Merge pull request #61 from jammsen/refactor-steam-user-jail

Major refactoring of the base image

.github/workflows/docker-build-and-push-refactorbranch.yml

@@ -0,0 +1,32 @@
+name: docker-build-and-push-ci
+
+on:
+  push:
+    branches:
+      - 'refactor-steam-user-jail'
+
+jobs:
+  docker-build-gameserver-image:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          tags: jammsen/the-forest-dedicated-server:refactor-steam-user-jail

.gitignore

@@ -1 +1,4 @@
 .idea/
+game/
+steamcmd/
+winedata/

Dockerfile

@@ -1,32 +1,67 @@
-FROM jammsen/base:wine-stable-debian-bookworm
+FROM cm2network/steamcmd:root AS wine-base
 
-LABEL maintainer="Sebastian Schmidt"
+ENV DEBIAN_FRONTEND=noninteractive \ 
+    # Path-vars
+    WINEPREFIX=/wine \
+    # Container-settings
+    TIMEZONE=Europe/Berlin
 
-ENV WINEPREFIX=/winedata/WINE64 \
+RUN ln -snf /usr/share/zoneinfo/$TIMEZONE /etc/localtime \
+    && echo $TIMEZONE > /etc/timezone \
+    && dpkg --add-architecture i386 \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests software-properties-common apt-transport-https gnupg2 wget procps winbind xvfb \
+    && mkdir -pm755 /etc/apt/keyrings \
+    && wget --output-document /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key \
+    && wget --timestamping --directory-prefix=/etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/debian/dists/bookworm/winehq-bookworm.sources \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests winehq-stable \
+    && apt-get remove -y --purge software-properties-common apt-transport-https gnupg2 wget \
+    && apt-get clean \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+FROM wine-base AS gameserver
+
+LABEL maintainer="Sebastian Schmidt - https://github.com/jammsen/docker-the-forest-dedicated-server"
+LABEL org.opencontainers.image.authors="Sebastian Schmidt"
+LABEL org.opencontainers.image.source="https://github.com/jammsen/docker-the-forest-dedicated-server"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    # Path-vars
+    GAME_PATH="/theforest" \
+    GAME_SAVEGAME_PATH="/theforest/saves" \
+    GAME_CONFIG_PATH="/theforest/config" \
+    GAME_CONFIGFILE_PATH="/theforest/config/config.cfg" \
+    STEAMCMD_PATH="/home/steam/steamcmd" \
+    WINEDATA_PATH="/winedata" \
+    # Wine/Xvfb-settings
     WINEARCH=win64 \
+    WINEPREFIX="/winedata/WINE64" \
     DISPLAY=:1.0 \
+    # Container-settings
     TIMEZONE=Europe/Berlin \
-    DEBIAN_FRONTEND=noninteractive \
-    PUID=0 \
-    PGID=0 \
-    SERVER_STEAM_ACCOUNT_TOKEN="" \
-    ALWAYS_UPDATE_ON_START=1
-
-VOLUME ["/theforest", "/steamcmd", "/winedata"]
+    PUID=1000 \
+    PGID=1000 \
+    # SteamCMD-settings
+    ALWAYS_UPDATE_ON_START=true \
+    # Gameserver-start-settings-overrides
+    SERVER_STEAM_ACCOUNT_TOKEN="" 
 
-EXPOSE 8766/tcp 8766/udp 27015/tcp 27015/udp 27016/tcp 27016/udp
+VOLUME ["${GAME_PATH}", "${STEAMCMD_PATH}", "${WINEDATA_PATH}"]
 
-RUN dpkg --add-architecture i386 \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends --no-install-suggests lib32gcc-s1 winbind xvfb \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+EXPOSE 8766/udp 27015/udp 27016/udp
 
-COPY ./usr/bin/servermanager.sh /usr/bin/servermanager.sh
-COPY ./usr/bin/steamcmdinstaller.sh /usr/bin/steamcmdinstaller.sh
-COPY server.cfg.example steamcmdinstall.txt /
+COPY --chmod=755 entrypoint.sh /
+COPY --chmod=755 scripts/ /scripts
+COPY --chmod=755 includes/ /includes
+COPY --chmod=644 configs/server.cfg.example /
+COPY --chmod=755 gosu-amd64 /usr/local/bin/gosu
 
 RUN ln -snf /usr/share/zoneinfo/$TIMEZONE /etc/localtime \
-    && echo $TIMEZONE > /etc/timezone \
-    && chmod +x /usr/bin/steamcmdinstaller.sh /usr/bin/servermanager.sh
+    && echo $TIMEZONE > /etc/timezone 
 
-CMD ["servermanager.sh"]
+ENTRYPOINT  ["/entrypoint.sh"]
+CMD ["/scripts/servermanager.sh"]

README.md

@@ -1,6 +1,6 @@
 # Docker - TheForest Dedicated Server
 
-[![Build-Status master](https://github.com/jammsen/docker-the-forest-dedicated-server/blob/master/.github/workflows/docker-build-and-push.yml/badge.svg)](https://github.com/jammsen/docker-the-forest-dedicated-server/blob/master/.github/workflows/docker-build-and-push.yml)
+[![Build-Status master](https://github.com/jammsen/docker-the-forest-dedicated-server/blob/master/.github/workflows/docker-build-and-push-prod.yml/badge.svg)](https://github.com/jammsen/docker-the-forest-dedicated-server/blob/master/.github/workflows/docker-build-and-push-prod.yml)
 ![Docker Pulls](https://img.shields.io/docker/pulls/jammsen/the-forest-dedicated-server)
 ![Docker Stars](https://img.shields.io/docker/stars/jammsen/the-forest-dedicated-server)
 ![Image Size](https://img.shields.io/docker/image-size/jammsen/the-forest-dedicated-server/latest)
@@ -11,59 +11,78 @@
 >
 > **[Join us on Discord](https://discord.gg/7tacb9Q6tj)**
 
-This includes a TheForest Dedicated Server based on Docker with Wine and an example config.
+> [!WARNING]  
+> Update Jan-2025: This Docker-Image had a major refactoring including breaking changes in downwards-compability. This was done for removing dependency of "root" in the image, which caused various SteamCMD, NAS, QNAP, Synology and Portainer problems. Also the Docker-Base-Image was switched and there was better process-handling added to make sure the process exits cleanly, no matter how Docker or the User stops the server.
+>
+> It is recommended to do a fresh install, via the new readme in a fresh directory to understand what changed and work backwards to adapt the changes, or migrate the savegame from the old server to the new one, up to you. If you need help, feel free to join the Discord server and ask in the right channel for the game. 
+
+> [!NOTE]  
+> If you are looking for the Sons of the Forest version, please look here: https://github.com/jammsen/docker-sons-of-the-forest-dedicated-server
+
+## What is included?
+
+This repository includes a TheForest Dedicated Server based on Docker with Wine and an example config.
+
+## Do you need support for this Docker-Image?
 
-## Docker - Sons of the Forest Dedicated Server
-If you are looking for the Sons of the Forest version, please look here: 
-https://github.com/jammsen/docker-sons-of-the-forest-dedicated-server
+- What to do?
+  - Feel free to create a NEW issue
+    - It is okay to "reference" that you might have the same problem as the person in issue #number
+  - Follow the instructions and answer the questions of people who are willing to help you
+  - If your issue is done, close it
+    - I will Inactivity-Close any issue thats not been active for a week
+- What NOT to do?
+  - Dont re-use issues!
+    - You are most likely to chat/spam/harrass thoose participants who didnt agree to be part of your / a new problem and might be totally out of context!
+  - If this happens, i reserve the rights to lock the issue or delete the comments, you have been warned!
 
 ## What you need to run this
-* Basic understanding of Linux and Docker
+* Basic understanding of Docker, Docker Compose, Linux and Networking (Port-Forwarding/NAT)
 
 ## Getting started
 WARNING: If you dont do Step 1 and 2 your server can/will not save!
 1. Create a new game server account over at https://steamcommunity.com/dev/managegameservers (Use AppID: `242760`)
 2. Insert the Login Token into the environment variable via docker-run or docker-compose (at `SERVER_STEAM_ACCOUNT_TOKEN`)
-3. Create 2 directories on your Dockernode (`/srv/tfds/steamcmd` and `/srv/tfds/game`)
-4. Start the container with the following examples:
-
-Bash:
-```console
-docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/tcp -p 8766:8766/udp -p 27015:27015/tcp -p 27015:27015/udp -p 27016:27016/tcp -p 27016:27016/udp -v /srv/tfds/steamcmd:/steamcmd -v /srv/tfds/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest
-or
-docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/tcp -p 8766:8766/udp -p 27015:27015/tcp -p 27015:27015/udp -p 27016:27016/tcp -p 27016:27016/udp -v $(pwd)/theforest/steamcmd:/steamcmd -v $(pwd)/theforest/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest
-```
-Docker-Compose:
+3. Go to the directory you want to host your gameserver on your Dockernode
+4. Create a sub-directory called `game`
+5. Download the [docker-compose.yml](docker-compose.yml) or use the following example
+6. Review the file and setup the settings you like
+7. Setup Port-Forwarding or NAT for the ports in the Docker-Compose file
+8. Start the container via Docker Compose
+9. (Tip: Extended config settings, which are not covered by Docker Compose, can be setup in the config-file of the server - You can find it at `game/config/config.cfg`)
+
+### Docker-Compose - Example
+
 ```yaml
-version: "3.7"
+version: "3.9"
 services:
   the-forest-dedicated-server:
     container_name: the-forest-dedicated-server
     image: jammsen/the-forest-dedicated-server:latest
     restart: always
     environment:
+      PUID: 1000
+      PGID: 1000
+      ALWAYS_UPDATE_ON_START: true
       SERVER_STEAM_ACCOUNT_TOKEN: YOUR_TOKEN_HERE
-      ALWAYS_UPDATE_ON_START: 1
     ports:
-      - 8766:8766/tcp
       - 8766:8766/udp
-      - 27015:27015/tcp
       - 27015:27015/udp
-      - 27016:27016/tcp
       - 27016:27016/udp
     volumes:
-      - ./steamcmd:/steamcmd
       - ./game:/theforest
-      - ./winedata:/winedata
 ```
 
 ## Planned features in the future
-Nothing yet
+
+- Feel free to suggest features in the issues
 
 ## Software used
-* Debian Slim Stable
-* Xvfb
-* Winbind
-* Wine
-* SteamCMD
-* TheForest Dedicated Server
+
+- Debian Stable and SteamCMD via cm2network/steamcmd:root image as base-image
+- gosu
+- procps
+- winbind
+- wine
+- xvfb
+* TheForest Dedicated Server (APP-ID: 556450)

docker-compose.yml

@@ -1,19 +1,17 @@
-version: "3.7"
+version: "3.9"
 services:
   the-forest-dedicated-server:
     container_name: the-forest-dedicated-server
     image: jammsen/the-forest-dedicated-server:latest
     restart: always
     environment:
+      PUID: 1000
+      PGID: 1000
+      ALWAYS_UPDATE_ON_START: true
       SERVER_STEAM_ACCOUNT_TOKEN: YOUR_TOKEN_HERE
     ports:
-      - 8766:8766/tcp
       - 8766:8766/udp
-      - 27015:27015/tcp
       - 27015:27015/udp
-      - 27016:27016/tcp
       - 27016:27016/udp
     volumes:
-      - ./steamcmd:/steamcmd
       - ./game:/theforest
-      - ./winedata:/winedata

docker-run-bash.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+docker run --rm -i -t -p 8766:8766/udp -p 27015:27015/udp -p 27016:27016/udp -v "$(pwd)"/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest bash

docker-run.sh

@@ -1,4 +1,3 @@
 #!/usr/bin/env bash
-
-docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/tcp -p 8766:8766/udp -p 27015:27015/tcp -p 27015:27015/udp -p 27016:27016/tcp -p 27016:27016/udp --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest
-#docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/tcp -p 8766:8766/udp -p 27015:27015/tcp -p 27015:27015/udp -p 27016:27016/tcp -p 27016:27016/udp -v $(pwd)/theforest/steamcmd:/steamcmd -v $(pwd)/theforest/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest
+docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/udp -p 27015:27015/udp -p 27016:27016/udp -v "$(pwd)"/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest
+# docker run --rm -i -t -e 'SERVER_STEAM_ACCOUNT_TOKEN=YOUR_TOKEN_HERE' -p 8766:8766/udp -p 27015:27015/udp -p 27016:27016/udp -v "$(pwd)"/game:/theforest --name the-forest-dedicated-server jammsen/the-forest-dedicated-server:latest

entrypoint.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1091
+# https://stackoverflow.com/questions/27669950/difference-between-euid-and-uid
+
+set -e
+
+APP_USER=steam
+APP_GROUP=steam
+APP_HOME=/home/$APP_USER
+
+source /includes/colors.sh
+
+if [[ "${EUID}" -ne 0 ]]; then
+    ee ">>> This Docker-Container must be run as root! Please adjust how you started the container, to fix this error."
+    exit 1
+fi
+
+if [[ "${PUID}" -eq 0 ]] || [[ "${PGID}" -eq 0 ]]; then
+    ee ">>> Running SOTF as root is not supported, please fix your PUID and PGID!"
+    exit 1
+elif [[ "$(id -u steam)" -ne "${PUID}" ]] || [[ "$(id -g steam)" -ne "${PGID}" ]]; then
+    ew "> Current $APP_USER user PUID is '$(id -u steam)' and PGID is '$(id -g steam)'"
+    ew "> Setting new $APP_USER user PUID to '${PUID}' and PGID to '${PGID}'"
+    groupmod -g "${PGID}" "$APP_GROUP" && usermod -u "${PUID}" -g "${PGID}" "$APP_USER"
+else
+    ew "> Current $APP_USER user PUID is '$(id -u steam)' and PGID is '$(id -g steam)'"
+    ew "> PUID and PGID matching what is requested for user $APP_USER"
+fi
+
+chown -R "$APP_USER":"$APP_GROUP" "$APP_HOME"
+chown -R "$APP_USER":"$APP_GROUP" "$GAME_PATH"
+chown -R "$APP_USER":"$APP_GROUP" "$WINEDATA_PATH"
+
+ew_nn "> id steam: " ; e "$(id steam)"
+
+exec gosu $APP_USER:$APP_GROUP "$@"