Can the guide for external hosting service be updated?
Slddev opened this issue ยท 9 comments
Feature Description:
Update the guide for the external hosting service so it could be easier to understand?
Additional context:
It is currently very confusing. Maybe explain it more?
@Cobbert thanks for the comprehensive update ๐๐ I'll close this off, but its easy to comment/reopen if needed. Cheers! ๐
@Slddev are there specific portions that are the worst for you yourself? We can start discussing and updating 'here'
This page assumes the following
- You are reasonably experienced with the standalone web server you are using (apache2, Nginx, ISS)
- You have the standalone web server and Minecraft Server running on the same machine preferably
- Your Web Server supports PHP. (Only needed for web-to-Minecraft chat)
- If you are on Linux, you should know how to use the terminal and chmod.
STEP 1
Comment out the following in your configuration.txt to fully disable the internal update component
- class: org.dynmap.InternalClientUpdateComponent
sendhealth: true
sendposition: true
allowwebchat: true
webchat-interval: 5
hidewebchatip: false
trustclientname: false
includehiddenplayers: false
# (optional) if true, color codes in player display names are used
use-name-colors: false
# (optional) if true, player login IDs will be used for web chat when their IPs match
use-player-login-ip: true
# (optional) if use-player-login-ip is true, setting this to true will cause chat messages not matching a known player IP to be ignored
require-player-login-ip: false
# (optional) block player login IDs that are banned from chatting
block-banned-player-chat: true
# Require login for web-to-server chat (requires login-enabled: true)
webchat-requires-login: false
# If set to true, users must have dynmap.webchat permission in order to chat
webchat-permissions: false
# Limit length of single chat messages
chatlengthlimit: 256
# # Optional - make players hidden when they are inside/underground/in shadows (#=light level: 0=full shadow,15=sky)
# hideifshadow: 4
# # Optional - make player hidden when they are under cover (#=sky light level,0=underground,15=open to sky)
# hideifundercover: 14
# # (Optional) if true, players that are crouching/sneaking will be hidden
hideifsneaking: false
# If true, player positions/status is protected (login with ID with dynmap.playermarkers.seeall permission required for info other than self)
protected-player-info: false
# If true, hide players with invisibility potion effects active
hide-if-invisiblity-potion: true
# If true, player names are not shown on map, chat, list
hidenames: false
Then remove the comments (#'s) from the following, plus any additional options you may want to enable for the external updater component, do not uncomment the comments, these will have two #'s in front of the configuration line. These lines are only to explain the option and will most likely break your config if they are uncommented.
#- class: org.dynmap.JsonFileClientUpdateComponent
# writeinterval: 1
# sendhealth: true
# sendposition: true
# allowwebchat: true
# webchat-interval: 5
# hidewebchatip: false
# includehiddenplayers: false
# use-name-colors: false
# use-player-login-ip: false
# require-player-login-ip: false
# block-banned-player-chat: true
# hideifshadow: 0
# hideifundercover: 0
# hideifsneaking: false
# # Require login for web-to-server chat (requires login-enabled: true)
# webchat-requires-login: false
# # If set to true, users must have dynmap.webchat permission in order to chat
# webchat-permissions: false
# # Limit length of single chat messages
# chatlengthlimit: 256
# hide-if-invisiblity-potion: true
# hidenames: false
These two steps will disable the internal updater component used by dynmaps and enable it to use the external updater component.
This change will write to the file standalone/dynmap_world.json in your web-path at an interval that is specified with writeinterval.
STEP 2
Now copy the directory dynmap/web to a dynmap directory on your web server, alternatively place the files directly in the root directory if you do not want to have a sub-directory in your url or you are using a sub-domain for your map only. Just be sure that your directory path in the next step matches the path you use here!
STEP 3
Next you need to change configuration.txt again so that it points both tilespath and webpath to the directories where you placed the web-files. This is so dynmap mod knows where the files are on your server, the paths will be where you placed your files in step 2.
On linux it would look something like this /var/web/html/dynmap/web/tiles if using a single site setup under apache2.
Linux based systems (ubuntu,cent os,redhat,Debian,openSUSE)
# The path where the tile-files are placed.
tilespath: /path/to/web/server/dynmap/web/tiles
# The path where the web-files are located.
webpath: /path/to/web/server/dynmap/web
Windows servers if you have one for some reason. โ ๏ธ
# The path where the tile-files are placed.
tilespath: c:\\path\\to\\web\\server\\dynmap\\web\\tiles
# The path where the web-files are located.
webpath: c:\\path\\to\\web\\server\\dynmap\\web
STEP 4
Now restart your Minecraft server, Join your Minecraft server and place a few blocks (randomly) to trigger dynmap to generate tiles for your map.
You can also type dynmap fullrender world in your server console to render the whole world with the name world.
STEP 5
Now refresh your browser, It should now display online players on http://mywebserver/dynmap/, keeping them up-to-date.
For troubleshooting, I am not sure what files need to read or write where since it has been a while since I have done this type of setup, but I have wrote up a few things about permissions that should apply to the situation.
troublshooting
In Linux, if web-to-mc-chat does not work, you also need to chmod the 'standalone' folder to 775 or 777:
$ chmod -R 775 standalone
(Less Secure as it opens files to be edited/executed by any user.)
permissions 775
symbolic | rwxrwxr-x
user | read, write and execute
group | read, write and execute
others | read and execute
Alternatively add the user running your minecraft server to the web server group, this will allow the minecraft servers user to edit the files owned by the web server as long as your permissions and groups are correctly setup.
Ideally you would want a minecraft user and your web user normally something like www-data or apache depending on your OS, then you can add them to each others groups to be able to edit each others files based on the given permissions of your files.
chmod -R 775 opens the files to be read and excitable by any user on the system.
chmod -R 777 opens the files to be read, edit, and executed by any user on the system and is a security risk if the server is compromised.
I'dd recommend
chmod -R 770 opens the files to be read, edit, and executed by the owner and the group of the files only and will not allow any others to view the files.
chmod -R 774 will allow anyone to read it but only owners and group members to read,edit,execute
774
symbolic | rwxrwxr--
user | read, write and execute
group | read, write and execute
others | read
770
symbolic | rwxrwx---
user | read, write and execute
group | read, write and execute
others | no permission
In my opinion you should only allow the users that need access to the files in questions, but this is just extra stuff really and it may need a bit more tweaking if there are strange requirements for read/write.
I will go through the process of swapping over on my dev server and will post any updates I have according to the permissions or anything else really.
Also, hopefully my formatting is OK enough, I have had a long day and ran through this somewhat quick, I will refine it in the coming days if needed.
also for the more advanced users, you can always use letsencrypt for a free SSL cert!
https://letsencrypt.org/
It takes a bit more setup in apache2 or whatever your given server is, but there are more then enough tuts out there for it so I will just leave it at that.
Security is always your friend! Encrypt it all, even if you don't think you need to.
You can also just do what I do and run the server at port 8123 over a VPN, behind a firewall, to your web box and proxy it through the web server as an ssl enabled site. Then the site is hosted through a system that is separated from the minecraft server 100%.
More advanced setup for sure though. :P
I read through the document in question and as someone who has good experience behind a Linux terminal, I can say that I would have no issues following the guide as is.
One thing that I would suggest being edited is maybe the very first part, specify that the configuration needed to be changed is in the main configuration.txt file? I know its very simple but some people may just go "well where is that even at?"
That and maybe just some simple formatting of clear steps, other then that, I don't really see any issues with it to simply setup an external site without any ssl and stuff like that.
Not sure if you should be hosting on an external server if you can't follow that simple set of instructions to be honest, hopefully you know basic server hardening and bash before entering into hosting a website publicly accessible on the net. :)
Just my two cents and suggestions all in one.
suggestions and tips always welcome.
Yup - anything that adds clarity is good. Good perspective that a experianced linux user can read it fine .... as a non-linux scripter I can see there are assumptions here and there that catch people, and it can be hard to see what could be confusing and if a certain experiance level is needed before attempting (yes, following instructions as written included).
feel free to link to pages and quote / addapt things here. I'll keep this open - I haven't looked at the page recently myself, and any direct wording helps find and replace easier.
@Cobbert I updated the page using your input and some of my own, what do you think of it now?
@Cobbert I updated the page using your input and some of my own, what do you think of it now?
I think it looks a lot better, I only did a quick look but Ill do a good read when I have more time. Only note is maybe add a note about the permissions possibly opening security issues. Somewhere by the part that says only use other perms if you know what you are doing.
Edit: File permissions are very important if you don't want to make escalation more simple. Lots of DGs out there popping and escalating to root. One bad config and you are now a bot in a botnet. :) Mining that crypto for baddies and blasting packets is a no go. :)
Quick glance looks much more simple for normies to get it going.
PS. Saw you removed my part about windows sucking. ;)