Setting up a New Node - johnkeates/PufferPanel GitHub Wiki

WARNING: This wiki page is not written for versions of PufferPanel prior to 0.6.0-beta. Please do not follow these instructions for installing previous versions. Please use this older wiki-page version to install PufferPanel versions < 0.6.0-beta.

  1. Download all of the files from the Github repo, preferably from the releases section.
  2. Upload the contents of the scripts directory into /srv/scripts/. Create /srv/servers/, /srv/gsd/, and /srv/modpacks/. Ensure the mod packs directory is writable by PHP (0755).
  3. Ensure the dependencies are RSSH are set up correctly.
  4. Create an A record pointing to the IP of the server using the node name in the record. (e.g. node1.example.com)

Dependencies

  • curl
  • openssl
  • git
  • rssh
    • RSSH prevents users from being able to connect to SSH on the server, but still allows them access via SFTP.
  • cpulimit
    • Follow the instructions located here for installing. Do not use a package manager to install.
  • quota
    • This dependency is required in order to limit the amount of space that each user has on the server. A soft limit is enacted with the amount of space they are assigned, and a hard limit is assigned with 1GB more than assigned.
  • gcc & make (or install something similar to yum install "Development Tools"
  • nodejs

SSH User

PufferPanel connects to the node and executes command via SSH. In order for this to work you will need to create a SSH user that has sudo permissions. PufferPanel will not accept the root user.

[root@server]$ useradd some_username

[root@server]$ passwd some_username

For security reasons please enter a strong password, over 20 characters long, mixed case. You will not need to write this down or remember it as the panel does not use it, so make it as complex as possible.

In order to use this account with PufferPanel you will need to generate a RSA key-pair. To do this, execute the commands below on your master server, not the node, paying close attention to the naming.

[root@server]$ ssh-keygen -t rsa

You will then be asked where you want to save the file.

Enter file in which to save the key (/home/root/.ssh/id_rsa):

For this, enter /var/www/.ssh/id_rsa_nodeNameHere, and we suggest naming the file after the node so you can keep up with multiple keys. e.g id_rsa_nodeNameHere.

To increase security enter a pass-phrase to secure the key, PufferPanel will still work if you use a pass-phrase, and it is highly suggested.

After creating the key, generate a .pem file for the private key, which the panel will use to connect with by running openssl rsa -in /var/www/.ssh/id_rsa_nodeNameHere -outform pem > /var/www/.ssh/id_rsa_nodeNameHere.pem

Once that is done you will need to copy the public key into the authoried_keys file on the node. This can be done by executing ssh-copy-id [email protected] on the master server and then entering the details for the node the key is for. If you would like to increase security for all root accounts, you can Google instructions for disabling password based SSH logins, but that is beyond the scope of this guide.

On some systems you may need to fix permissions on the folder and internal files. Because php needs to be able to read these files you will need to grant the following permissions:

chmod 0777 /var/www/.ssh chmod 0644 /var/www/.ssh/*

After doing this execute the visudo command to edit the sudoers file. You will need to add the following line to the file in the correct location, usually under the line for the root user.

some_username ALL=(ALL) NOPASSWD: ALL

RSSH Setup

  1. Create a usergroup for the RSSH users: groupadd rsshusers
  2. Edit the SSHD configuration at /etc/ssh/sshd_config to have the following lines:

Change Subsystem sftp /usr/libexec/openssh/sftp-server to Subsystem sftp internal-sftp

Add this block at the bottom:

Match Group rsshusers
 ChrootDirectory /srv/servers/%u
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp
  1. The default action for rssh to lock down everything. To grant access sftp open the RSSH file (/etc/rssh.conf) and append or uncomment allowsftp.
  2. The final step is to restart SSHD: [root@vpn ~]# service sshd restart.

Using GSD

GSD is the daemon we use to control servers.

cd /srv/ && git clone https://github.com/gametainers/gsd.git

This will download all of the files necessary and place them into the correct directory.

cd /srv/gsd
npm install
npm start

cpulimit

Download cpulimit by executing the command:

[root@server]$ git clone https://github.com/DaneEveritt/cpulimit.git

After doing this, enter the folder and enter gmake.

After it completes, enter the following command to make it a bash prompt:

[root@server]$ cp cpulimit /usr/bin

Path Information

  • /srv/servers/ should contain each users server files on the node. They will be stored in /srv/servers/%u/server/. Ensure that it exists – the provided scripts will create each user and their files automatically. This directory will contain all of the files PufferPanel uses for management. Please ensure that this path exists, and then upload all of the files inside the scripts folder of the download into it. After doing so, run the following command on the directory: cd /srv/scripts && chmod +x *.