Deployment Overview of MCSManager and Palworld Server on Server¶

Prerequisites and Basic Requirements¶

Operating System: Ubuntu (compatible with apt package manager).
Privileges: Root access or sudo privileges are required to install Docker and manage system services.
Domain: A valid domain name (panel_domain) is required for the reverse proxy and SSL certificate generation.
Ports:
Port 80 (HTTP) and 443 (HTTPS) for the Nginx proxy.
Port 23333 for the MCSManager web interface (internal).
Port 24444 for the MCSManager daemon (internal).
Port 8211 (UDP) for the Palworld game server.
Port 25575 (TCP) for RCON (Remote Console) access.

The deployment utilizes the following directory structure for configuration, data, and certificates:

/opt/mcsm/daemon/data: Stores data for the MCSManager daemon.
/opt/mcsmanager-web-data: Stores data for the MCSManager web interface.
{{ proxy_base_dir }}/nginx/conf.d: Contains Nginx configuration files for HTTP and HTTPS.
{{ proxy_base_dir }}/letsencrypt: Stores Let's Encrypt SSL certificates.
{{ proxy_base_dir }}/www: Webroot directory used by Certbot for ACME challenges.
{{ palworld_data_dir }}: Persistent storage location for the Palworld server data.

The system installs Docker and required dependencies before deploying the application components.

Docker Installation: The Docker engine and docker-compose-plugin are installed via the apt package manager.
MCSManager Daemon:
Image: ngc7331/mcsmanager-daemon:latest
Container Name: mcsm-daemon
The daemon is configured to restart unless stopped and maps port 24444.
MCSManager Web Interface:
Image: ngc7331/mcsmanager-web:latest
Container Name: mcsm-web
The web interface is configured to restart unless stopped and maps port 23333.
Palworld Server:
The Palworld instance is created dynamically via the MCSManager API.
Image: kagurazakanyaa/palworld:latest
Container Name: palworld-{{ server_id }}
The instance is configured as a Docker process type within the MCSManager panel.

The deployment utilizes Docker containers for the management panel, proxy, and game server.

MCSManager Containers

The mcsm-daemon container mounts /opt/mcsm/daemon/data and the Docker socket (/var/run/docker.sock).
The mcsm-web container mounts /opt/mcsmanager-web-data to /opt/mcsm/web/data.

Proxy Containers The proxy stack is managed via a docker-compose.yml file located in {{ proxy_base_dir }}.

Nginx:
Image: nginx:alpine
Container Name: palworld-proxy
Network Mode: host
Volumes:
- {{ proxy_base_dir }}/nginx/conf.d mounted to /etc/nginx/conf.d (read-only).
- {{ proxy_base_dir }}/letsencrypt mounted to /etc/letsencrypt.
- {{ proxy_base_dir }}/www mounted to /var/www/certbot.
Certbot:
Image: certbot/certbot
Container Name: palworld-certbot
Volumes:
- {{ proxy_base_dir }}/letsencrypt mounted to /etc/letsencrypt.
- {{ proxy_base_dir }}/www mounted to /var/www/certbot.

Palworld Container Configuration The Palworld server container is configured with the following environment variables:

Nginx acts as a reverse proxy for both the MCSManager panel and the daemon, handling SSL termination via Let's Encrypt.

SSL Certificate Management

Certificates are obtained using Certbot via the HTTP-01 challenge.
The certificate is requested for {{ panel_domain }}.
If a certificate already exists in {{ proxy_base_dir }}/letsencrypt/live/{{ panel_domain }}/fullchain.pem, the process skips generation.

Nginx Configuration

HTTP Redirect: Port 80 listens for {{ panel_domain }} and redirects all traffic to HTTPS (301). It also serves the ACME challenge directory at /.well-known/acme-challenge/.
HTTPS Panel: Port 443 listens for {{ panel_domain }} with SSL enabled.
Certificates are loaded from /etc/letsencrypt/live/{{ panel_domain }}/.
Traffic is proxied to http://127.0.0.1:{{ internal_port }} (MCSManager web).
Headers Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto are preserved.
WebSocket upgrades are supported.
HTTPS Daemon: A separate server block listens on {{ daemon_external_port }} with SSL.
Traffic is proxied to http://127.0.0.1:{{ daemon_internal_port }} (MCSManager daemon).
WebSocket upgrades are supported.

Firewall: The system exposes ports 80, 443, 8211 (UDP), and 25575 (TCP) for external access. Internal ports 23333 and 24444 are bound to localhost (127.0.0.1) and accessed only through the Nginx proxy.
Authentication:
The MCSManager panel is initialized with a default administrator account.
Username: admin
Password: Set to the system SSH password ({{ ansible_ssh_pass }}).
Daemon Connection: The daemon is registered with the panel using a unique API key generated in /opt/mcsm/daemon/data/Config/global.json.
Palworld Security: The game server requires a password for both player access and RCON administration, both set to the system password during deployment.

Service Management:
The Nginx proxy container (palworld-proxy) is managed via Docker Compose.
The MCSManager containers (mcsm-daemon, mcsm-web) are managed directly via Docker with a restart policy of unless-stopped.
The Palworld server instance is managed through the MCSManager web interface API.
Initialization:
The deployment script waits for the web panel to become available on port 23333.
It automatically creates the admin user via the /api/auth/install endpoint.
It logs in to obtain an authentication token.
It registers the local daemon with the panel using the /api/service/remote_service endpoint.
It creates the Palworld instance via the /api/instance endpoint and starts it via /api/protected_instance/open.
Updates:
To update the application, pull the latest images for ngc7331/mcsmanager-daemon, ngc7331/mcsmanager-web, and kagurazakanyaa/palworld.
Restart the containers to apply changes.