcbserver/.ansible_tmp is set to mode 0700.

• Service Isolation:

• The Web-LGSM backend runs as the mcbserver user, not root.

• The backend listens only on 127.0.0.1:12357, preventing direct external access to the application port.

Docker Containers and Their Deployment¶

Docker is utilized to run the Nginx reverse proxy and manage SSL certificates via Certbot.

• Docker Installation: Docker is installed on the host system.

• Compose File Location: /root/nginx/compose.yml

• Container Image: jonasal/nginx-certbot:latest

• Deployment Method: The container is deployed using docker compose up -d.

• Container Configuration:

• Network Mode: host

• Restart Policy: unless-stopped

• Environment Variables:

  • CERTBOT_EMAIL: [email protected]

• Volumes:

  • nginx_secrets (external) mounted to /etc/letsencrypt.

  • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

  • /home mounted to /home to allow access to user directories.

Proxy Servers¶

Nginx acts as the reverse proxy to handle external traffic and SSL termination.

• Proxy Software: Nginx (via Docker container).

• SSL Management: Certbot is integrated within the Nginx container for automatic SSL certificate generation and renewal.

• External Port: 443 (HTTPS).

• Internal Routing: Traffic from port 443 is proxied to the internal Web-LGSM service running on 127.0.0.1:12357.

• Configuration Path: Custom Nginx configurations are stored in /data/nginx/user_conf.d.

Permission Settings¶

File and directory permissions are strictly defined to maintain system integrity.

Location of Configuration Files and Data¶

The following locations contain the primary configuration files and data for the deployed services:

• Systemd Service Unit: /etc/systemd/system/web-lgsm.service

• Web-LGSM Application: /home/mcbserver/web-lgsm/web-lgsm.py

• LGSM Game Server: /home/mcbserver/mcbserver

• Nginx Compose File: /root/nginx/compose.yml

• Nginx Environment File: /data/nginx/nginx-certbot.env

• Sudoers Override: /etc/sudoers.d/99-mcbserver-nopasswd

Available Ports for Connection¶

The following ports are configured for the application:

• Port 443: HTTPS traffic for the Web-LGSM panel (external access).

• Port 12357: Internal Web-LGSM backend (localhost only, not exposed externally).

Starting, Stopping, and Updating¶

The Web-LGSM backend is managed as a systemd service.

• Start Service:

  sudo systemctl start web-lgsm.service
  

• Stop Service:

  sudo systemctl stop web-lgsm.service
  

• Restart Service:

  sudo systemctl restart web-lgsm.service
  

• Enable Service on Boot:

  sudo systemctl enable web-lgsm.service
  

• Check Service Status:

  sudo systemctl status web-lgsm.service
  

• Reload Systemd Daemon (after modifying the unit file):

  sudo systemctl daemon-reload
  

For the Nginx proxy container, use the following commands in the /root/nginx directory:

• Start/Update Container:

  docker compose up -d
  

• Stop Container:

  docker compose down