Mirrors/docker-minecraft-server
2
0
Fork 0
mirror of https://github.com/itzg/docker-minecraft-server synced 2024-12-05 01:49:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

By default, generate random RCON password at startup (#2071)

Browse source
This commit is contained in:
Geoff Bourne 2023-04-07 20:05:09 -05:00 committed by GitHub
parent 8987d2cc81
commit f6ab2aaab3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -58,7 +58,7 @@ WORKDIR /data
STOPSIGNAL SIGTERM
# End user MUST set EULA and change RCON_PASSWORD
ENV TYPE=VANILLA VERSION=LATEST EULA="" UID=1000 GID=1000 RCON_PASSWORD=minecraft
ENV TYPE=VANILLA VERSION=LATEST EULA="" UID=1000 GID=1000
COPY --chmod=755 scripts/start* /
COPY --chmod=755 bin/ /usr/local/bin/

4
README.md
View file

@ -1188,9 +1188,9 @@ The server icon which has been set doesn't get overridden by default. It can be
RCON is **enabled by default** to allow for graceful shut down the server and coordination of save state during backups. RCON can be disabled by setting `ENABLE_RCON` to "false".
The default password is "minecraft" but **change the password before deploying into production** by setting `RCON_PASSWORD`.
The RCON password can be set via `RCON_PASSWORD` or the name of a file that contains the password can be referenced by setting `RCON_PASSWORD_FILE`. If not set, a random password will be generated at each startup.
**DO NOT MAP THE RCON PORT EXTERNALLY** unless you aware of all the consequences and have set a **secure password** with `RCON_PASSWORD`.
Regardless of the password set or defaulted, **DO NOT MAP THE RCON PORT EXTERNALLY** unless you sure that is what you intended.
> Mapping ports (`-p` command line or `ports` in compose) outside the container and docker networking needs to be a purposeful choice. Most production Docker deployments do not need any of the Minecraft ports mapped externally from the server itself.

8
scripts/start
View file

@ -10,10 +10,18 @@
umask 0002
chmod g+w /data
if isTrue "${ENABLE_RCON:-true}" && ! [ -v RCON_PASSWORD ] && ! [ -v RCON_PASSWORD_FILE ]; then
RCON_PASSWORD=$(openssl rand -hex 12)
export RCON_PASSWORD
fi
if ! isTrue "${SKIP_SUDO:-false}" && [ "$(id -u)" = 0 ]; then
runAsUser=minecraft
runAsGroup=minecraft
# For rcon-cli access running via exec, which by default is running as root
echo "password=${RCON_PASSWORD}" > "$HOME/.rcon-cli.env"
if [[ -v UID ]]; then
if [[ $UID != 0 ]]; then
if [[ $UID != $(id -u minecraft) ]]; then

3
scripts/start-configuration
View file

@ -83,6 +83,9 @@ if [[ $RCON_PASSWORD_FILE ]]; then
log ""
fi
# For rcon-cli access
echo "password=${RCON_PASSWORD}" > "$HOME/.rcon-cli.env"
function fixJavaPath() {
# Some Docker management UIs grab all the image declared variables and present them for configuration.
# When upgrading images across Java versions, that creates a mismatch in PATH's expected by base image.

1
tests/setuponlytests/defaults/verify.sh
View file

@ -1,3 +1,2 @@
mc-image-helper assert propertyEquals --file=server.properties --property=rcon.password --expect=minecraft
mc-image-helper assert propertyEquals --file=server.properties --property=rcon.port --expect=25575
mc-image-helper assert propertyEquals --file=server.properties --property=enable-rcon --expect=true