Update mc-server & Add docker registry

karylab-entrance/docker-registry.yml

@@ -0,0 +1,164 @@
+version: '3.8'
+
+services:
+  # 1. Docker 私有映像倉庫 - 存儲自訂編譯的容器映像
+  registry:
+    image: registry:2
+    container_name: docker-registry
+    restart: always
+    ports:
+      - "5700:5000"
+    environment:
+      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
+      REGISTRY_HTTP_RELATIVEURLS: 'true'
+      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
+    volumes:
+      - /mnt/data/External/docker_registry/registry_data:/var/lib/registry
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5000/v2/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+  # 2. Registry 管理界面 - Web UI，方便查看和管理存儲的映像
+  registry-ui:
+    image: joxit/docker-registry-ui:latest
+    container_name: docker-registry-ui
+    restart: always
+    ports:
+      - "5600:80"
+    environment:
+      REGISTRY_TITLE: "Docker Registry"
+      REGISTRY_URL: "http://registry:5000"
+      REGISTRY_SECURED: 'false'
+      REGISTRY_USERNAME: "admin"
+      REGISTRY_PASSWORD: "change_me"
+      DELETE_IMAGES: 'true'
+      SHOW_CATALOG_NB_TAGS: 'true'
+      NGINX_PROXY_PASS_URL: 'http://registry:5000'
+    depends_on:
+      registry:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  # 3. Docker Hub 鏡像加速 - 緩存 Docker Hub 映像，加速拉取速度
+  registry-mirror:
+    image: registry:2
+    container_name: docker-registry-mirror
+    restart: always
+    ports:
+      - "5500:5000"
+    environment:
+      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
+      REGISTRY_PROXY_REMOTEURL: "https://registry-1.docker.io"
+      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
+    volumes:
+      - /mnt/data/External/docker_registry/mirror_data:/var/lib/registry
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5000/v2/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+  # 4. Docker 編譯伺服器 - Docker-in-Docker，隔離編譯環境
+  build-server:
+    image: docker:dind
+    container_name: docker-build-server
+    restart: always
+    environment:
+      DOCKER_HOST: unix:///var/run/docker.sock
+      DOCKER_DRIVER: overlay2
+      # 自動清理策略
+      DOCKER_BUILDKIT: 1
+    volumes:
+      - build_cache:/var/lib/docker
+    privileged: true
+    networks:
+      - docker-registry-network
+    healthcheck:
+      test: ["CMD", "docker", "ps"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+  # 5. Drone CI 伺服器 - 自動化編譯平台，支持 Git Webhook 觸發編譯和推送
+  drone-server:
+    image: drone/drone:latest
+    container_name: drone-server
+    restart: always
+    ports:
+      - "5400:80"
+    environment:
+      DRONE_SERVER_HOST: localhost:5400
+      DRONE_SERVER_PROTO: http
+      DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET}
+      # Git 平台配置（根據你使用的平台選擇）
+      # GitHub 配置
+      # DRONE_GITHUB_CLIENT_ID: "your-github-client-id"
+      # DRONE_GITHUB_CLIENT_SECRET: "your-github-secret"
+      # GitLab 配置
+      # DRONE_GITLAB_SERVER: https://gitlab.example.com
+      # DRONE_GITLAB_CLIENT_ID: "your-gitlab-client-id"
+      # DRONE_GITLAB_CLIENT_SECRET: "your-gitlab-secret"
+      # Gitea 配置
+      # DRONE_GITEA_SERVER: http://gitea.example.com
+      # DRONE_GITEA_CLIENT_ID: "your-gitea-client-id"
+      # DRONE_GITEA_CLIENT_SECRET: "your-gitea-secret"
+      # 初始管理員
+      DRONE_USER_CREATE: "username:admin,admin:true"
+    volumes:
+      - drone_data:/data
+    networks:
+      - docker-registry-network
+    depends_on:
+      - registry
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/api/version"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+  # 6. Drone Runner - Docker 執行器，使用 DinD 編譯並自動清理
+  drone-runner:
+    image: drone/drone-runner-docker:latest
+    container_name: drone-runner-docker
+    restart: always
+    environment:
+      # 連接到 Drone Server
+      DRONE_RPC_HOST: drone-server
+      DRONE_RPC_PROTO: http
+      DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET}
+      # 執行器配置
+      DRONE_RUNNER_CAPACITY: 2
+      DRONE_RUNNER_NAME: "docker-runner-01"
+      # 使用獨立的 DinD 連接
+      DRONE_DOCKER_HOST: tcp://build-server:2375
+      # 自動清理配置
+      DRONE_CLEANUP: "true"
+      # 編譯完後自動刪除容器
+      DRONE_DOCKER_PURGE: "true"
+      DRONE_UI_USERNAME: admin
+      DRONE_UI_PASSWORD: admin
+    networks:
+      - docker-registry-network
+    depends_on:
+      - drone-server
+      - build-server
+
+volumes:
+  # 編譯緩存（DinD 層緩存）
+  build_cache:
+  # Drone CI 配置和數據
+  drone_data:
+
+networks:
+  docker-registry-network:
+    driver: bridge

karylab-entrance/vpn-ddns.yml

@@ -0,0 +1,11 @@
+services:
+  vpn-ddns:
+    image: oznu/cloudflare-ddns:latest
+    container_name: vpn-ddns
+    restart: unless-stopped
+    environment:
+      - API_KEY=${API_KEY}
+      - ZONE=karylab.uk
+      - SUBDOMAIN=vpn
+      - PROXIED=false
+      - RRTYPE=A

karylab-minecraft/master/fabric-proxy-example.toml

@@ -0,0 +1,7 @@
+# 啟用 Velocity 支援
+hackEarlySend = false
+hackMessageChain = false
+hackOfflinePlayersUuid = true
+
+# 重要！複製 Velocity 的 secret
+secret = "ymQ8CZfTMx8z"  # 從 Velocity 的 forwarding.secret 複製

karylab-minecraft/master/minecraft-master.yml

@@ -10,7 +10,7 @@ services:
       - TZ=Asia/Taipei
     ports:
       - "8000:8443"  # 管理介面
-      - "1110:11100" # Minecraft Velocity 代理
+      - "1110:25555" # Velocity 代理端口
     volumes:
       - /docker/minecraft/crafty/backups:/crafty/backups
       - /docker/minecraft/crafty/logs:/crafty/logs
@@ -68,7 +68,7 @@ services:
         reservations:
           memory: 256M
 
-  # 3. 即時日誌瀏覽器 (Dozzle) - 非常推薦，看報錯超方便
+  # 3. 即時日誌瀏覽器 (Dozzle) - 看報錯用
   dozzle:
     image: amir20/dozzle:latest
     container_name: dozzle_minecraft

karylab-minecraft/master/velocity-conf-example.toml

@@ -0,0 +1,111 @@
+# Config version. Do not change this
+config-version = "1.0"
+# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577.
+bind = "0.0.0.0:25577"
+# What should be the MOTD? This gets displayed when the player adds your server to
+# their server list. Legacy color codes and JSON are accepted.
+motd = "&#09add3A Velocity Server"
+# What should we display for the maximum number of players? (Velocity does not support a cap
+# on the number of players online.)
+show-max-players = 500
+# Should we authenticate players with Mojang? By default, this is on.
+online-mode = true
+# If client's ISP/AS sent from this proxy is different from the one from Mojang's
+# authentication server, the player is kicked. This disallows some VPN and proxy
+# connections but is a weak form of protection.
+prevent-client-proxy-connections = false
+# Should we forward IP addresses and other data to backend servers?
+# Available options:
+# - "none":        No forwarding will be done. All players will appear to be connecting
+#                  from the proxy and will have offline-mode UUIDs.
+# - "legacy":      Forward player IPs and UUIDs in a BungeeCord-compatible format. Use this
+#                  if you run servers using Minecraft 1.12 or lower.
+# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard
+#                  plugin. Use this if you run servers using Minecraft 1.12 or lower, and are
+#                  unable to implement network level firewalling (on a shared host).
+# - "modern":      Forward player IPs and UUIDs as part of the login process using
+#                  Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher.
+player-info-forwarding-mode = "NONE"
+# If you are using modern or BungeeGuard IP forwarding, configure a unique secret here.
+forwarding-secret = "j8obT9lp7Dys"
+# Announce whether or not your server supports Forge. If you run a modded server, we
+# suggest turning this on.
+# 
+# If your network runs one modpack consistently, consider using ping-passthrough = "mods"
+# instead for a nicer display in the server list.
+announce-forge = false
+# If enabled (default is false) and the proxy is in online mode, Velocity will kick
+# any existing player who is online if a duplicate connection attempt is made.
+kick-existing-players = false
+# Should Velocity pass server list ping requests to a backend server?
+# Available options:
+# - "disabled":    No pass-through will be done. The velocity.toml and server-icon.png
+#                  will determine the initial server list ping response.
+# - "mods":        Passes only the mod list from your backend server into the response.
+#                  The first server in your try list (or forced host) with a mod list will be
+#                  used. If no backend servers can be contacted, Velocity won't display any
+#                  mod information.
+# - "description": Uses the description and mod list from the backend server. The first
+#                  server in the try (or forced host) list that responds is used for the
+#                  description and mod list.
+# - "all":         Uses the backend server's response as the proxy response. The Velocity
+#                  configuration is used if no servers could be contacted.
+ping-passthrough = "DISABLED"
+
+[servers]
+	# Configure your servers here. Each key represents the server's name, and the value
+	# represents the IP address of the server to connect to.
+	lobby = "127.0.0.1:30066"
+	factions = "127.0.0.1:30067"
+	minigames = "127.0.0.1:30068"
+	# In what order we should try servers when a player logs in or is kicked from a server.
+	try = ["lobby"]
+
+[forced-hosts]
+	# Configure your forced hosts here.
+	"lobby.example.com" = ["lobby"]
+	"factions.example.com" = ["factions"]
+	"minigames.example.com" = ["minigames"]
+
+[advanced]
+	# How large a Minecraft packet has to be before we compress it. Setting this to zero will
+	# compress all packets, and setting it to -1 will disable compression entirely.
+	compression-threshold = 256
+	# How much compression should be done (from 0-9). The default is -1, which uses the
+	# default level of 6.
+	compression-level = -1
+	# How fast (in milliseconds) are clients allowed to connect after the last connection? By
+	# default, this is three seconds. Disable this by setting this to 0.
+	login-ratelimit = 3000
+	# Specify a custom timeout for connection timeouts here. The default is five seconds.
+	connection-timeout = 5000
+	# Specify a read timeout for connections here. The default is 30 seconds.
+	read-timeout = 30000
+	# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then
+	# don't enable it.
+	haproxy-protocol = false
+	# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux.
+	tcp-fast-open = false
+	# Enables BungeeCord plugin messaging channel support on Velocity.
+	bungee-plugin-message-channel = true
+	# Shows ping requests to the proxy from clients.
+	show-ping-requests = false
+	# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly
+	# loses connection to the server without an explicit disconnect message by attempting to fall the
+	# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You
+	# can disable this setting to use the BungeeCord behavior.
+	failover-on-unexpected-server-disconnect = true
+	# Declares the proxy commands to 1.13+ clients.
+	announce-proxy-commands = true
+	# Enables the logging of commands
+	log-command-executions = false
+
+[query]
+	# Whether to enable responding to GameSpy 4 query responses or not.
+	enabled = false
+	# If query is enabled, on what port should the query protocol listen on?
+	port = 25577
+	# This is the map name that is reported to the query services.
+	map = "Velocity"
+	show-plugins = false
+

karylab-minecraft/master/velocity-conf.toml

@@ -1,11 +1,11 @@
-# Velocity 配置檔範例
+# Velocity 配置檔
 # 啟動容器後會自動生成在 /docker/minecraft/velocity/velocity.toml
 
 # Config version. Do not change this
 config-version = "2.7"
 
 # 綁定地址和端口
-bind = "0.0.0.0:11100"
+bind = "0.0.0.0:25555"
 
 # 伺服器列表 MOTD
 motd = "<gradient:#09add3:#d33682>Karylab Minecraft Network</gradient>"
@@ -22,16 +22,6 @@ prevent-client-proxy-connections = false
 # 如果有相同玩家嘗試重複登入，是否踢掉已在線的玩家
 kick-existing-players = true
 
-# 後端伺服器列表
-[servers]
-parkour-spiral = "127.0.0.1:1110"
-parkour-volcano = "127.0.0.1:1120"
-
-# 強制主機域名路由(關鍵!)
-[forced-hosts]
-"parkour-spiral.karylab.uk" = ["parkour-spiral"]
-"parkour-volcano.karylab.uk" = ["parkour-volcano"]
-
 # 啟用 modern forwarding (讓後端伺服器知道玩家真實IP)
 player-info-forwarding-mode = "modern"
 
@@ -44,11 +34,34 @@ ping-passthrough = "DISABLED"
 # 轉發密鑰檔案
 forwarding-secret-file = "forwarding.secret"
 
+# 後端伺服器列表
+[servers]
+parkour-spiral = "127.0.0.1:1110"
+parkour-volcano = "127.0.0.1:1120"
+
+# 玩家登入時的伺服器嘗試順序（空陣列 = 禁止直接用 IP 連線，必須用域名）
+try = []
+
+# 強制主機域名路由(關鍵!)
+[forced-hosts]
+"parkour-spiral.karylab.uk" = ["parkour-spiral"]
+"parkour-volcano.karylab.uk" = ["parkour-volcano"]
+
 [advanced]
 # 壓縮閾值
 compression-threshold = 256
 compression-level = -1
 login-ratelimit = 3000
 
+# 連線超時設定（毫秒）
+connection-timeout = 5000
+read-timeout = 30000
+
+# 向 1.13+ 客戶端宣告代理指令
+announce-proxy-commands = false
+
+# 記錄指令執行（除錯用，平時關閉）
+log-command-executions = false
+
 # 是否在日誌記錄玩家 IP
 enable-player-address-logging = true

karylab-minecraft/minecraft.yml

@@ -10,7 +10,6 @@ services:
       - TZ=Asia/Taipei
     ports:
       - "8000:8443"  # 管理介面
-      - "1110:11100" # Minecraft 統一連接埠
     volumes:
       - /docker/minecraft/crafty/backups:/crafty/backups
       - /docker/minecraft/crafty/logs:/crafty/logs
@@ -79,7 +78,7 @@ services:
       - DOZZLE_TAILSIZE=500  # 日誌顯示行數
       - DOZZLE_FILTER=name=crafty*|name=minecraft* # 只顯示 MC 相關容器
     ports:
-      - "8020:8080" # 訪問 http://localhost:8020 即可看到所有容器日誌
+      - "8020:8080" # 訪問即可看到所有容器日誌
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
@@ -89,7 +88,39 @@ services:
         limits:
           memory: 256M
 
-  # 4. 備份服務 (可選) - 自動備份到雲端或其他位置
+  # 4. GoEdge 管理後台 + API 節點 + MySQL
+  # 官方建議使用 goedgelabs/goedge-admin 映像，內建 MariaDB
+  goedge-admin:
+    image: goedgelabs/goedge-admin:latest
+    container_name: goedge_admin
+    restart: unless-stopped
+    environment:
+      - TZ=Asia/Taipei
+    volumes:
+      - goedge_admin_mysql:/var/lib/mysql  # MySQL 資料庫
+      - goedge_admin_data:/usr/local/goedge/edge-admin  # Admin 設定 + 日誌 + API 設定
+    ports:
+      - "8030:7788"   # 管理後台登入端口 (預設 admin/123456)
+    networks:
+      - minecraft_net
+
+  # 5. GoEdge 邊緣節點 (實際負責轉發的 Proxy)
+  goedge-node:
+    image: goedgelabs/goedge-node:latest
+    container_name: goedge_node
+    restart: unless-stopped
+    environment:
+      - TZ=Asia/Taipei
+    volumes:
+      - goedge_node_data:/usr/local/goedge/edge-node
+    ports:
+      - "1110-1200:1110-1200" # 預留 1110 到 1200 之間的 90 個端口
+    networks:
+      - minecraft_net
+    depends_on:
+      - goedge-admin
+
+  # 6. 備份服務 (可選) - 自動備份到雲端或其他位置
   # duplicati:
   #   image: lscr.io/linuxserver/duplicati:latest
   #   container_name: minecraft_backup
@@ -107,7 +138,7 @@ services:
   #   networks:
   #     - minecraft_net
 
-  # 5. Watchtower - 自動更新容器映像檔（可選）
+  # 7. Watchtower - 自動更新容器映像檔（可選）
   # watchtower:
   #   image: containrrr/watchtower:latest
   #   container_name: watchtower_minecraft
@@ -129,4 +160,7 @@ networks:
 volumes:
   netdataconfig:
   netdatalib:
-  netdatacache:
+  netdatacache:
+  goedge_admin_mysql:     # MySQL 資料庫（單獨備份用）
+  goedge_admin_data:      # Admin 所有資料（設定 + 日誌 + API）
+  goedge_node_data:       # Node 所有資料（設定 + 日誌）