Mirrors/docker-minecraft-server
2
0
Fork 0
mirror of https://github.com/itzg/docker-minecraft-server synced 2024-12-05 01:49:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Process rcon password as regular user (#2511)

Browse source
This commit is contained in:
Geoff Bourne 2023-11-25 18:30:18 -06:00 committed by GitHub
parent 051436c1df
commit 9d7232c8b8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 51 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
Dockerfile
View file

@ -22,28 +22,35 @@ COPY --chmod=644 files/sudoers* /etc/sudoers.d
EXPOSE 25565 EXPOSE 25565
ARG EASY_ADD_VER=0.8.1 ARG APPS_REV=1
ADD https://github.com/itzg/easy-add/releases/download/${EASY_ADD_VER}/easy-add_${TARGETOS}_${TARGETARCH}${TARGETVARIANT} /usr/bin/easy-add ARG GITHUB_BASEURL=https://github.com
ARG EASY_ADD_VERSION=0.8.2
ADD ${GITHUB_BASEURL}/itzg/easy-add/releases/download/${EASY_ADD_VERSION}/easy-add_${TARGETOS}_${TARGETARCH}${TARGETVARIANT} /usr/bin/easy-add
RUN chmod +x /usr/bin/easy-add RUN chmod +x /usr/bin/easy-add
ARG RESTIFY_VERSION=1.7.1
RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \ RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \
--var version=1.7.1 --var app=restify --file {{.app}} \ --var version=${RESTIFY_VERSION} --var app=restify --file {{.app}} \
--from https://github.com/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz --from ${GITHUB_BASEURL}/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz
ARG RCON_CLI_VERSION=1.6.4
RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \ RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \
--var version=1.6.3 --var app=rcon-cli --file {{.app}} \ --var version=${RCON_CLI_VERSION} --var app=rcon-cli --file {{.app}} \
--from https://github.com/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz --from ${GITHUB_BASEURL}/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz
ARG MC_MONITOR_VERSION=0.12.6
RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \ RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \
--var version=0.12.5 --var app=mc-monitor --file {{.app}} \ --var version=${MC_MONITOR_VERSION} --var app=mc-monitor --file {{.app}} \
--from https://github.com/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz --from ${GITHUB_BASEURL}/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz
ARG MC_SERVER_RUNNER_VERSION=1.9.1
RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \ RUN easy-add --var os=${TARGETOS} --var arch=${TARGETARCH}${TARGETVARIANT} \
--var version=1.9.1 --var app=mc-server-runner --file {{.app}} \ --var version=${MC_SERVER_RUNNER_VERSION} --var app=mc-server-runner --file {{.app}} \
--from https://github.com/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz --from ${GITHUB_BASEURL}/itzg/{{.app}}/releases/download/{{.version}}/{{.app}}_{{.version}}_{{.os}}_{{.arch}}.tar.gz
ARG MC_HELPER_VERSION=1.36.12 ARG MC_HELPER_VERSION=1.36.12
ARG MC_HELPER_BASE_URL=https://github.com/itzg/mc-image-helper/releases/download/${MC_HELPER_VERSION} ARG MC_HELPER_BASE_URL=${GITHUB_BASEURL}/itzg/mc-image-helper/releases/download/${MC_HELPER_VERSION}
# used for cache busting local copy of mc-image-helper # used for cache busting local copy of mc-image-helper
ARG MC_HELPER_REV=1 ARG MC_HELPER_REV=1
RUN curl -fsSL ${MC_HELPER_BASE_URL}/mc-image-helper-${MC_HELPER_VERSION}.tgz \ RUN curl -fsSL ${MC_HELPER_BASE_URL}/mc-image-helper-${MC_HELPER_VERSION}.tgz \

BIN
notes/start-script-flow.drawio.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 67 KiB

After

Width:  |  Height:  |  Size: 83 KiB

9
scripts/start
View file

@ -9,18 +9,13 @@
umask 0002 umask 0002
if isTrue "${ENABLE_RCON:-true}" && ! [ -v RCON_PASSWORD ] && ! [ -v RCON_PASSWORD_FILE ]; then # Remove from previous run and do this as elevated user since file used to be created before demoting
RCON_PASSWORD=$(openssl rand -hex 12) rm -f "$HOME/.rcon-cli.env"
export RCON_PASSWORD
fi
if ! isTrue "${SKIP_SUDO:-false}" && [ "$(id -u)" = 0 ]; then if ! isTrue "${SKIP_SUDO:-false}" && [ "$(id -u)" = 0 ]; then
runAsUser=minecraft runAsUser=minecraft
runAsGroup=minecraft runAsGroup=minecraft
# For rcon-cli access running via exec, which by default is running as root
echo "password=${RCON_PASSWORD}" > "$HOME/.rcon-cli.env"
if [[ -v UID ]]; then if [[ -v UID ]]; then
if [[ $UID != 0 ]]; then if [[ $UID != 0 ]]; then
if [[ $UID != $(id -u minecraft) ]]; then if [[ $UID != $(id -u minecraft) ]]; then

53
scripts/start-configuration
View file

@ -15,11 +15,9 @@ IFS=$'\n\t'
: "${RCON_CMDS_FIRST_CONNECT:=}" : "${RCON_CMDS_FIRST_CONNECT:=}"
: "${RCON_CMDS_LAST_DISCONNECT:=}" : "${RCON_CMDS_LAST_DISCONNECT:=}"
: "${RCON_CMDS_PERIOD:=10}" : "${RCON_CMDS_PERIOD:=10}"
: "${RCON_PASSWORD_FILE:=}"
: "${ENABLE_RCON:=true}" : "${ENABLE_RCON:=true}"
: "${RCON_PASSWORD:=minecraft}"
: "${RCON_PORT:=25575}" : "${RCON_PORT:=25575}"
export ENABLE_RCON RCON_PASSWORD RCON_PORT export ENABLE_RCON RCON_PORT
: "${MEMORY=1G}" : "${MEMORY=1G}"
: "${INIT_MEMORY=${MEMORY}}" : "${INIT_MEMORY=${MEMORY}}"
@ -49,6 +47,36 @@ if [ ! -e /data/eula.txt ]; then
writeEula writeEula
fi fi
##########################################
# Setup RCON password
if isTrue "${ENABLE_RCON:-true}" && ! [[ -v RCON_PASSWORD ]] && ! [[ -v RCON_PASSWORD_FILE ]]; then
RCON_PASSWORD=$(openssl rand -hex 12)
export RCON_PASSWORD
fi
if [[ -v RCON_PASSWORD_FILE ]]; then
if [ ! -e "${RCON_PASSWORD_FILE}" ]; then
log ""
log "Initial RCON password file ${RCON_PASSWORD_FILE} does not seems to exist."
log "Please ensure your configuration."
log "If you are using Docker Secrets feature, please check this for further information: "
log " https://docs.docker.com/engine/swarm/secrets"
log ""
exit 1
else
RCON_PASSWORD=$(cat "${RCON_PASSWORD_FILE}")
export RCON_PASSWORD
fi
fi
# For rcon-cli access running via exec, which by default is running as root
echo "password=${RCON_PASSWORD}" > "$HOME/.rcon-cli.env"
echo "password: \"${RCON_PASSWORD}\"" > "$HOME/.rcon-cli.yaml"
##########################################
# Auto-pause/stop
if isTrue "${ENABLE_AUTOPAUSE}" && isTrue "${EXEC_DIRECTLY:-false}"; then if isTrue "${ENABLE_AUTOPAUSE}" && isTrue "${EXEC_DIRECTLY:-false}"; then
log "EXEC_DIRECTLY=true is incompatible with ENABLE_AUTOPAUSE=true" log "EXEC_DIRECTLY=true is incompatible with ENABLE_AUTOPAUSE=true"
exit 1 exit 1
@ -67,25 +95,6 @@ if [[ $PROXY ]]; then
sleep 5 sleep 5
fi fi
if [[ $RCON_PASSWORD_FILE ]]; then
log ""
if [ ! -e ${RCON_PASSWORD_FILE} ]; then
log "Initial RCON password file ${RCON_PASSWORD_FILE} does not seems to exist."
log "Please ensure your configuration."
log "If you are using Docker Secrets feature, please check this for further information: "
log " https://docs.docker.com/engine/swarm/secrets"
log ""
exit 1
else
RCON_PASSWORD=$(cat ${RCON_PASSWORD_FILE})
export RCON_PASSWORD
fi
log ""
fi
# For rcon-cli access
echo "password=${RCON_PASSWORD}" > "$HOME/.rcon-cli.env"
function fixJavaPath() { function fixJavaPath() {
# Some Docker management UIs grab all the image declared variables and present them for configuration. # Some Docker management UIs grab all the image declared variables and present them for configuration.
# When upgrading images across Java versions, that creates a mismatch in PATH's expected by base image. # When upgrading images across Java versions, that creates a mismatch in PATH's expected by base image.