self hosting – Black as My Coffee

Before we proceed with how to setup cloud/self hosted services securely, let’s go over some of the things that would be needed for this tutorial.Also the installations command is given keeping Debian like systems in mind, but can easily be found for other systems with a simple web search.

Docker : Install docker and docker-compose
- sudo apt install docker.io
- sudo apt install docker-compose-plugin
- sudo usermod -aG docker $USER
- newgrp docker
In firewall configurations, open port 443 to internet, can be done either of given ways:
- sudo ufw allow https (for homeserver)
- Open port 443 in cloud firewall/network (for cloud setup)
Also open port 80 in cloud firewall/network if using http for domain validation.
Either buy a domain through domain providers or visit Duckdns to get free dynamic dns.

Setting up SWAG container

SWAG sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let’s Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.

Here, I will be giving two swag.yml docker-compose files, which can be used alternatively depending upon whether you use some domain providers or duckdns.

Using Domain Providers

version: "2.1"
services:
  swag:
    image: lscr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000 # your user and group ids
      - PGID=1000 # get it with typing `id` in terminal
      - TZ=Asia/Kolkata # Docker available time zone regions
      - URL=your-domain.com  # the domain name that you bought
      - SUBDOMAINS=www,jellyfin,code-server # the subdomains which serves the specific services
      - VALIDATION=http
    volumes:
      - ./swag:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped

We will be using http validation to validate domain ownership. Visit your domain providers console’s manage dns section and follow the given steps to configure it correctly:

configure A records, add:
- www . your-domain.com
- your-domain.com
configure CNAME for each service you want to run, for each CNAME we need to configure hostname and value as:
- CNAME (for service 1 : let’s say code-server)
  - Hostname : code-server.your-domain.com
  - Value : www . your-domain.com
- CNAME (for service 2 : let’s say jellyfin)
  - Hostname : jellyfin.your-domain.com
  - Value : www . your-domain.com
- In similar way, we can add as many as CNAMEs as number of services.

Using Dynamic DNS(DuckDns)

---                                                 
version: "2.1"                                      
services:                                           
  swag:                                             
    image: lscr.io/linuxserver/swag                 
    container_name: swag                            
    cap_add:                                        
      - NET_ADMIN                                   
    environment:                                    
      - PUID=1000                                   
      - PGID=1000                                   
      - TZ=Asia/Kolkata                             
      - URL=your-domain.duckdns.org                 
      - SUBDOMAINS=wildcard                         
      - VALIDATION=duckdns                          
      - DUCKDNSTOKEN=97654867496t4657382648659765854
    volumes:                                        
      - ./swag:/config                              
    ports:                                          
      - 443:443                                     
      - 80:80                                       
    restart: unless-stopped

Here, we won’t need to do anything if we are following default container names, so visit following subdomain after setup for:

code-server : code-server.your-domain.duckdns.org
jellyfin : jellyfin.your-domain.duckdns.org

Now, following either one of the way from above , we are ready to fire up our swag container, we can do so by running:

docker compose -f swag.yml up -d

Only if the domain name configurations are done properly the nginx server on swag container will start.

Check docker logs swag -f to verify if swag is successfully running without errors, it should have printed `server ready` otherwise reconfigure swag yaml file and domain name and recreate the swag container.

Before moving ahead, we need to create a user defined network and add swag container to that network, also we would add all subsequent docker containers to this network for inter-network connectivity. To do this:

docker network create -d bridge my_network
docker network connect my_network containerId

Setting up Individual Apps

Setting up Jellyfin media server along with transmission torrent(transmission won’t be open to internet in this example), create a jellyfin.yml file with following content:

---                                                      
version: "2.1"                                           
services:                                                
  transmission:                                          
    image: lscr.io/linuxserver/transmission:latest       
    container_name: transmission                         
    environment:                                         
      - PUID=1000                                        
      - PGID=1000                                        
      - TZ=Asia/Kolkata                                  
      - TRANSMISSION_WEB_HOME= #optional                 
      - USER=admin #optional                             
      - PASS=password #optional                          
      - PEERPORT=51413                                   
    volumes:                                             
      - ./transmission/data:/config                      
      - ./shared/downloads:/downloads                    
    ports:                                               
      - 9091:9091                                        
      - 51413:51413                                      
      - 51413:51413/udp                                  
    restart: unless-stopped                              
  jellyfin:                                              
    image: lscr.io/linuxserver/jellyfin:latest           
    container_name: jellyfin                             
    environment:                                         
      - PUID=1000                                        
      - PGID=1000                                        
      - TZ=Asia/Kolkata                                  
      - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
    volumes:                                             
      - ./jellyfin/config:/config                        
      - ./shared/downloads:/data/to_watch                
    ports:                                               
      - 8096:8096                                        
      - 8920:8920 #optional                              
      - 7359:7359/udp #optional                          
      - 1900:1900/udp #optional                          
    restart: unless-stopped

now enter inside swag container using command ,

docker exec -it swag_container_id bash

and do following mentioned things:

cd /config/nginx/proxy-confs/
mv jellyfin.subdomain.conf.sample jellyfin.subdomain.conf
restart the swag container

Also add this container to user defined bridge network:

docker network connect my_network jellyfin_containerId

2. Setting up code-server with password authentication, create a code-server.yml with below content:

---
version: "2.1"
services:
  code-server:
    image: lscr.io/linuxserver/code-server:latest
    container_name: code-server
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Kolkata
      - PASSWORD=password1
      - SUDO_PASSWORD=password2
      - DEFAULT_WORKSPACE=/config/workspace #optional
    volumes:
      - ./code-server/config:/config
    ports:
      - 8443:8443
    restart: unless-stopped

Do again same as above as entering in swag container and moving files and restarting it along with adding code-server container to the user defined bridge network.

Now, we are done, we can access our containers now and they will look something like this:

Jellyfin: visit https://jellyfin.your-domain.com

Code Server: visit https://code-server.your-domain.com

In similar ways, we can host numerous services securely with very minimal attack surface available to exploit by malicious entities.

IMPORTANT – As you keep on adding more services, keep in mind to append them to swag container’s SUBDOMAINS environment variable and recreate the swag container.

Please refer linuxserver.io for even more awesome services and more detailed explanation for swag .

Happy hacking !

-Jeux Gratuit Présentation "Minetest" MINECRAFT-LIKE FPS ...

What is Minetest ?

Minetest (server) is a near-infinite-world block sandbox game and a game engine, inspired by InfiniMiner, Minecraft, and the like. It’s free and open source software and is available for Linux-based systems, FreeBSD, Microsoft Windows, MacOS, and Android.

Hosting a public minetest server on a debian/ubuntu vps(cloud server)

First step, choosing the Minetest version:

export branch=$(printf "Enter Minetest version: " >&2;read r;echo "$r")

It will ask you to enter a Minetest version. You can enter any numeric version, but you probably want one of these:

master: Latest development state (5.4.0-dev)
stable-0.4: Stable release in the 0.4 series (0.4.17.1) [UNSUPPORTED]
stable-5: Stable release in the 5 series (5.3.0)

After you’ve done that just paste the one-line script into your terminal, taken from here:

(sudo apt-get install -y unzip g{it,cc,++} {c,}make zlib1g-dev lib{sqlite3,curl4-openssl,luajit-5.1,leveldb}-dev&&cd $(mktemp -d)&&wget downloads.sourceforge.net/irrlicht/irrlicht-1.8.4.zip -O irr.zip&&unzip -q irr.zip&&git clone https://github.com/minetest/minetest -b $branch&&cd minetest&&git clone https://github.com/minetest/minetest_game -b $branch games/minetest_game&&cmake . -DBUILD_CLIENT=0 -D{BUILD_SERVER,RUN_IN_PLACE,ENABLE_LEVELDB}=1 -DIRRLICHT_INCLUDE_DIR=$PWD/../irrlicht-1.8.4/include&&make -j$(nproc) package&&p=$(echo minetest-*.tar.gz)&&cp "$p" ~&&printf '\n\n\e[1;32mBuild successful, an archive called "%s" was placed in your home folder.\nTo run the server, extract the archive and run the executable inside the 'bin/' folder\e[0m\n' "$p")||printf '\n\n\e[1;31mBuild failed, review log output above to identify and fix the issue.\e[0m\n'

It will ask you for your password once in the beginning. Once it’s done you’ll have a .tar.gz archive in your home folder, you can extract it anywhere you’d like and run minetestserver from there like a portable installation.

so , extract the tar file as:

tar -xf minetest-5.4.0-linux.tar.gz

then cd into extracted directory , you should modify the minetest.conf file , to modify the game behaviour.

After that open the firewall on the port you want to run the server using ufw:

sudo ufw enable
sudo ufw allow 30000
sudo ufw allow ssh  #so that the vps login work later
sudo ufw status

well after that we can change the game by adding game in games folder, add other textures in textures folder , mods in mods folder and so on from where you extracted the .tar.gz archive( or your minetestserver installation) .

To run the server do:

warning are of no worries as they arise from additional mods added

Now since the server is running alright , any person who wants to connect to your minetest server can connect using minetest gui client they have on their devices , on the specific port your server is running . You can configure your minetest.conf file to control the behaviour of game as you wish.

Other installations options:

use minetest-server package which is present in debian/ubuntu official package repository(although not recommended due to very old versions).
Install into debian using Backports .
Install into ubuntu using ppa.

Hope this guide helps you in creating the latest version of your own public minetest server 🙂

Tag: self hosting

Hosting your own Public Minetest Server