From f3fe55ef67bdbc4cb44516628571fcfaeace6106 Mon Sep 17 00:00:00 2001 From: ChenKaiLiuG Date: Thu, 1 Jan 2026 18:05:00 +0800 Subject: [PATCH] Update mc-server & Add docker registry --- karylab-entrance/docker-registry.yml | 164 ++++++++++++++++++ karylab-entrance/vpn-ddns.yml | 11 ++ .../master/fabric-proxy-example.toml | 7 + .../minecraft-master.yml} | 4 +- .../master/velocity-conf-example.toml | 111 ++++++++++++ .../velocity-conf.toml} | 37 ++-- karylab-minecraft/minecraft.yml | 44 ++++- 7 files changed, 359 insertions(+), 19 deletions(-) create mode 100644 karylab-entrance/docker-registry.yml create mode 100644 karylab-entrance/vpn-ddns.yml create mode 100644 karylab-minecraft/master/fabric-proxy-example.toml rename karylab-minecraft/{master-minecraft.yml => master/minecraft-master.yml} (96%) create mode 100644 karylab-minecraft/master/velocity-conf-example.toml rename karylab-minecraft/{velocity-config.toml => master/velocity-conf.toml} (78%) diff --git a/karylab-entrance/docker-registry.yml b/karylab-entrance/docker-registry.yml new file mode 100644 index 0000000..18b1c45 --- /dev/null +++ b/karylab-entrance/docker-registry.yml @@ -0,0 +1,164 @@ +version: '3.8' + +services: + # 1. Docker 私有映像倉庫 - 存儲自訂編譯的容器映像 + registry: + image: registry:2 + container_name: docker-registry + restart: always + ports: + - "5700:5000" + environment: + REGISTRY_HTTP_ADDR: 0.0.0.0:5000 + REGISTRY_HTTP_RELATIVEURLS: 'true' + REGISTRY_STORAGE_DELETE_ENABLED: 'true' + volumes: + - /mnt/data/External/docker_registry/registry_data:/var/lib/registry + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:5000/v2/"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + + # 2. Registry 管理界面 - Web UI,方便查看和管理存儲的映像 + registry-ui: + image: joxit/docker-registry-ui:latest + container_name: docker-registry-ui + restart: always + ports: + - "5600:80" + environment: + REGISTRY_TITLE: "Docker Registry" + REGISTRY_URL: "http://registry:5000" + REGISTRY_SECURED: 'false' + REGISTRY_USERNAME: "admin" + REGISTRY_PASSWORD: "change_me" + DELETE_IMAGES: 'true' + SHOW_CATALOG_NB_TAGS: 'true' + NGINX_PROXY_PASS_URL: 'http://registry:5000' + depends_on: + registry: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:80/"] + interval: 30s + timeout: 10s + retries: 3 + + # 3. Docker Hub 鏡像加速 - 緩存 Docker Hub 映像,加速拉取速度 + registry-mirror: + image: registry:2 + container_name: docker-registry-mirror + restart: always + ports: + - "5500:5000" + environment: + REGISTRY_HTTP_ADDR: 0.0.0.0:5000 + REGISTRY_PROXY_REMOTEURL: "https://registry-1.docker.io" + REGISTRY_STORAGE_DELETE_ENABLED: 'true' + volumes: + - /mnt/data/External/docker_registry/mirror_data:/var/lib/registry + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:5000/v2/"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + + # 4. Docker 編譯伺服器 - Docker-in-Docker,隔離編譯環境 + build-server: + image: docker:dind + container_name: docker-build-server + restart: always + environment: + DOCKER_HOST: unix:///var/run/docker.sock + DOCKER_DRIVER: overlay2 + # 自動清理策略 + DOCKER_BUILDKIT: 1 + volumes: + - build_cache:/var/lib/docker + privileged: true + networks: + - docker-registry-network + healthcheck: + test: ["CMD", "docker", "ps"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + + # 5. Drone CI 伺服器 - 自動化編譯平台,支持 Git Webhook 觸發編譯和推送 + drone-server: + image: drone/drone:latest + container_name: drone-server + restart: always + ports: + - "5400:80" + environment: + DRONE_SERVER_HOST: localhost:5400 + DRONE_SERVER_PROTO: http + DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET} + # Git 平台配置(根據你使用的平台選擇) + # GitHub 配置 + # DRONE_GITHUB_CLIENT_ID: "your-github-client-id" + # DRONE_GITHUB_CLIENT_SECRET: "your-github-secret" + # GitLab 配置 + # DRONE_GITLAB_SERVER: https://gitlab.example.com + # DRONE_GITLAB_CLIENT_ID: "your-gitlab-client-id" + # DRONE_GITLAB_CLIENT_SECRET: "your-gitlab-secret" + # Gitea 配置 + # DRONE_GITEA_SERVER: http://gitea.example.com + # DRONE_GITEA_CLIENT_ID: "your-gitea-client-id" + # DRONE_GITEA_CLIENT_SECRET: "your-gitea-secret" + # 初始管理員 + DRONE_USER_CREATE: "username:admin,admin:true" + volumes: + - drone_data:/data + networks: + - docker-registry-network + depends_on: + - registry + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:80/api/version"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + + # 6. Drone Runner - Docker 執行器,使用 DinD 編譯並自動清理 + drone-runner: + image: drone/drone-runner-docker:latest + container_name: drone-runner-docker + restart: always + environment: + # 連接到 Drone Server + DRONE_RPC_HOST: drone-server + DRONE_RPC_PROTO: http + DRONE_RPC_SECRET: ${DRONE_RANDOM_SECRET} + # 執行器配置 + DRONE_RUNNER_CAPACITY: 2 + DRONE_RUNNER_NAME: "docker-runner-01" + # 使用獨立的 DinD 連接 + DRONE_DOCKER_HOST: tcp://build-server:2375 + # 自動清理配置 + DRONE_CLEANUP: "true" + # 編譯完後自動刪除容器 + DRONE_DOCKER_PURGE: "true" + DRONE_UI_USERNAME: admin + DRONE_UI_PASSWORD: admin + networks: + - docker-registry-network + depends_on: + - drone-server + - build-server + +volumes: + # 編譯緩存(DinD 層緩存) + build_cache: + # Drone CI 配置和數據 + drone_data: + +networks: + docker-registry-network: + driver: bridge diff --git a/karylab-entrance/vpn-ddns.yml b/karylab-entrance/vpn-ddns.yml new file mode 100644 index 0000000..9a12ecb --- /dev/null +++ b/karylab-entrance/vpn-ddns.yml @@ -0,0 +1,11 @@ +services: + vpn-ddns: + image: oznu/cloudflare-ddns:latest + container_name: vpn-ddns + restart: unless-stopped + environment: + - API_KEY=${API_KEY} + - ZONE=karylab.uk + - SUBDOMAIN=vpn + - PROXIED=false + - RRTYPE=A \ No newline at end of file diff --git a/karylab-minecraft/master/fabric-proxy-example.toml b/karylab-minecraft/master/fabric-proxy-example.toml new file mode 100644 index 0000000..b5a93c7 --- /dev/null +++ b/karylab-minecraft/master/fabric-proxy-example.toml @@ -0,0 +1,7 @@ +# 啟用 Velocity 支援 +hackEarlySend = false +hackMessageChain = false +hackOfflinePlayersUuid = true + +# 重要!複製 Velocity 的 secret +secret = "ymQ8CZfTMx8z" # 從 Velocity 的 forwarding.secret 複製 \ No newline at end of file diff --git a/karylab-minecraft/master-minecraft.yml b/karylab-minecraft/master/minecraft-master.yml similarity index 96% rename from karylab-minecraft/master-minecraft.yml rename to karylab-minecraft/master/minecraft-master.yml index 0b6be7b..48e1426 100644 --- a/karylab-minecraft/master-minecraft.yml +++ b/karylab-minecraft/master/minecraft-master.yml @@ -10,7 +10,7 @@ services: - TZ=Asia/Taipei ports: - "8000:8443" # 管理介面 - - "1110:11100" # Minecraft Velocity 代理 + - "1110:25555" # Velocity 代理端口 volumes: - /docker/minecraft/crafty/backups:/crafty/backups - /docker/minecraft/crafty/logs:/crafty/logs @@ -68,7 +68,7 @@ services: reservations: memory: 256M - # 3. 即時日誌瀏覽器 (Dozzle) - 非常推薦,看報錯超方便 + # 3. 即時日誌瀏覽器 (Dozzle) - 看報錯用 dozzle: image: amir20/dozzle:latest container_name: dozzle_minecraft diff --git a/karylab-minecraft/master/velocity-conf-example.toml b/karylab-minecraft/master/velocity-conf-example.toml new file mode 100644 index 0000000..06b899d --- /dev/null +++ b/karylab-minecraft/master/velocity-conf-example.toml @@ -0,0 +1,111 @@ +# Config version. Do not change this +config-version = "1.0" +# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577. +bind = "0.0.0.0:25577" +# What should be the MOTD? This gets displayed when the player adds your server to +# their server list. Legacy color codes and JSON are accepted. +motd = " add3A Velocity Server" +# What should we display for the maximum number of players? (Velocity does not support a cap +# on the number of players online.) +show-max-players = 500 +# Should we authenticate players with Mojang? By default, this is on. +online-mode = true +# If client's ISP/AS sent from this proxy is different from the one from Mojang's +# authentication server, the player is kicked. This disallows some VPN and proxy +# connections but is a weak form of protection. +prevent-client-proxy-connections = false +# Should we forward IP addresses and other data to backend servers? +# Available options: +# - "none": No forwarding will be done. All players will appear to be connecting +# from the proxy and will have offline-mode UUIDs. +# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use this +# if you run servers using Minecraft 1.12 or lower. +# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard +# plugin. Use this if you run servers using Minecraft 1.12 or lower, and are +# unable to implement network level firewalling (on a shared host). +# - "modern": Forward player IPs and UUIDs as part of the login process using +# Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher. +player-info-forwarding-mode = "NONE" +# If you are using modern or BungeeGuard IP forwarding, configure a unique secret here. +forwarding-secret = "j8obT9lp7Dys" +# Announce whether or not your server supports Forge. If you run a modded server, we +# suggest turning this on. +# +# If your network runs one modpack consistently, consider using ping-passthrough = "mods" +# instead for a nicer display in the server list. +announce-forge = false +# If enabled (default is false) and the proxy is in online mode, Velocity will kick +# any existing player who is online if a duplicate connection attempt is made. +kick-existing-players = false +# Should Velocity pass server list ping requests to a backend server? +# Available options: +# - "disabled": No pass-through will be done. The velocity.toml and server-icon.png +# will determine the initial server list ping response. +# - "mods": Passes only the mod list from your backend server into the response. +# The first server in your try list (or forced host) with a mod list will be +# used. If no backend servers can be contacted, Velocity won't display any +# mod information. +# - "description": Uses the description and mod list from the backend server. The first +# server in the try (or forced host) list that responds is used for the +# description and mod list. +# - "all": Uses the backend server's response as the proxy response. The Velocity +# configuration is used if no servers could be contacted. +ping-passthrough = "DISABLED" + +[servers] + # Configure your servers here. Each key represents the server's name, and the value + # represents the IP address of the server to connect to. + lobby = "127.0.0.1:30066" + factions = "127.0.0.1:30067" + minigames = "127.0.0.1:30068" + # In what order we should try servers when a player logs in or is kicked from a server. + try = ["lobby"] + +[forced-hosts] + # Configure your forced hosts here. + "lobby.example.com" = ["lobby"] + "factions.example.com" = ["factions"] + "minigames.example.com" = ["minigames"] + +[advanced] + # How large a Minecraft packet has to be before we compress it. Setting this to zero will + # compress all packets, and setting it to -1 will disable compression entirely. + compression-threshold = 256 + # How much compression should be done (from 0-9). The default is -1, which uses the + # default level of 6. + compression-level = -1 + # How fast (in milliseconds) are clients allowed to connect after the last connection? By + # default, this is three seconds. Disable this by setting this to 0. + login-ratelimit = 3000 + # Specify a custom timeout for connection timeouts here. The default is five seconds. + connection-timeout = 5000 + # Specify a read timeout for connections here. The default is 30 seconds. + read-timeout = 30000 + # Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then + # don't enable it. + haproxy-protocol = false + # Enables TCP fast open support on the proxy. Requires the proxy to run on Linux. + tcp-fast-open = false + # Enables BungeeCord plugin messaging channel support on Velocity. + bungee-plugin-message-channel = true + # Shows ping requests to the proxy from clients. + show-ping-requests = false + # By default, Velocity will attempt to gracefully handle situations where the user unexpectedly + # loses connection to the server without an explicit disconnect message by attempting to fall the + # user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You + # can disable this setting to use the BungeeCord behavior. + failover-on-unexpected-server-disconnect = true + # Declares the proxy commands to 1.13+ clients. + announce-proxy-commands = true + # Enables the logging of commands + log-command-executions = false + +[query] + # Whether to enable responding to GameSpy 4 query responses or not. + enabled = false + # If query is enabled, on what port should the query protocol listen on? + port = 25577 + # This is the map name that is reported to the query services. + map = "Velocity" + show-plugins = false + diff --git a/karylab-minecraft/velocity-config.toml b/karylab-minecraft/master/velocity-conf.toml similarity index 78% rename from karylab-minecraft/velocity-config.toml rename to karylab-minecraft/master/velocity-conf.toml index 0d8eaa5..ba93bd8 100644 --- a/karylab-minecraft/velocity-config.toml +++ b/karylab-minecraft/master/velocity-conf.toml @@ -1,11 +1,11 @@ -# Velocity 配置檔範例 +# Velocity 配置檔 # 啟動容器後會自動生成在 /docker/minecraft/velocity/velocity.toml # Config version. Do not change this config-version = "2.7" # 綁定地址和端口 -bind = "0.0.0.0:11100" +bind = "0.0.0.0:25555" # 伺服器列表 MOTD motd = "Karylab Minecraft Network" @@ -22,16 +22,6 @@ prevent-client-proxy-connections = false # 如果有相同玩家嘗試重複登入,是否踢掉已在線的玩家 kick-existing-players = true -# 後端伺服器列表 -[servers] -parkour-spiral = "127.0.0.1:1110" -parkour-volcano = "127.0.0.1:1120" - -# 強制主機域名路由(關鍵!) -[forced-hosts] -"parkour-spiral.karylab.uk" = ["parkour-spiral"] -"parkour-volcano.karylab.uk" = ["parkour-volcano"] - # 啟用 modern forwarding (讓後端伺服器知道玩家真實IP) player-info-forwarding-mode = "modern" @@ -44,11 +34,34 @@ ping-passthrough = "DISABLED" # 轉發密鑰檔案 forwarding-secret-file = "forwarding.secret" +# 後端伺服器列表 +[servers] +parkour-spiral = "127.0.0.1:1110" +parkour-volcano = "127.0.0.1:1120" + +# 玩家登入時的伺服器嘗試順序(空陣列 = 禁止直接用 IP 連線,必須用域名) +try = [] + +# 強制主機域名路由(關鍵!) +[forced-hosts] +"parkour-spiral.karylab.uk" = ["parkour-spiral"] +"parkour-volcano.karylab.uk" = ["parkour-volcano"] + [advanced] # 壓縮閾值 compression-threshold = 256 compression-level = -1 login-ratelimit = 3000 +# 連線超時設定(毫秒) +connection-timeout = 5000 +read-timeout = 30000 + +# 向 1.13+ 客戶端宣告代理指令 +announce-proxy-commands = false + +# 記錄指令執行(除錯用,平時關閉) +log-command-executions = false + # 是否在日誌記錄玩家 IP enable-player-address-logging = true diff --git a/karylab-minecraft/minecraft.yml b/karylab-minecraft/minecraft.yml index 786ccff..b2c396d 100644 --- a/karylab-minecraft/minecraft.yml +++ b/karylab-minecraft/minecraft.yml @@ -10,7 +10,6 @@ services: - TZ=Asia/Taipei ports: - "8000:8443" # 管理介面 - - "1110:11100" # Minecraft 統一連接埠 volumes: - /docker/minecraft/crafty/backups:/crafty/backups - /docker/minecraft/crafty/logs:/crafty/logs @@ -79,7 +78,7 @@ services: - DOZZLE_TAILSIZE=500 # 日誌顯示行數 - DOZZLE_FILTER=name=crafty*|name=minecraft* # 只顯示 MC 相關容器 ports: - - "8020:8080" # 訪問 http://localhost:8020 即可看到所有容器日誌 + - "8020:8080" # 訪問即可看到所有容器日誌 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: @@ -89,7 +88,39 @@ services: limits: memory: 256M - # 4. 備份服務 (可選) - 自動備份到雲端或其他位置 + # 4. GoEdge 管理後台 + API 節點 + MySQL + # 官方建議使用 goedgelabs/goedge-admin 映像,內建 MariaDB + goedge-admin: + image: goedgelabs/goedge-admin:latest + container_name: goedge_admin + restart: unless-stopped + environment: + - TZ=Asia/Taipei + volumes: + - goedge_admin_mysql:/var/lib/mysql # MySQL 資料庫 + - goedge_admin_data:/usr/local/goedge/edge-admin # Admin 設定 + 日誌 + API 設定 + ports: + - "8030:7788" # 管理後台登入端口 (預設 admin/123456) + networks: + - minecraft_net + + # 5. GoEdge 邊緣節點 (實際負責轉發的 Proxy) + goedge-node: + image: goedgelabs/goedge-node:latest + container_name: goedge_node + restart: unless-stopped + environment: + - TZ=Asia/Taipei + volumes: + - goedge_node_data:/usr/local/goedge/edge-node + ports: + - "1110-1200:1110-1200" # 預留 1110 到 1200 之間的 90 個端口 + networks: + - minecraft_net + depends_on: + - goedge-admin + + # 6. 備份服務 (可選) - 自動備份到雲端或其他位置 # duplicati: # image: lscr.io/linuxserver/duplicati:latest # container_name: minecraft_backup @@ -107,7 +138,7 @@ services: # networks: # - minecraft_net - # 5. Watchtower - 自動更新容器映像檔(可選) + # 7. Watchtower - 自動更新容器映像檔(可選) # watchtower: # image: containrrr/watchtower:latest # container_name: watchtower_minecraft @@ -129,4 +160,7 @@ networks: volumes: netdataconfig: netdatalib: - netdatacache: \ No newline at end of file + netdatacache: + goedge_admin_mysql: # MySQL 資料庫(單獨備份用) + goedge_admin_data: # Admin 所有資料(設定 + 日誌 + API) + goedge_node_data: # Node 所有資料(設定 + 日誌) \ No newline at end of file