Containerized Servers for Technical Minecraft
This project aims to provide a system for running a Fabric Minecraft server(with Carpet!) inside a Podman(or Docker) container for improved security.
The project is developed for and tested with Podman, but Docker likely works near identically. OpenRC currently the only supported init system, but it should not be too hard to write a service script for SystemD. Feel free to submit a PR if you write a script for SystemD to use with this project.
This branch aims to support the latest version of Minecraft, but it should not be hard to make this work with older versions as well. Feel free to submit a PR to support other versions.
Current Minecraft Version: 1.19.2
- Linux
- Podman
- OpenRC
-
Create a new user. For example:
useradd -m -G <GROUPS> -s /bin/bash <USERNAME>
Include groupwheelto allow temporary root access. -
Login as the new user.
-
Create a directory to store server persistent server files in. For example:
mkdir ~/server/
-
While logged in as a non-root user, pull the Container Image from DockerHub.
podman pull docker.io/thecydonian/container_carpet_server:latest -
Run the Container with the following command. Replace
<VOLUME PATH>with the absolute path to your persistent server files directory (e.g./home/minecraft/server/).
podman container run \
--tty \
--interactive \
--volume <VOLUME PATH>:/server/:U,Z \
--publish 25565:25565/tcp \
container_carpet_server:latest
-
After populating your volume directory by installing Fabric, Carpet, and Lithium, the container should fail since you have not agreed to the EULA yet. Run
podman unshare vi <VOLUME PATH>/eula.txtor replace vi with your preferred editor. Once the file is open, replaceeula=falsewitheula=true. Note: Since the volume directory is now owned by a non-root user inside the container, to modify contained files, any command must followpodman unshareto run it in the correct namespace. -
Run
podman start -lto restart the container. It should now run properly, and you should be able to connect to the server on the host system's IP address on port 25565.
To automate starting and stopping the server, we can use OpenRC. Setup is simple.
-
Clone this repository:
git clone https://github.com/theCydonian/ContainerCarpetServer.git -
Enter the repository:
cd ContainerCarpetServer/ -
Modify the init script where necessary. Set the
volume_pathvariable to the absolute path to your volume directory and set thecommand_uservariable to be your user. You can edit the file with:vi openrc/container-carpet-server -
Copy init script to
/etc/init.d/as root. This can be accomplished by running:sudo cp openrc/container-carpet-server /etc/init.d/ -
Start the service.
sudo rc-service container-carpet-server start -
Set this service to start on boot.
sudo rc-update add container-carpet-server default
Keeping server backups is usually a good idea in case anything goes wrong. We are going to use cronie to perform daily backups.
For example, after running crontab -e, simply input the following line:
00 00 * * * /home/minecraft/backup.sh
Alternatively this can be added to /etc/crontab.
At midnight every day this backup script will run as root.
Change the user to the user you run the container under, and change the script
location to where you store the backup script. You can also change the
frequency of backups. The Useful Links section of this
README has information on how to use the /etc/crontab file.
Here is an example backup.sh:
#!/bin/bash
date=$(date +"%Y%m%d%H%M%S%3N")
tar -czf /path/to/backup/dir/${date}.tar.gz \
--directory=/path/to/volume/dir/ .
- You can set an alternative startup command by placing a startup.sh to be run inside the volume directory.
- When configuring your server, run commands under
podman unsharefor the correct permissions. - You can attach to your running server container with
podman attach -l. - You can detach from a running container with
ctrl+pthenctrl+q.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent