[Support] ich777 - Gameserver Dockers

ich777

By ich777
in Docker Containers

Recommended Posts

Recommended

Posted by ich777,

Yes, but you do this with the Variable in the 'Show More Settings' section of the Template.   Keep in mind that for every container the Game Port itself has to be set in the GAME_PORT variable like mentioned above.     This is the way you would do it (this is tested and working btw):

Valheim - add multiple Valheim Servers to Unraid

Recommended by ich777

  • Upvote
  • Thanks
  • Like

5 reactions

Go to this post
Recommended

Posted by Cyd,

This will hopefully shed some light on the underside working bits of building a cluster of servers for ARK:SurvivalEvolved.   With the inspiration (read thievery) from @growlith I present the A3C (ARK Cluster Companion Container). It and the accompanying XLM files should allow for a fairly simple stand up of a new ARK server cluster.   https://github.com/CydFSA/A3C   Go to the github, fetch the XMLs for however many servers you want to use in your new cluster, salt
Recommended by ich777
  • Thanks
  • Like

12 reactions

Go to this post
Recommended

Posted by luckyy,

Just thought I'd share my experience setting up a Valheim server with this docker app from @ich777(thank you!)   You don't need to worry about Steam authentication for Valheim, the default anonymous user can download and host a server (yay!), so no fuss with Steam users or Steam Guard to worry about. Deploy the docker as provided, leaving username & password blank. The Server Name field is important, this is how your name will appear in the public server list in Valh

Valheim

Recommended by ich777

  • Thanks
  • Like

19 reactions

Go to this post
ich777 Grand Master

ich777

Posted
  • Author
Posted
7 hours ago, Emenblade said:

Some of the folks on the tripwire forums were talking about iptables, firewalld, and or fail2ban.

I think that's kind of unrealistic because a game server is not a web server in general.

Of course you could use GeoBlock but this is a feature which your Firewall needs to support.

 

7 hours ago, Emenblade said:

Or in your opinion is that something I'd have to do at the router level?

It would be always be better to do it on the Router/Firewall side from my perspective.

 

7 hours ago, Emenblade said:

I guess what I'd like to do is come up with a solution to it given that tripwire hasn't and I sincerely doubt they're going to given how little they seemed to have cared to fix their game over the last few years.

I wasn't even aware of this that you could do that with a dedicated server as you've explained above because usually they own use their own dedicated "proprietary" protocol which only should answer to real requests that come from the client side.

Link to comment
  • Replies 10.3k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

ich777
ich777

Summary: Support Thread for ich777 Gameserver Dockers (CounterStrike: Source & ConterStrike: GO, TeamFortress 2, ArmA III,... - complete list in the second post) Application: SteamCMD Do

luckyy
luckyy

Just thought I'd share my experience setting up a Valheim server with this docker app from @ich777(thank you!)   You don't need to worry about Steam authentication for Valheim, the default a

ich777
ich777

Dockers Available so far:   SteamCMD DedicatedServers: CounterStrike: Source CounterStrike 2 TeamFortress 2 ArmA3 - requested by @MrSage Deathmatch Classi

Posted Images

Emenblade Noob

Emenblade

Posted
Posted
19 minutes ago, ich777 said:

I wasn't even aware of this that you could do that with a dedicated server as you've explained above because usually they own use their own dedicated "proprietary" protocol which only should answer to real requests that come from the client side.

Yeah the problem is that the connection handshake is all udp. Because there's no requirement for an actual handshake before data starts flowing, if the hacker doesn't have their network traffic filtered(BCP 38) they can send these packets with the wrong return address. I'm assuming all they needed to do is copy whatever the normal connection request looks like and change the ip in it. Kinda blows my mind how powerful it is when distributed. 

So in the spirit of learning new things I've been doing research all evening on how I could implement the fix posted in the tripwire forum post I linked way up there. Here. But I've gotten stuck, they essentially as far as I can tell, use the game server log, to detect when they are getting hit, if ~5 connection attempts happen in quick succession, they take the ip from that and tell the firewalld thing to dump future packets from that address. Now were fairly certain those attempts aren't actually originating from those ips but it is still a way to identify the packets and drop them before the game server sees them, and starts shooting out data.
 

So I figured, okay I could setup a script to do that using the scripts plugin, shouldn't be that hard, if it doesn't work ill shut the port again! Well I tried to do this any way, got stuck when bash didn't recognize the firewall command. Tried to do some more googling, figuring that unraid which is based on Slackware should have some of this built in some where. but so far my googling returns mainly posts about how unraid needs to be ran behind a fire wall and isn't designed to do firewall-y things. 

So I think I'm stuck, my router is from my isp, cant be tinkered with tooo too much, and I don't have any hardware lying around to turn into a hardware firewall. Plus even if I did, the current "fix" requires reading of the server logs, which I suppose it could over a network share, but that just doesn't seem like the way to do this sort of thing, even to a novice like myself. 

So now I'm trying to figure out how docker networking works, to see if perhaps this is something I could do inside the container, so as not to mess up the rest of the docker stuff... But to be honest, I think I may just play some thing else for a while instead! hahah!

 

Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
16 minutes ago, Emenblade said:

Yeah the problem is that the connection handshake is all udp. Because there's no requirement for an actual handshake before data starts flowing, if the hacker doesn't have their network traffic filtered(BCP 38) they can send these packets with the wrong return address. I'm assuming all they needed to do is copy whatever the normal connection request looks like and change the ip in it. Kinda blows my mind how powerful it is when distributed. 

Are you really sure that this is possible? The above is almost true for every game server, how else would you establish the connection?

Do yave you any other reports from this or some more in depth documentation?

 

19 minutes ago, Emenblade said:

So in the spirit of learning new things I've been doing research all evening on how I could implement the fix posted in the tripwire forum post I linked way up there. Here. But I've gotten stuck, they essentially as far as I can tell, use the game server log, to detect when they are getting hit, if ~5 connection attempts happen in quick succession, they take the ip from that and tell the firewalld thing to dump future packets from that address. Now were fairly certain those attempts aren't actually originating from those ips but it is still a way to identify the packets and drop them before the game server sees them, and starts shooting out data.

But this tutorial describes how to mitigate DDOS attacks on your server, I basically can't help there because that's modding the server/container and I usually don't support this because modding is up to the user, TBH I even don't play KF2.

 

21 minutes ago, Emenblade said:

So I figured, okay I could setup a script to do that using the scripts plugin, shouldn't be that hard, if it doesn't work ill shut the port again! Well I tried to do this any way, got stuck when bash didn't recognize the firewall command. Tried to do some more googling, figuring that unraid which is based on Slackware should have some of this built in some where. but so far my googling returns mainly posts about how unraid needs to be ran behind a fire wall and isn't designed to do firewall-y things. 

But you have to understand that you have to install this all in the container and my containers are based on Debian and you have to install the appropriate software there and not on the host (Unraid).

 

Unraid is a Application server and not a General purpose server, so to speak, you run the application (KF2 Docker) on Unraid and you expose the ports from the application to the world wide web not from Unraid.

Link to comment
Emenblade Noob

Emenblade

Posted
Posted

Honestly that's kinda great news, if I'm understanding you correctly, it's theoretically possible to install a firewall inside the gameserver docker. That's great I think? It's late o'clock here but I'll definitely be poking around tomorrow to see how I'm gonna do that!

 

Yeah in regards to the handshake thing. I'll be honest I'm not sure. I know the access requests are coming in on UDP. Because if I close off that UDP port 7777 the attack stops. The rest of what I've written about it is what I've come to understand reading that other forum and a cursory google search. I feel like other games must do a TCP handshake before trying to initiate the UDP connection. From what I understand that would stop this sort of attack from working at all. But then again I'm a mechanic not an IT professional or developer or something. So I don't really know. 

 

I also just want to say thanks for looking at the issue at all for me, 😊. Like this really has nothing to do with the docker you made at all. That works ✓%100 great. Just like all of the other dockers you've made that I've used so far. 

 

 

Link to comment
Alyred Rookie

Alyred

Posted
Posted

Hi @ich777! Thanks for you work on all these game servers.

It appears that Core Keeper has updated again on Feb 23, 2023 to v. 0.5.2.5 where they are saying they've "fixed dedicated server not working in docker containers", but it seems to be causing a segfault again on my docker instances now:

 

/opt/scripts/start-server.sh: line 84:   116 Segmentation fault      ${SERVER_DIR}/CoreKeeperServer -batchmode -logfile ${SERVER_DIR}/CoreKeeperServerLog.txt -world ${WORLD_INDEX} -worldname "${WORLD_NAME}" -datapath "${SERVER_DIR}/Save" ${GAME_PARAMS} 2 > /dev/null
Terminated

Link to comment
Emenblade Noob

Emenblade

Posted
Posted
4 hours ago, ich777 said:

Definitely not the case for most games.

I'm wondering why only KF2 is affected and not other games too which are based on the UnrealEngine...

Weird! Yeah I mean I had satisfactory running for about a month. It even uses some of the same ports. Perhaps they limit the number of active connection requests, or include a player ID of some sort in the thing. Or the worst timeline, this is just the beginning 🥶😭

Link to comment
Saiba Samurai Noob

Saiba Samurai

Posted
Posted
On 2/5/2023 at 2:06 AM, ich777 said:

I think the game isn‘t released yet or am I wrong?

AFAIK the developers plan to release a dedicated server but I have to buy the game first and look into how things are working an also if they release a native Linux dedicated server version.

It's released and I'm super excited to hear if you have any new information.  Thanks for responding!

Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
4 hours ago, Saiba Samurai said:

It's released and I'm super excited to hear if you have any new information.  Thanks for responding!

Please do your research first or even read a few post above yours.

 

They haven‘t released a dedicated server yet, so to speak, I can‘t create a container for something that doesn‘t exist.

  • Like 1
  • Haha 1
Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
6 minutes ago, M2k said:

it looks like, that you can pay/rent a server, but i did not test it yet

That‘s actually true but that is changing nothing on the situation here.

 

Please remember it was the same thing for TheForest, first you could rent servers and after half a year or so you could create your own dedicated servers.

  • Like 1
Link to comment
Mrtj18 Apprentice

Mrtj18

Posted
Posted (edited)

I set up a left4dead 2 server and I see it in my steam group server at the bottom of my main menu screen, in my lan connection menu, and I can connect to it using my server IP address followed by the port number.

And others outside my network can connect to it as well using my IP address and port.

 

My question is, how can I make sure it shows in the public list for random people to join? Because people can only connect using my IP address.

 

Because when I check the steam token for left4dead2 it shows that it's never connected. But When my csgo server I set up for test purposes with no mods installed it shows up as active. And joinable in the server browser menu.

 

By the way my left 4 dead sever has mods installed.

 

server config attached.

 

Also whe sv_cheat 1 is on i cannot find it on the lan page or history page. only the steam server group is avalible 

 

Any help appreciated.

 

IMG_20230225_152712.jpg

server.cfg

Edited by Mrtj18
Link to comment
machineglow Noob

machineglow

Posted
Posted (edited)

Hey Guys,

 

Spun up a valhaim server last night and after some intial issues, was running fine with -crossplay in the game args.

 

I rebooted my server today and now the valheim docker container no longer works, hanging on some error messages with playfab.  

 

see: https://github.com/lloesche/valheim-server-docker/issues/583

 

Was it just a fluke that i had crossplay working last night or was there a server side update today that broke crossplay compatibility?

 

In the meantime, removing -crossplay from the game args seems to work.  but my friends on xbox are =(

 

Thanks!

Edited by machineglow
  • Like 1
Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
18 hours ago, Mrtj18 said:

Because when I check the steam token for left4dead2 it shows that it's never connected. But When my csgo server I set up for test purposes with no mods installed it shows up as active. And joinable in the server browser menu.

Usually you have to do nothing and don't need to create a token for L4D2 but things maybe changed.

 

If you want to add a token to the dedicated server you actually have to append this to the GAME_PARAMS in the template: 

+sv_setsteamaccount YOURTOKEN

(of course replace YOURTOKEN with your token)

 

As far as I can tell you have set up everything correctly in terms of the token.

 

Have you yet tried if you can see the server in the server list from outside your network, often hair pin NAT prevent the server from showing up when searching in your local network for it.

Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
18 hours ago, machineglow said:

I rebooted my server today and now the valheim docker container no longer works, hanging on some error messages with playfab.  

Seems like Playfab is having issues again, this would not be the first time that something wont work on their side.

 

18 hours ago, machineglow said:

In the meantime, removing -crossplay from the game args seems to work.  but my friends on xbox are =(

If that is working, then it's definitely a issue on their side.

If you enable Playfab you are basically not connecting or better speaking not using the official server list because you connect first to Playfab wich "proxies" through the traffic to the official servers and if a user on a console tries to connect it contacts Playfab's "proxy" first and then establishes the connection.

Hope that makes some kind of sense to you...

 

I've not heard of much issues with Playfab (-crossplay) but it can cause random disconnects and other weird things to happen like in your case and I really can't do much about it...

The container definitely works with -crossplay because I've tested it and updated the container about half a year ago to be fully compatible.

Link to comment
Mrtj18 Apprentice

Mrtj18

Posted
Posted
1 hour ago, ich777 said:

 

Have you yet tried if you can see the server in the server list from outside your network, often hair pin NAT prevent the server from showing up when searching in your local network for it.

Im not sure what you mean by hair pin NAT or even if I have that.

 

But when I use my steam deck boot up left 4 dead 2 and connect to it via my cell phones hot spot so im not on my local network. The server is only viewable in my saved favorites section. It does not show in the internet section, custom games, or lan ( for obvious reasons, because I'm no longer on my LAN network) So If I don't use the connect command in the console followed by my ip address I cant connect to the server.

Link to comment
ich777 Grand Master

ich777

Posted
  • Author
Posted
34 minutes ago, SwordServers said:

Do you have a tutorial video showing exactly how to change around minecraft settings. I need a forge server with minecraft 1.12.2. New to unraid so i do not want to mess anything up.

Sadly enough no... or at least I don't know if there exists one which uses my container.

But it should be not that difficult to do but I have to also say that I don't like Forge that much and I've only took a quick look at it back in the day but switched over to Bukkit/Spigot.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing