Merge pull request #185 from ita-sammann/new-docker-bundle

New docker bundle
This commit is contained in:
knoxfighter 2020-10-28 01:19:51 +01:00 committed by GitHub
commit 92899e353c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 249 additions and 214 deletions

View File

@ -47,6 +47,6 @@ clean:
@-rm app/style.css.map
@-rm -r app/fonts/vendor/
@-rm -r app/images/vendor/
@-rm -r node_modules/
@-rm -rf node_modules/
@-rm -r pkg/
@-rm -r factorio-server-manager

2
docker/.dockerignore Normal file
View File

@ -0,0 +1,2 @@
/fsm-data
/factorio-data

6
docker/.env Normal file
View File

@ -0,0 +1,6 @@
ADMIN_USER=admin
ADMIN_PASS=factorio
RCON_PASS=
COOKIE_ENCRYPTION_KEY=
DOMAIN_NAME=<YOUR DOMAIN NAME>
EMAIL_ADDRESS=<YOUR EMAIL ADDRESS>

2
docker/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/fsm-data
/factorio-data

View File

@ -1,29 +1,28 @@
# glibc is required for Factorio Server binaries to run
# Glibc is required for Factorio Server binaries to run
FROM frolvlad/alpine-glibc
ENV FACTORIO_VERSION=latest \
MANAGER_VERSION=0.8.2 \
ADMIN_PASSWORD=factorio
ADMIN_USER=admin \
ADMIN_PASS=factorio \
RCON_PASS="" \
COOKIE_ENCRYPTION_KEY=""
VOLUME /opt/factorio/saves /opt/factorio/mods /opt/factorio/config /security
VOLUME /opt/fsm-data /opt/factorio/saves /opt/factorio/mods /opt/factorio/config
RUN apk add --no-cache curl tar unzip nginx openssl xz
EXPOSE 80/tcp 34197/udp
WORKDIR /opt/
RUN apk add --no-cache curl tar xz unzip jq
RUN curl -s -L -S -k https://www.factorio.com/get-download/$FACTORIO_VERSION/headless/linux64 -o /tmp/factorio_$FACTORIO_VERSION.tar.xz && \
tar Jxf /tmp/factorio_$FACTORIO_VERSION.tar.xz && \
rm /tmp/factorio_$FACTORIO_VERSION.tar.xz && \
curl -sLSk https://github.com/mroote/factorio-server-manager/releases/download/$MANAGER_VERSION/factorio-server-manager-linux-${MANAGER_VERSION}.zip \
--cacert /opt/github.pem -o /tmp/factorio-server-manager-linux_$MANAGER_VERSION.zip && \
unzip -qq /tmp/factorio-server-manager-linux_$MANAGER_VERSION.zip && \
rm /tmp/factorio-server-manager-linux_$MANAGER_VERSION.zip && \
mkdir -p /run/nginx && \
chown nginx:root /var/lib/nginx
WORKDIR /opt
COPY "init.sh" "/opt/init.sh"
COPY "nginx.conf" "/etc/nginx/nginx.conf"
# Install FSM
RUN curl --location "https://github.com/mroote/factorio-server-manager/releases/download/${MANAGER_VERSION}/factorio-server-manager-linux-${MANAGER_VERSION}.zip" \
--output /tmp/factorio-server-manager-linux_${MANAGER_VERSION}.zip \
&& unzip /tmp/factorio-server-manager-linux_${MANAGER_VERSION}.zip \
&& rm /tmp/factorio-server-manager-linux_${MANAGER_VERSION}.zip \
&& mv factorio-server-manager fsm
EXPOSE 80/tcp 443/tcp 34190-34200/udp
COPY entrypoint.sh /opt
ENTRYPOINT ["/opt/init.sh"]
ENTRYPOINT ["/opt/entrypoint.sh"]

View File

@ -1,20 +0,0 @@
FROM alpine:latest
RUN apk add --no-cache git make musl-dev go nodejs npm zip
ENV FAC_BRANCH=develop
ENV GOROOT /usr/lib/go
ENV GOPATH /go
ENV PATH /go/bin:$PATH
ENV FAC_ROOT /go/src/factorio-server-manager
COPY build.sh /usr/local/bin/build.sh
RUN mkdir -p ${GOPATH}/bin
RUN chmod u+x /usr/local/bin/build.sh
WORKDIR $FAC_ROOT
VOLUME /build
CMD ["/usr/local/bin/build.sh"]

27
docker/Dockerfile-local Normal file
View File

@ -0,0 +1,27 @@
# Glibc is required for Factorio Server binaries to run
FROM frolvlad/alpine-glibc
ENV FACTORIO_VERSION=latest \
MANAGER_VERSION=0.8.2 \
ADMIN_USER=admin \
ADMIN_PASS=factorio \
RCON_PASS="" \
COOKIE_ENCRYPTION_KEY=""
VOLUME /opt/fsm-data /opt/factorio/saves /opt/factorio/mods /opt/factorio/config
EXPOSE 80/tcp 34197/udp
RUN apk add --no-cache curl tar xz unzip jq
WORKDIR /opt
# Install FSM
COPY factorio-server-manager-linux.zip /factorio-server-manager-linux.zip
RUN unzip /factorio-server-manager-linux.zip \
&& rm /factorio-server-manager-linux.zip \
&& mv factorio-server-manager fsm
COPY entrypoint.sh /opt
ENTRYPOINT ["/opt/entrypoint.sh"]

View File

@ -1,27 +0,0 @@
# Variables can be overridden by setting environment variables
FACTORIO_PATH ?= ~/.factorio
SECURITY_PATH ?= $(FACTORIO_PATH)/security
SAVES_PATH ?= $(FACTORIO_PATH)/saves
MODS_PATH ?= $(FACTORIO_PATH)/mods
PORT_FORWARD ?= -p 80:80 -p 443:443 -p 34197:34197/udp
FACTORIO_BRANCH ?= develop
build:
docker build --build-arg FAC_BRANCH=$FACTORIO_BRANCH -f Dockerfile-build -t fsm-build .
docker build -t factorio-server-manager .
logs:
docker logs factorio-server -f
run:
docker run -d --name factorio-server -v $(SECURITY_PATH):/security -v $(SAVES_PATH):/opt/factorio/saves -v $(MODS_PATH):/opt/factorio/mods $(PORT_FORWARD) factorio-server-manager
stop:
docker stop factorio-server
docker rm factorio-server
clean:
docker rmi factorio-server-manager
docker stop fsm-build
docker rmi fsm-build

View File

@ -1,40 +1,64 @@
# Factorio Server Manager Docker Image
## Prerequisites
You need to have [Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04)
and [Docker Compose](https://docs.docker.com/compose/install/) installed.
## Getting started?
Pull the Docker container from Docker Hub using the pull command
Copy `docker-compose.yaml` and `.env` files from this repository to somewhere on your server.
```
docker pull majormjr/factorio-server-manager
```
Edit values in the `.env` file:
* `ADMIN_USER` (default `admin`): Name of the default user created for FSM UI.
* `ADMIN_PASS` (default `factorio`): Default user password. \
__Important:__ _For security reasons, please change the default user name and password. Never use the defaults._
* `RCON_PASS` (default empty string): Password for Factorio RCON (FSM uses it to communicate with the Factorio server). \
If left empty, a random password will be generated and saved on the first start of the server. You can see the password in `fsm-data/conf.json` file.
* `COOKIE_ENCRYPTION_KEY` (default empty string): The key used to encrypt auth cookie for FSM UI. \
If left empty, a random key will be generated and saved on the first start of the server. You can see the key in `fsm-data/conf.json` file.
* `DOMAIN_NAME` (must be set manually): The domain name where your FSM UI will be available. Must be set,
so [Let's Encrypt](https://letsencrypt.org/) service can issue a valid HTTPS certificate for this domain.
* `EMAIL_ADDRESS` (must be set manually): Your email address. Used only by Let's Encrypt service.
Alternatively you can ignore `.env` file and edit this values directly in `environment` section of `docker-compose.yaml`.
But remember that if `.env` file is present, values set there take precedence over values set in `docker-compose.yaml`.
Now you can start the container by running:
```
docker run --name factorio-manager -d \
-p 80:80 \
-p 443:443 \
-p 34197:34197/udp \
majormjr/factorio-server-manager
docker-compose up -d
```
If you want persistent data in your container also mount the data volumes when starting:
### Simple configuration without HTTPS
If you don't care about HTTPS and want to run just the Factorio Server Manager, or want to run it on local machine you can use `docker-compose.simple.yaml`.
Ignore `DOMAIN_NAME` and `EMAIL_ADDREESS` variables in `.env` file and run
```
docker run --name factorio-manager -d \
-v [yourpath]:/opt/factorio/saves \
-v [yourpath]:/opt/factorio/mods \
-v [yourpath]:/opt/factorio/config \
-v [yourpath]:/security \
-p 80:80 \
-p 443:443 \
-p 34197:34197/udp \
majormjr/factorio-server-manager
docker-compose -f docker-compose.simple.yaml up -d
```
### Factorio version
By default container will download the latest version of factorio. If you want to use specific version, you can change
the value of `FACTORIO_VERSION=latest` variable in the `docker-compose.yaml` file.
## Accessing the application
Go to the port specified in your `docker run` command in your web browser. If running on localhost host access the application at https://localhost
Go to the domain specified in your `.env` file in your web browser. If running on localhost host access the application at http://localhost
### First start
When container starts it begins to dowload Factorio headless server archive, and only after that Factorio Server Manager server starts.
So when Docker Compose writes
```
Creating factorio-server-manager ... done
```
you have to wait several seconds before FSM UI becomes available.
It may take some time for Let's Encrypt to issue the certificate, so for the first couple of minutes after starting the container you may see
"Your connection is not private" error when you open your Factorio Server Manager address in your browser. This error should disappear within
a couple of minutes, if configuration parameters are set correctly.
## Updating Credentials, adding and deleting users.
@ -48,25 +72,18 @@ For now you can't update/downgrade the Factorio version from the UI.
You can however do this using docker images while sustaining your security settings and map/modfiles.
This guide assumes that you mounted the volumes /security, /opt/factorio/saves, /opt/factorio/config and /opt/factorio/mods to your file system. Before doing anything we need to stop the old container using `docker stop factorio-manager`. To update Factorio you should then open the Dockerfile and change the Factorio version to the one desired. After that you need to rebuild the image using `docker build -t factorio-server-manager .`. Once completed you can simply rerun the command that you used to run the image in the first place. It's recommended to change the name to something including the version to keep track of the containers.
If you want to update Factorio to the latest version:
1. Save your game and stop Factorio server in FSM UI.
2. Run `docker-compose restart` (or `docker-compose -f docker-compose.simple.yaml restart` if you are using simple configuration).
Pull the latest container with `docker pull majormjr/factorio-server-manager` and start with the `docker run` command.
After container starts, latest Factorio version will be downloaded and installed.
## Security
A self generated SSL/TLS certificate is created when the container is first created and the webserver is accessible via HTTPS.
Authentication is supported in the application but it is recommended to ensure access to the Factorio manager UI is accessible via VPN or internal network.
### Changing SSL/TLS certificate
If you have your own SSL/TLS certificate then you can supply it to the Factorio Server Manager container.
When first running the container you need to mount the security volume to your host machine by adding the security volume parameter `-v [yourpath]:/security`
The directory will contain a "server.key" file and a "server.crt" file.
If you replace these with a trusted SSL certificate and key, you should ensure that "server.crt" contains the whole certificate chain from the root of your CA.
## Development
For development purposes it also has the ability to create the docker image from local sourcecode. This is done by running `build.sh` in the `docker` directory. This will delete all old executables and the node_modules directory (runs `make build`). The created docker image will have the tag `factorio-server-manager:dev`.
## For everyone who actually read this thing to the end

14
docker/build.sh Normal file → Executable file
View File

@ -1,8 +1,10 @@
#!/bin/sh
set -eou pipefail
(
cd ..
make build
cp build/factorio-server-manager-linux.zip docker/factorio-server-manager-linux.zip
)
docker build -f Dockerfile-local -t factorio-server-manager:dev .
echo "Cloning ${FAC_BRANCH}"
git clone -b ${FAC_BRANCH} https://github.com/mroote/factorio-server-manager.git ${FAC_ROOT}
echo "Creating build..."
make gen_release
echo "Copying build artifacts..."
cp -v build/* /build/
rm factorio-server-manager-linux.zip

View File

@ -0,0 +1,20 @@
version: "3"
services:
factorio-server-manager:
image: "sammann/fsm-docker:latest"
container_name: "factorio-server-manager"
restart: "unless-stopped"
environment:
- "FACTORIO_VERSION=latest"
- "ADMIN_USER"
- "ADMIN_PASS"
- "RCON_PASS"
- "COOKIE_ENCRYPTION_KEY"
ports:
- "80:80"
- "34197:34197/udp"
volumes:
- "./fsm-data:/opt/fsm-data"
- "./factorio-data/saves:/opt/factorio/saves"
- "./factorio-data/mods:/opt/factorio/mods"
- "./factorio-data/config:/opt/factorio/config"

View File

@ -0,0 +1,65 @@
version: "3"
services:
factorio-server-manager:
image: "sammann/fsm-docker:latest"
container_name: "factorio-server-manager"
restart: "unless-stopped"
environment:
- "FACTORIO_VERSION=latest"
- "ADMIN_USER"
- "ADMIN_PASS"
- "RCON_PASS"
- "COOKIE_ENCRYPTION_KEY"
volumes:
- "./fsm-data:/opt/fsm-data"
- "./factorio-data/saves:/opt/factorio/saves"
- "./factorio-data/mods:/opt/factorio/mods"
- "./factorio-data/config:/opt/factorio/config"
labels:
- "traefik.enable=true"
- "traefik.http.routers.fsm.entrypoints=websecure"
- "traefik.http.routers.fsm.rule=Host(`${DOMAIN_NAME}`)"
- "traefik.http.routers.fsm.tls=true"
- "traefik.http.routers.fsm.tls.certResolver=default"
- "traefik.http.routers.fsm.service=fsm"
#- "traefik.http.routers.fsm.middlewares=fsm-auth"
- "traefik.http.services.fsm.loadbalancer.server.port=80"
- "traefik.udp.routers.fsm.entrypoints=factorio"
- "traefik.udp.routers.fsm.service=fsm"
- "traefik.udp.services.fsm.loadbalancer.server.port=34197"
traefik:
image: "traefik:v2.2"
container_name: "traefik"
restart: "always"
command:
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.factorio.address=:34197/udp"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--providers.docker"
- "--providers.docker.exposedByDefault=false"
- "--certificatesresolvers.default.acme.email=${EMAIL_ADDRESS}"
- "--certificatesresolvers.default.acme.storage=/etc/traefik/acme.json"
- "--certificatesresolvers.default.acme.tlschallenge=true"
ports:
- "80:80"
- "443:443"
- "34197:34197/udp"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik-data:/etc/traefik"
labels:
- "traefik.enable=true"
#- "traefik.http.middlewares.fsm-auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#- "traefik.http.middlewares.fsm-auth.basicauth.realm=FSM"
#networks:
# default:
# external:
# name: "traefik"

View File

@ -1,17 +0,0 @@
version: '2'
services:
factorio-manager:
container_name: factorio-manager
image: "majormjr/factorio-server-manager"
restart: always
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
- "[yourPath_optional]:/security"
- "[yourPath]:/opt/factorio/saves"
- "[yourPath]:/opt/factorio/mods"
- "[yourPath]:/opt/factorio/config"
ports:
- "80:80"
- "443:443"
- "34197:34197/udp"

51
docker/entrypoint.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
init_config() {
jq_cmd='.'
if [ -n $ADMIN_USER ]; then
jq_cmd="${jq_cmd} | .username = \"$ADMIN_USER\""
echo "Admin username is '$ADMIN_USER'"
fi
if [ -n $ADMIN_PASS ]; then
jq_cmd="${jq_cmd} | .password = \"$ADMIN_PASS\""
echo "Admin password is '$ADMIN_PASS'"
fi
echo "IMPORTANT! Please create new user and delete default admin user ASAP."
if [ -z $RCON_PASS ]; then
RCON_PASS="$(random_pass)"
fi
jq_cmd="${jq_cmd} | .rcon_pass = \"$RCON_PASS\""
echo "Factorio rcon password is '$RCON_PASS'"
if [ -z $COOKIE_ENCRYPTION_KEY ]; then
COOKIE_ENCRYPTION_KEY="$(random_pass)"
fi
jq_cmd="${jq_cmd} | .cookie_encryption_key = \"$COOKIE_ENCRYPTION_KEY\""
jq_cmd="${jq_cmd} | .database_file = \"/opt/fsm-data/auth.leveldb\""
jq_cmd="${jq_cmd} | .log_file = \"/opt/fsm-data/factorio-server-manager.log\""
jq "${jq_cmd}" /opt/fsm/conf.json >/opt/fsm-data/conf.json
}
random_pass() {
LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 24 | head -n 1
}
install_game() {
curl --location "https://www.factorio.com/get-download/${FACTORIO_VERSION}/headless/linux64" \
--output /tmp/factorio_${FACTORIO_VERSION}.tar.xz \
&& tar -xf /tmp/factorio_${FACTORIO_VERSION}.tar.xz \
&& rm /tmp/factorio_${FACTORIO_VERSION}.tar.xz
}
if [ ! -f /opt/fsm-data/conf.json ]; then
init_config
fi
install_game
cd /opt/fsm && ./factorio-server-manager -conf /opt/fsm-data/conf.json -dir /opt/factorio -port 80

View File

@ -1,18 +0,0 @@
#!/bin/sh
mkdir -p /security
if [ ! -f /security/server.key ]; then
echo "No SSL key found. generating new key and certificate"
openssl req \
-new \
-newkey rsa:2048 \
-days 365 \
-nodes\
-x509 \
-subj "/CN=localhost" \
-keyout /security/server.key \
-out /security/server.crt
fi
nohup nginx &
cd /opt/factorio-server-manager
./factorio-server-manager -dir '/opt/factorio'

View File

@ -1,74 +0,0 @@
user nginx;
worker_processes 1;
error_log logs/error.log warn;
pid run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 100m;
#gzip on;
upstream goapp {
server 127.0.0.1:8080;
}
server {
listen 80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server;
ssl on;
ssl_certificate /security/server.crt;
ssl_certificate_key /security/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location /ws {
proxy_pass http://goapp;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
}
location /api {
proxy_pass http://goapp;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
location / {
root /opt/factorio-server-manager/app;
try_files $uri /index.html;
}
}
}