Skip to content

Commit

Permalink
Include SSL guide using Certbot (#331)
Browse files Browse the repository at this point in the history 
* Include SSL guide using Certbot

---------

Co-authored-by: Robert Thomas <31854736+wolveix@users.noreply.github.com>
  • Loading branch information
@dieser-niko @wolveix
dieser-niko and wolveix authored Sep 26, 2024
1 parent 000ebe7 commit ad8696c
Show file tree
Hide file tree
Showing 3 changed files with 153 additions and 1 deletion.
9 changes: 8 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@ following directories:
- `/backups` - the server will automatically backup your saves when the container first starts
- `/gamefiles` - this is for the game's files. They're stored outside the container to avoid needing to redownload
8GB+ every time you want to rebuild the container
- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless `LOG=true`)
- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless
`LOG=true`)
- `/saved` - this contains the game's blueprints, saves, and server configuration

Before running the server image, you should find your user ID that will be running the container. This isn't necessary
Expand Down Expand Up @@ -142,6 +143,12 @@ services:
memory: 4G
```
### SSL Certificate with Certbot (Optional)
You can use Certbot with Let's Encrypt to issue a signed SSL certificate for your server. Without this,
Satisfactory will use a self-signed SSL certificate, requiring players to manually confirm them when they initially
connect. [Learn more](/~https://github.com/wolveix/satisfactory-server/tree/main/ssl).
### Kubernetes
If you are running a [Kubernetes](https://kubernetes.io) cluster, we do have
Expand Down
100 changes: 100 additions & 0 deletions ssl/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# SSL Certificate with Certbot

The instructions below will help you to deploy a signed SSL certificate for your Satisfactory server.

## Docker Compose

```yaml
services:
satisfactory-server:
container_name: 'satisfactory-server'
hostname: 'satisfactory-server'
image: 'wolveix/satisfactory-server:latest'
ports:
- '7777:7777/udp'
- '7777:7777/tcp'
volumes:
- './satisfactory-server:/config'
- './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem'
- './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem'
environment:
- MAXPLAYERS=4
- PGID=1000
- PUID=1000
- ROOTLESS=false
- STEAMBETA=false
restart: unless-stopped
depends_on:
certbot:
condition: service_completed_successfully
healthcheck:
test: bash /healthcheck.sh
interval: 30s
timeout: 10s
retries: 3
start_period: 120s
deploy:
resources:
limits:
memory: 6G
reservations:
memory: 4G

certbot:
image: certbot/certbot
command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN}
ports:
- '80:80/tcp'
volumes:
- ./certs:/etc/letsencrypt
environment:
- CERTBOT_MAIL=certbot@domain.tld
- DOMAIN=satisfactory.domain.tld
```
The `docker-compose.yml` file above should replace the `docker-compose.yml` file you already have configured. Adjust the
`CERTBOT_MAIL` and `DOMAIN` environment variables under the `certbot` service to be a real email address, and the domain
you'd like to issue the SSL certificate for. Ensure prior to running this that you've already created the necessary DNS
record for your domain. If you don't certbot will fail, and you'll likely hit your rate limit and need to wait a while
to try again (check the `certbot` container's logs for further information).

**Ensure that you open/port forward for port `80/tcp`.**

You can now launch the Docker Compose configuration in the same way you normally would. Do note that if Certbot fails,
the game server will not start.

## Troubleshooting

### What if port 80 is already in-use with a reverse-proxy?

Change the port for the certbot service (e.g. `7800:80/tcp`), and forward HTTP traffic from your reverse proxy through
to your `certbot` container.

Here are examples on how you can do this with Caddy and NGINX

#### Caddy

Modify your Caddyfile to include your given domain above. Ensure that you put `http://` **before** the domain, otherwise
Caddy will _also_ request an SSL certificate for it.

```
http://satisfactory.domain.tld {
reverse_proxy :7780
}
```
#### NGINX
Modify your NGINX configuration file to include the following virtual host:
```
server {
listen 80;
server_name satisfactory.domain.tld;

location / {
proxy_pass http://localhost:7780;
}
}
```
45 changes: 45 additions & 0 deletions ssl/docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
services:
satisfactory-server:
container_name: 'satisfactory-server'
hostname: 'satisfactory-server'
image: 'wolveix/satisfactory-server:latest'
ports:
- '7777:7777/udp'
- '7777:7777/tcp'
volumes:
- './satisfactory-server:/config'
- './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem'
- './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem'
environment:
- MAXPLAYERS=4
- PGID=1000
- PUID=1000
- ROOTLESS=false
- STEAMBETA=false
restart: unless-stopped
depends_on:
certbot:
condition: service_completed_successfully
healthcheck:
test: bash /healthcheck.sh
interval: 30s
timeout: 10s
retries: 3
start_period: 120s
deploy:
resources:
limits:
memory: 6G
reservations:
memory: 4G

certbot:
image: certbot/certbot
command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN}
ports:
- '80:80/tcp'
volumes:
- ./certs:/etc/letsencrypt
environment:
- CERTBOT_MAIL=certbot@domain.tld
- DOMAIN=satisfactory.domain.tld

0 comments on commit ad8696c

Please sign in to comment.