-
Notifications
You must be signed in to change notification settings - Fork 0
Operating the server
This page guides you through the setup and describes how to run the server as a systemd daemon.
All configuration is done in this file: server/config.py
-
ip: Enter an IP address or a domain name here. To bind the listening socket to all interfaces (INADDR_ANY), assign an empty string. -
port: Just an ordinary port number.
After specifying IP and port, the server is ready to be run in a network.
-
game_timeout(seconds): A timeout for inactive game sessions and for starting sessions. After the specified time has passed without any activity, the session is terminated. The timeout also applies to sessions that have not yet started and are still waiting for clients to join. -
log_*: These entries control the amount of logging. Logging server errors (log_server_errors) is recommended. -
request_size_max(bytes): This option limits the amount of data a client can send in a single request. The connection is closed, if the limit is exceeded. Pick a higher value if required by a new game.
According to the docs: A malicious JSON string may cause the decoder to consume considerable CPU and memory resources. Limiting the size of data to be parsed is recommended. -
tls_cert,tls_key: Certificate and private key for TLS. The certificate must be in PEM format. Enabled TLS is indicated by a log message on server startup. Clients must also enable TLS to be able to connect.
TLS is enabled if both a certificate (in PEM format) and a private key are specified in the config file. The key must not be encrypted. Enabled TLS is indicated by a log message on server startup.
A self-signed certificate can be generated for testing and development purposes:
openssl req -x509 -newkey ed25519 -keyout key.pem -out cert.pem \
-sha256 -days 3650 -noenc -subj '/CN=localhost'
Replace localhost with the name of your server.
The client must also enable TLS by calling function GameServerAPI.enable_tls(cert=''). Calling this function enables TLS encryption. By providing the certificate, identity verification of the server is performed in addition to encryption.
An easy and reliable way of operating the server is to run it as a systemd service. You can use the provided unit file (gameserver.service). Copy it to /etc/systemd/system/. Then edit entries ExecStart= and BindReadOnlyPaths= depending on where you cloned the repository. Make sure that the server program is executable.
You can create an unprivileged user to run the service. Make sure to update User= and Group= accordingly.
Then reload the daemon and enable the service:
sudo systemctl daemon-reload
sudo systemctl enable gameserver
The unit file defines a very restrictive configuration. Currently, the server does not require any write permissions. If a future game should need to write to disk, a directory can be specified using the BindPaths= directive. You could also replace BindReadOnlyPaths= with BindPaths=.