From ab1897b829b4ab62b09a8b18328f247c4a524191 Mon Sep 17 00:00:00 2001 From: cuqmbr Date: Wed, 4 Jun 2025 01:06:40 +0300 Subject: [PATCH] add docker container secret management via env --- Dockerfile | 11 ++++++++++- src/forwarding.secret | 2 +- src/velocity.toml | 28 +++++++++++++--------------- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index d33cca9..5ce3ed5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,9 +16,18 @@ VOLUME ${DATA_PATH} ENV MEMORY=4G +ENV PROXY_SECRET=change_me +ENV SERVERS=lobby="lobby:25565";survival="survival:25565" +ENV TRY=lobby;survival WORKDIR ${WORKDIR_PATH}/config EXPOSE 25565/tcp -CMD java -Xms${MEMORY} -Xmx${MEMORY} -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar *.jar +# TODO: Make awk commands sapn multiple lines +# TODO: Use one call to awk to perform substitutions +CMD \ + sed -i "s/_PROXY_SECRET_/${PROXY_SECRET}/g" forwarding.secret && \ + awk -v servers_str="${SERVERS}" '{ count=split(servers_str,servers_arr,";"); servers_fmt_str = ""; for (i = 1; i <= count; i++) servers_fmt_str = servers_fmt_str servers_arr[i] "\n"; sub(/_SERVERS_/,servers_fmt_str); print }' velocity.toml > velocity.toml.tmp && mv -T -f velocity.toml.tmp velocity.toml &&\ + awk -v try_str="${TRY}" '{ count=split(try_str,try_arr,";"); try_fmt_str = ""; for (i = 1; i <= count; i++) try_fmt_str = try_fmt_str "\"" try_arr[i] "\"" ",\n "; sub(/_TRY_/,try_fmt_str); print }' velocity.toml > velocity.toml.tmp && mv -T -f velocity.toml.tmp velocity.toml && \ + java -Xms${MEMORY} -Xmx${MEMORY} -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar *.jar diff --git a/src/forwarding.secret b/src/forwarding.secret index 329f8df..ba0206a 100644 --- a/src/forwarding.secret +++ b/src/forwarding.secret @@ -1 +1 @@ -${PROXY_FORWARDING_SECRET} +_PROXY_SECRET_ diff --git a/src/velocity.toml b/src/velocity.toml index 4d71e58..a0b8732 100644 --- a/src/velocity.toml +++ b/src/velocity.toml @@ -13,7 +13,7 @@ motd = "<#09add3>A Velocity Server" show-max-players = 500 # Should we authenticate players with Mojang? By default, this is on. -online-mode = true +online-mode = false # Should the proxy enforce the new public key security standard? By default, this is on. force-key-authentication = true @@ -34,7 +34,7 @@ prevent-client-proxy-connections = false # unable to implement network level firewalling (on a shared host). # - "modern": Forward player IPs and UUIDs as part of the login process using # Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher. -player-info-forwarding-mode = "NONE" +player-info-forwarding-mode = "modern" # If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here. # The file is expected to be UTF-8 encoded and not empty. @@ -77,26 +77,24 @@ enable-player-address-logging = true [servers] # Configure your servers here. Each key represents the server's name, and the value # represents the IP address of the server to connect to. -lobby = "127.0.0.1:30066" -factions = "127.0.0.1:30067" -minigames = "127.0.0.1:30068" +_SERVERS_ # In what order we should try servers when a player logs in or is kicked from a server. try = [ - "lobby" + _TRY_ ] [forced-hosts] # Configure your forced hosts here. -"lobby.example.com" = [ - "lobby" -] -"factions.example.com" = [ - "factions" -] -"minigames.example.com" = [ - "minigames" -] +# "lobby.example.com" = [ +# "lobby" +# ] +# "factions.example.com" = [ +# "factions" +# ] +# "minigames.example.com" = [ +# "minigames" +# ] [advanced] # How large a Minecraft packet has to be before we compress it. Setting this to zero will