After this is complete, you can move to the next section.
Setting up the iptables firewall
Ubuntu comes with a firewall installed and is quite limiting on what it will allow with its default setup. We will configure iptables to allow traffic on select ports to enter and leave the server.
First we need to create a file that contains some rules. This file will allow Minecraft, HTTP, HTTPS and SSH traffic to your server, and will block all other.
We will run this from the command line.
root@server:~# nano /etc/iptables.rules
Next you need to paste this into the editor when, then close and save changes. To close and save changes press ctrl+x then press y, then press enter.
*filter
# Allow loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use the lo0 interface
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accept established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outgoing traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allow Minecraft - default ports
-A INPUT -p tcp --dport 25565 -j ACCEPT
# Allow SSH
# Change the value 22 if you are using a non-standard port
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping requests
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Reject everything else
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Now we need to apply our new ruleset, to do this, run the follow from command line:
Now we make them load each time the server starts, we will do that by editing our interface template file. To do this run the following from command line.
Your file will look something like this, not exactly, but it should be close.
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0
broadcast 127.255.255.255
up ip route replace 127.0.0.0/8 dev lo
If the file is empty, then try to edit this file instead: /etc/network/interfaces
We need to add this line right after iface lo inet loopback.
pre-up iptables-restore < /etc/iptables.rules
The edited file will look something like this:
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
address 127.0.0.1
netmask 255.0.0.0
broadcast 127.255.255.255
up ip route replace 127.0.0.0/8 dev lo
Now we need to reboot and see if the new rules are loaded in on there own.
To reboot your server run the following from command line:
root@server:~# reboot
This will boot you out of the command line, so you will need to log back in once the server is back online. Once you are back at the command line, you can check and see if your ruleset has loaded.
If the output does not look like that, you have a problem and should ask for help.
Create the minecraft User Account
We need an account to run the server software from. It is bad practice to run any third party software as root, this can be a huge security risk. So we will create a user to run the server as.
To create a user, we use the follow command:
root@server:~# adduser minecraft
You will be ask to enter a password, and possibly asked to enter some personal details on the user, you can leave the personal information blank.
Now we need to add the user minecraft to the sudoers list. We will use the visudo command.
Run the following from command line:
root@server:~# visudo
This will open the /etc/sudoers file for editing.
You need to add
minecraft ALL=(ALL) ALL
directly under
root ALL=(ALL) ALL
The end result will look like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
minecraft ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
You can now close the file saving changes.
Now close your current SSH session and open a new one, this time using the username minecraft, with the password you selected.
Once you have logged in type the following at command line:
minecraft@server:~$ sudo whoami
Your results should look like this
minecraft@server:~$ sudo whoami
[sudo] password for minecraft:
root
minecraft@server:~$
If not, you have a problem and should ask for help.
Installing the Minecraft Server
The next steps will actually install your minecraft server. We are using the basic configuration for simplicity of the tutorial.
First we need to make sure we are logged in as the proper user, you command prompt should look something like this:
minecraft@server:~$
Where minecraft is the user are logged in, if the first section is not minecraft, then you need to login as the minecraft user.
If your are logged in as the minecraft user we can continue.
First we need to create a directory the server files will reside in. In the tutorial
I will use
minecraft_server
.
To create the directory and then enter it, run the following from the command line:
minecraft@server:~$ mkdir minecraft_server
minecraft@server:~$ cd minecraft_server
Second, we need to download the server software, we are using the vanilla server software, if you want Bukkit or something else, your on your own.
To download the server, run this from the command line:
There are a few default settings in this file, most are fine and you could just leave the file as is, but read
the file and most of it will make sense. Make the changes then close saving.
The last step is to make yourself an op on your server, to do this, we will open ops.txt.
To open ops.txt run the following from the command line:
minecraft@server:~/minecraft_server$ nano ops.txt
Add your in game name to the file and close, saving changes.
You now have a fully configured server and it is ready to go.
Starting your server in a screen
Screen is a linux utility that allows you to create a sort of window system in a shell environment. This will allow you to keep your server online, without the need to keep the terminal window open.
First thing we will do is create our new screen session, to do this, run the following from the command line:
To close out of the current screen session and leave your server running you will press Ctrl+A release then press d. This will detach the current screen session. You will see something like this when you detach from the screen session:
[detached from 00000.minecraft]
To reattach to the screen session so you can restart the server or do any type of administration, type the following in the command line:
Nice tutorial, I'm sure a number of people will find this useful. I especially like that you include directions for setting up iptables. I do have a few suggestions:
* I thought it was default on Debian and Ubuntu to disallow root access via ssh. You can get the same point by doing it this way:
user@local:~$ ssh server.example.com
user@server's password:
user@server:~$ sudo su
[sudo] password for user:
server:/home/user# whoami
root
* I see no reason to give the minecraft user sudo access, that just opens another potential attack vector. I am of course assuming that your normal user account already has sudo access.
* Your apt-get line is installing stuff that you aren't using as far as I can tell (build-essential), and is missing stuff that you are using that may not be installed by default (iptables, screen).
* I would also mention how to install a basic server with no addons like hey0.
* You don't mention any way to turn the server into a background daemon that starts and stops with the system. I posted a startup script late last night that I have been refining on my Debian Squeeze box for the last few months that makes this whole process nice and easy. For the most part it fits right in with the tutorial, however there are some minor issues. It supports running multiple worlds, so more ports would need to be opened in iptables. The script would also need to be modified to work with the hey0 mod (wouldn't be hard). Feel free to repost anything I posted in that thread if you want to expand on this idea.
Nice tutorial, I'm sure a number of people will find this useful. I especially like that you include directions for setting up iptables. I do have a few suggestions:
* I thought it was default on Debian and Ubuntu to disallow root access via ssh. You can get the same point by doing it this way:
user@local:~$ ssh server.example.com
user@server's password:
user@server:~$ sudo su
[sudo] password for user:
server:/home/user# whoami
root
* I see no reason to give the minecraft user sudo access, that just opens another potential attack vector. I am of course assuming that your normal user account already has sudo access.
* Your apt-get line is installing stuff that you aren't using as far as I can tell (build-essential), and is missing stuff that you are using that may not be installed by default (iptables, screen).
* I would also mention how to install a basic server with no addons like hey0.
* You don't mention any way to turn the server into a background daemon that starts and stops with the system. I posted a startup script late last night that I have been refining on my Debian Squeeze box for the last few months that makes this whole process nice and easy. For the most part it fits right in with the tutorial, however there are some minor issues. It supports running multiple worlds, so more ports would need to be opened in iptables. The script would also need to be modified to work with the hey0 mod (wouldn't be hard). Feel free to repost anything I posted in that thread if you want to expand on this idea.
I think your looking at a debian install for a desktop version, server versions do not create any user level accounts (and thus must allow root access from ssh), and all server versions, or almost all, come with iptables installed. There is a chance that screen could not be installed so I'll add that.
Installing build-essentials is really there just to stop future questions, when people try to install something like pigmap, they would either go asking the developers there, or someone here for help as to why it doesn't work. Its also something I always do, I never really thought about it.
I was initially going to write into the tutorial, how to disable root login via ssh, but left it our for simplicity, thats why I gave the minecraft user sudo rights. It also lets you do things you might need to do as root, without logging in as root. So less handling of the root password.
I assume no one really runs a completely default server, and would just result in people asking how to install hMod, so I just installed hMod by default.
I think your looking at a debian install for a desktop version, server versions do not create any user level accounts (and thus must allow root access from ssh), and all server versions, or almost all, come with iptables installed. There is a chance that screen could not be installed so I'll add that.
You got me, it has been a long time since I built my Debian box, and I did have to create a user account with sudo access at that time. I guess what I'm trying to get at is I think that the server process should be run in a different account that does not have sudo access.
Quote from benphelps »
Installing build-essentials is really there just to stop future questions, when people try to install something like pigmap, they would either go asking the developers there, or someone here for help as to why it doesn't work. Its also something I always do, I never really thought about it.
True, no harm installing it. It is essential (as it's name obviously suggests) for building software, like c10t that I use in my script. In fact, I'm not sure why I even brought that up.
Quote from benphelps »
I assume no one really runs a completely default server, and would just result in people asking how to install hMod, so I just installed hMod by default.
I prefer to run a default server, there are less issues to deal with when Notch patches. Some of the features that these mods have would be nice to have. Here's hoping that we see them implemented in the default server, or get some kind of SDK to allow these mods to have a more stable interface to work with.
I tried following these instructions, but when I paste in what you have for iptables.rules and then run
iptables-restore < /etc/iptables.rules
I get the error:
iptables-restore v1.4.4: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I can get rid of this error by removing all the blank lines in iptables.rules, but then when I get down to the part where I am looking at interfaces.template, there is nothing there. So I paste in the things you say are supposed to be there, as well as the new thing.
When I then do the reboot, my server then becomes completely unresposive; I can no longer ssh in to it; I've done this 3 times now and had to reinstall Ubuntu each time to get it to properly boot.
I tried following these instructions, but when I paste in what you have for iptables.rules and then run
iptables-restore < /etc/iptables.rules
I get the error:
iptables-restore v1.4.4: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I can get rid of this error by removing all the blank lines in iptables.rules, but then when I get down to the part where I am looking at interfaces.template, there is nothing there. So I paste in the things you say are supposed to be there, as well as the new thing.
When I then do the reboot, my server then becomes completely unresposive; I can no longer ssh in to it; I've done this 3 times now and had to reinstall Ubuntu each time to get it to properly boot.
Any help would be appreciated! Thanks!
Try making changes to "/etc/network/interfaces" instead, that file should exist.
This tutorial will teach you how to setup a dedicated minecraft server on a Ubuntu Server installation.
Before we start you will need an SSH client. Use google to find one of those, there are plenty of tutorials on how to use PuTTY or SSH.
Once you have this you can continue to the next steps.
Connecting to your Server
You will use your SSH client to connect to your server, in this tutorial I will be giving all examples as if you used ssh from the command line.
To connect to your server you will need its IP address or hostname. This can be found in your hosting providers control panel in most cases.
We connect to the server like this:
You will be prompted to enter the password for the root user, this should also be found or set in your hosting control panel.
Once you are logged inn you should be at a command prompt, it will look like this:
This is where everything will happen. Once you are at this point, you can continue to the next section.
Installing tools and updating
This will install everything you will need to run your server, other than the server its self.
From command line, run this command:
After this is complete, you can move to the next section.
Setting up the iptables firewall
Ubuntu comes with a firewall installed and is quite limiting on what it will allow with its default setup. We will configure iptables to allow traffic on select ports to enter and leave the server.
First we need to create a file that contains some rules. This file will allow Minecraft, HTTP, HTTPS and SSH traffic to your server, and will block all other.
We will run this from the command line.
Next you need to paste this into the editor when, then close and save changes. To close and save changes press ctrl+x then press y, then press enter.
Now we need to apply our new ruleset, to do this, run the follow from command line:
Next we are going to save our ruleset so if we restart the server for what ever reason, we can have it load on its own.
Now we make them load each time the server starts, we will do that by editing our interface template file. To do this run the following from command line.
Your file will look something like this, not exactly, but it should be close.
If the file is empty, then try to edit this file instead: /etc/network/interfaces
We need to add this line right after iface lo inet loopback.
The edited file will look something like this:
Now we need to reboot and see if the new rules are loaded in on there own.
To reboot your server run the following from command line:
This will boot you out of the command line, so you will need to log back in once the server is back online. Once you are back at the command line, you can check and see if your ruleset has loaded.
Run this from command line:
the output should look like this:
If the output does not look like that, you have a problem and should ask for help.
Create the minecraft User Account
We need an account to run the server software from. It is bad practice to run any third party software as root, this can be a huge security risk. So we will create a user to run the server as.
To create a user, we use the follow command:
You will be ask to enter a password, and possibly asked to enter some personal details on the user, you can leave the personal information blank.
Now we need to add the user minecraft to the sudoers list. We will use the
visudo command.
Run the following from command line:
This will open the /etc/sudoers file for editing.
You need to add
directly under
The end result will look like this:
You can now close the file saving changes.
Now close your current SSH session and open a new one, this time using the username minecraft, with the password you selected.
Once you have logged in type the following at command line:
Your results should look like this
If not, you have a problem and should ask for help.
Installing the Minecraft Server
The next steps will actually install your minecraft server. We are using the basic configuration for simplicity of the tutorial.
First we need to make sure we are logged in as the proper user, you command prompt should look something like this:
Where minecraft is the user are logged in, if the first section is not minecraft, then you need to login as the minecraft user.
If your are logged in as the minecraft user we can continue.
First we need to create a directory the server files will reside in. In the tutorial
I will use .
To create the directory and then enter it, run the following from the command line:
Second, we need to download the server software, we are using the vanilla server software, if you want Bukkit or something else, your on your own.
To download the server, run this from the command line:
You will see something like this:
Now we need to start the server for the first time, this will generate configuration files that you can then edit.
To start your server run the following from command line:
Once you see the following, you can the close out of the server:
To close out of the server type "stop" into the command line and press enter.
Now you can configure your server. To do this we will open the `server.properties` file that was just created.
To open the file run the following from the command line:
There are a few default settings in this file, most are fine and you could just leave the file as is, but read
the file and most of it will make sense. Make the changes then close saving.
The last step is to make yourself an op on your server, to do this, we will open ops.txt.
To open ops.txt run the following from the command line:
Add your in game name to the file and close, saving changes.
You now have a fully configured server and it is ready to go.
Starting your server in a screen
Screen is a linux utility that allows you to create a sort of window system in a shell environment. This will allow you to keep your server online, without the need to keep the terminal window open.
First thing we will do is create our new screen session, to do this, run the following from the command line:
You terminal window will be cleared and it might look a tiny bit different, but it works the same.
Next step is to start the server, to do that, we will use the same method as before:
To close out of the current screen session and leave your server running you will press Ctrl+A release then press d. This will detach the current screen session. You will see something like this when you detach from the screen session:
To reattach to the screen session so you can restart the server or do any type of administration, type the following in the command line:
You now have your server running and should be able to connect to it by placing your server IP in the multiplayer server field in Minecraft.
This is a very minimal setup, and doesn't touch installing custom server mods. This is meant to be just a base to get your server online.
If you find any errors in this tutorial, whether it be technical, spelling, or grammar please tell me.
If you would like to have this and much much more done, I offer this as a service, you can check that out here: viewtopic.php?f=1027&t=130277
On Topic - Good job. Looks well constructed.
Mod edit: removed reference to a post that's no longer there.
* I thought it was default on Debian and Ubuntu to disallow root access via ssh. You can get the same point by doing it this way:
* I see no reason to give the minecraft user sudo access, that just opens another potential attack vector. I am of course assuming that your normal user account already has sudo access.
* Your apt-get line is installing stuff that you aren't using as far as I can tell (build-essential), and is missing stuff that you are using that may not be installed by default (iptables, screen).
* I would also mention how to install a basic server with no addons like hey0.
* You don't mention any way to turn the server into a background daemon that starts and stops with the system. I posted a startup script late last night that I have been refining on my Debian Squeeze box for the last few months that makes this whole process nice and easy. For the most part it fits right in with the tutorial, however there are some minor issues. It supports running multiple worlds, so more ports would need to be opened in iptables. The script would also need to be modified to work with the hey0 mod (wouldn't be hard). Feel free to repost anything I posted in that thread if you want to expand on this idea.
I think your looking at a debian install for a desktop version, server versions do not create any user level accounts (and thus must allow root access from ssh), and all server versions, or almost all, come with iptables installed. There is a chance that screen could not be installed so I'll add that.
Installing build-essentials is really there just to stop future questions, when people try to install something like pigmap, they would either go asking the developers there, or someone here for help as to why it doesn't work. Its also something I always do, I never really thought about it.
I was initially going to write into the tutorial, how to disable root login via ssh, but left it our for simplicity, thats why I gave the minecraft user sudo rights. It also lets you do things you might need to do as root, without logging in as root. So less handling of the root password.
I assume no one really runs a completely default server, and would just result in people asking how to install hMod, so I just installed hMod by default.
You got me, it has been a long time since I built my Debian box, and I did have to create a user account with sudo access at that time. I guess what I'm trying to get at is I think that the server process should be run in a different account that does not have sudo access.
True, no harm installing it. It is essential (as it's name obviously suggests) for building software, like c10t that I use in my script. In fact, I'm not sure why I even brought that up.
I prefer to run a default server, there are less issues to deal with when Notch patches. Some of the features that these mods have would be nice to have. Here's hoping that we see them implemented in the default server, or get some kind of SDK to allow these mods to have a more stable interface to work with.
I tried following these instructions, but when I paste in what you have for iptables.rules and then run
iptables-restore < /etc/iptables.rules
I get the error:
iptables-restore v1.4.4: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I can get rid of this error by removing all the blank lines in iptables.rules, but then when I get down to the part where I am looking at interfaces.template, there is nothing there. So I paste in the things you say are supposed to be there, as well as the new thing.
When I then do the reboot, my server then becomes completely unresposive; I can no longer ssh in to it; I've done this 3 times now and had to reinstall Ubuntu each time to get it to properly boot.
Any help would be appreciated! Thanks!
That would be a very bad idea. So bad, I'm not even going to tell you how. Just don't do that. Ever.
Try making changes to "/etc/network/interfaces" instead, that file should exist.