Skip to content

Deployment Overview of MCSManager and Palworld Server on Server

Prerequisites and Basic Requirements

  • Operating System: Ubuntu (compatible with apt package manager).
  • Privileges: Root access or sudo privileges are required to install Docker and manage system services.
  • Domain: A valid domain name (panel_domain) is required for the reverse proxy and SSL certificate generation.
  • Ports:
  • Port 80 (HTTP) and 443 (HTTPS) for the Nginx proxy.
  • Port 23333 for the MCSManager web interface (internal).
  • Port 24444 for the MCSManager daemon (internal).
  • Port 8211 (UDP) for the Palworld game server.
  • Port 25575 (TCP) for RCON (Remote Console) access.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates: - /opt/mcsm/daemon/data: Stores data for the MCSManager daemon. - /opt/mcsmanager-web-data: Stores data for the MCSManager web interface. - {{ proxy_base_dir }}/nginx/conf.d: Contains Nginx configuration files for HTTP and HTTPS. - {{ proxy_base_dir }}/letsencrypt: Stores Let's Encrypt SSL certificates. - {{ proxy_base_dir }}/www: Webroot directory used by Certbot for ACME challenges. - {{ palworld_data_dir }}: Persistent storage location for the Palworld server data.

Application Installation Process

The system installs Docker and required dependencies before deploying the application components. - Docker Installation: The Docker engine and docker-compose-plugin are installed via the apt package manager. - MCSManager Daemon: - Image: ngc7331/mcsmanager-daemon:latest - Container Name: mcsm-daemon - The daemon is configured to restart unless stopped and maps port 24444. - MCSManager Web Interface: - Image: ngc7331/mcsmanager-web:latest - Container Name: mcsm-web - The web interface is configured to restart unless stopped and maps port 23333. - Palworld Server: - The Palworld instance is created dynamically via the MCSManager API. - Image: kagurazakanyaa/palworld:latest - Container Name: palworld-{{ server_id }} - The instance is configured as a Docker process type within the MCSManager panel.

Docker Containers and Their Deployment

The deployment utilizes Docker containers for the management panel, proxy, and game server.

MCSManager Containers - The mcsm-daemon container mounts /opt/mcsm/daemon/data and the Docker socket (/var/run/docker.sock). - The mcsm-web container mounts /opt/mcsmanager-web-data to /opt/mcsm/web/data.

Proxy Containers The proxy stack is managed via a docker-compose.yml file located in {{ proxy_base_dir }}. - Nginx: - Image: nginx:alpine - Container Name: palworld-proxy - Network Mode: host - Volumes: - {{ proxy_base_dir }}/nginx/conf.d mounted to /etc/nginx/conf.d (read-only). - {{ proxy_base_dir }}/letsencrypt mounted to /etc/letsencrypt. - {{ proxy_base_dir }}/www mounted to /var/www/certbot. - Certbot: - Image: certbot/certbot - Container Name: palworld-certbot - Volumes: - {{ proxy_base_dir }}/letsencrypt mounted to /etc/letsencrypt. - {{ proxy_base_dir }}/www mounted to /var/www/certbot.

Palworld Container Configuration The Palworld server container is configured with the following environment variables: - PORT: 8211 - PLAYERS: 16 - MULTITHREADING: true - SERVER_NAME: Palworld-{{ server_id }} - SERVER_DESCRIPTION: Auto deployed - ADMIN_PASSWORD: Set to the system password. - SERVER_PASSWORD: Set to the system password. - RCON_ENABLED: true - RCON_PORT: 25575 - TZ: UTC (default)

Proxy Servers

Nginx acts as a reverse proxy for both the MCSManager panel and the daemon, handling SSL termination via Let's Encrypt.

SSL Certificate Management - Certificates are obtained using Certbot via the HTTP-01 challenge. - The certificate is requested for {{ panel_domain }}. - If a certificate already exists in {{ proxy_base_dir }}/letsencrypt/live/{{ panel_domain }}/fullchain.pem, the process skips generation.

Nginx Configuration - HTTP Redirect: Port 80 listens for {{ panel_domain }} and redirects all traffic to HTTPS (301). It also serves the ACME challenge directory at /.well-known/acme-challenge/. - HTTPS Panel: Port 443 listens for {{ panel_domain }} with SSL enabled. - Certificates are loaded from /etc/letsencrypt/live/{{ panel_domain }}/. - Traffic is proxied to http://127.0.0.1:{{ internal_port }} (MCSManager web). - Headers Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto are preserved. - WebSocket upgrades are supported. - HTTPS Daemon: A separate server block listens on {{ daemon_external_port }} with SSL. - Traffic is proxied to http://127.0.0.1:{{ daemon_internal_port }} (MCSManager daemon). - WebSocket upgrades are supported.

Access Rights and Security

  • Firewall: The system exposes ports 80, 443, 8211 (UDP), and 25575 (TCP) for external access. Internal ports 23333 and 24444 are bound to localhost (127.0.0.1) and accessed only through the Nginx proxy.
  • Authentication:
  • The MCSManager panel is initialized with a default administrator account.
  • Username: admin
  • Password: Set to the system SSH password ({{ ansible_ssh_pass }}).
  • Daemon Connection: The daemon is registered with the panel using a unique API key generated in /opt/mcsm/daemon/data/Config/global.json.
  • Palworld Security: The game server requires a password for both player access and RCON administration, both set to the system password during deployment.

Starting, Stopping, and Updating

  • Service Management:
  • The Nginx proxy container (palworld-proxy) is managed via Docker Compose.
  • The MCSManager containers (mcsm-daemon, mcsm-web) are managed directly via Docker with a restart policy of unless-stopped.
  • The Palworld server instance is managed through the MCSManager web interface API.
  • Initialization:
  • The deployment script waits for the web panel to become available on port 23333.
  • It automatically creates the admin user via the /api/auth/install endpoint.
  • It logs in to obtain an authentication token.
  • It registers the local daemon with the panel using the /api/service/remote_service endpoint.
  • It creates the Palworld instance via the /api/instance endpoint and starts it via /api/protected_instance/open.
  • Updates:
  • To update the application, pull the latest images for ngc7331/mcsmanager-daemon, ngc7331/mcsmanager-web, and kagurazakanyaa/palworld.
  • Restart the containers to apply changes.
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×