diff --git a/README.md b/README.md index de1e124..6be9e98 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,8 @@ following directories: - `/backups` - the server will automatically backup your saves when the container first starts - `/gamefiles` - this is for the game's files. They're stored outside the container to avoid needing to redownload 8GB+ every time you want to rebuild the container -- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless `LOG=true`) +- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless + `LOG=true`) - `/saved` - this contains the game's blueprints, saves, and server configuration Before running the server image, you should find your user ID that will be running the container. This isn't necessary @@ -142,6 +143,12 @@ services: memory: 4G ``` +### SSL Certificate with Certbot (Optional) + +You can use Certbot with Let's Encrypt to issue a signed SSL certificate for your server. Without this, +Satisfactory will use a self-signed SSL certificate, requiring players to manually confirm them when they initially +connect. [Learn more](/~https://github.com/wolveix/satisfactory-server/tree/main/ssl). + ### Kubernetes If you are running a [Kubernetes](https://kubernetes.io) cluster, we do have diff --git a/ssl/README.md b/ssl/README.md new file mode 100644 index 0000000..32ccc75 --- /dev/null +++ b/ssl/README.md @@ -0,0 +1,100 @@ +# SSL Certificate with Certbot + +The instructions below will help you to deploy a signed SSL certificate for your Satisfactory server. + +## Docker Compose + +```yaml +services: + satisfactory-server: + container_name: 'satisfactory-server' + hostname: 'satisfactory-server' + image: 'wolveix/satisfactory-server:latest' + ports: + - '7777:7777/udp' + - '7777:7777/tcp' + volumes: + - './satisfactory-server:/config' + - './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem' + - './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem' + environment: + - MAXPLAYERS=4 + - PGID=1000 + - PUID=1000 + - ROOTLESS=false + - STEAMBETA=false + restart: unless-stopped + depends_on: + certbot: + condition: service_completed_successfully + healthcheck: + test: bash /healthcheck.sh + interval: 30s + timeout: 10s + retries: 3 + start_period: 120s + deploy: + resources: + limits: + memory: 6G + reservations: + memory: 4G + + certbot: + image: certbot/certbot + command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN} + ports: + - '80:80/tcp' + volumes: + - ./certs:/etc/letsencrypt + environment: + - CERTBOT_MAIL=certbot@domain.tld + - DOMAIN=satisfactory.domain.tld +``` + +The `docker-compose.yml` file above should replace the `docker-compose.yml` file you already have configured. Adjust the +`CERTBOT_MAIL` and `DOMAIN` environment variables under the `certbot` service to be a real email address, and the domain +you'd like to issue the SSL certificate for. Ensure prior to running this that you've already created the necessary DNS +record for your domain. If you don't certbot will fail, and you'll likely hit your rate limit and need to wait a while +to try again (check the `certbot` container's logs for further information). + +**Ensure that you open/port forward for port `80/tcp`.** + +You can now launch the Docker Compose configuration in the same way you normally would. Do note that if Certbot fails, +the game server will not start. + +## Troubleshooting + +### What if port 80 is already in-use with a reverse-proxy? + +Change the port for the certbot service (e.g. `7800:80/tcp`), and forward HTTP traffic from your reverse proxy through +to your `certbot` container. + +Here are examples on how you can do this with Caddy and NGINX + +#### Caddy + +Modify your Caddyfile to include your given domain above. Ensure that you put `http://` **before** the domain, otherwise +Caddy will _also_ request an SSL certificate for it. + +``` +http://satisfactory.domain.tld { + reverse_proxy :7780 +} +``` + + +#### NGINX + +Modify your NGINX configuration file to include the following virtual host: + +``` +server { + listen 80; + server_name satisfactory.domain.tld; + + location / { + proxy_pass http://localhost:7780; + } +} +``` \ No newline at end of file diff --git a/ssl/docker-compose.yml b/ssl/docker-compose.yml new file mode 100644 index 0000000..78ab09f --- /dev/null +++ b/ssl/docker-compose.yml @@ -0,0 +1,45 @@ +services: + satisfactory-server: + container_name: 'satisfactory-server' + hostname: 'satisfactory-server' + image: 'wolveix/satisfactory-server:latest' + ports: + - '7777:7777/udp' + - '7777:7777/tcp' + volumes: + - './satisfactory-server:/config' + - './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem' + - './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem' + environment: + - MAXPLAYERS=4 + - PGID=1000 + - PUID=1000 + - ROOTLESS=false + - STEAMBETA=false + restart: unless-stopped + depends_on: + certbot: + condition: service_completed_successfully + healthcheck: + test: bash /healthcheck.sh + interval: 30s + timeout: 10s + retries: 3 + start_period: 120s + deploy: + resources: + limits: + memory: 6G + reservations: + memory: 4G + + certbot: + image: certbot/certbot + command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN} + ports: + - '80:80/tcp' + volumes: + - ./certs:/etc/letsencrypt + environment: + - CERTBOT_MAIL=certbot@domain.tld + - DOMAIN=satisfactory.domain.tld \ No newline at end of file