Merge branch 'main' into ubuntu-24

.github/workflows/docker.yml

@@ -5,24 +5,24 @@ jobs:
   push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GitHub Packages
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -34,7 +34,7 @@ jobs:
 
       - name: Build and push to DockerHub
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           push: true
           tags: |

.github/workflows/linting.yml

@@ -6,7 +6,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
       - name: Run Shellcheck
         uses: azohra/shell-linter@latest
         with:
@@ -15,7 +16,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
       - name: Validate Dockerfile
         uses: ghe-actions/dockerfile-validator@v1
         with:

.github/workflows/release.yml

@@ -7,24 +7,24 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GitHub Packages
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -41,7 +41,7 @@ jobs:
 
       - name: Build and push to DockerHub & GitHub Packages
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           push: true
           tags: ${{ steps.meta.outputs.tags }}

Dockerfile

@@ -47,4 +47,4 @@ STOPSIGNAL SIGINT
 
 EXPOSE 7777/udp 7777/tcp
 
-ENTRYPOINT [ "/init.sh" ]
+ENTRYPOINT [ "/init.sh" ]

README.md

@@ -59,7 +59,8 @@ following directories:
 - `/backups` - the server will automatically backup your saves when the container first starts
 - `/gamefiles` - this is for the game's files. They're stored outside the container to avoid needing to redownload
   8GB+ every time you want to rebuild the container
-- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless `LOG=true`)
+- `/logs` - this holds Steam's logs, and contains a pointer to Satisfactory's logs (empties on startup unless
+  `LOG=true`)
 - `/saved` - this contains the game's blueprints, saves, and server configuration
 
 Before running the server image, you should find your user ID that will be running the container. This isn't necessary
@@ -142,6 +143,12 @@ services:
           memory: 4G
 ```
 
+### SSL Certificate with Certbot (Optional)
+
+You can use Certbot with Let's Encrypt to issue a signed SSL certificate for your server. Without this,
+Satisfactory will use a self-signed SSL certificate, requiring players to manually confirm them when they initially
+connect. [Learn more](https://github.com/wolveix/satisfactory-server/tree/main/ssl).
+
 ### Kubernetes
 
 If you are running a [Kubernetes](https://kubernetes.io) cluster, we do have

cluster/service.yaml

@@ -6,17 +6,20 @@ metadata:
   labels:
     app: satisfactory
 spec:
-  type: NodePort
+  type: LoadBalancer
+  allocateLoadBalancerNodePorts: true
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+# might be necessary for your cluster:
+#  loadBalancerIP: <external-IP>
   ports:
-    - port: 7777
-      nodePort: 7777
+    - name: "game"
+      port: 7777
       protocol: UDP
-      name: "game"
       targetPort: 7777
-    - port: 7777
-      nodePort: 7777
+    - name: "api"
+      port: 7777
       protocol: TCP
-      name: "gametcp"
       targetPort: 7777
   selector:
-    app: satisfactory
+    app: satisfactory

cluster/statefulset.yaml

@@ -31,16 +31,25 @@ spec:
             - name: STEAMBETA
               value: "false"
           ports:
-            - containerPort: 7777
-              name: "gameTCP"
+            - name: "api"
+              containerPort: 7777
               protocol: TCP
-            - containerPort: 7777
-              name: "game"
+            - name: "game"
+              containerPort: 7777
               protocol: UDP
           volumeMounts:
-            - name: satisfactory-data
+            - name: satisfactory-config
               mountPath: /config
+            - name: satisfactory-data
+              mountPath: /config/gamefiles
   volumeClaimTemplates:
+    - metadata:
+        name: satisfactory-config
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 1Gi
     - metadata:
         name: satisfactory-data
       spec:

run.sh

@@ -104,7 +104,7 @@ fi
 
 cd /config/gamefiles || exit 1
 
-chmod +x FactoryServer.sh
+chmod +x FactoryServer.sh || true
 ./FactoryServer.sh -Port="$SERVERGAMEPORT" "${ini_args[@]}" "$@" &
 
 sleep 2

saveshare/README.md

@@ -1,7 +1,6 @@
 # Satisfactory Save Sharing
 
-**_Note: this is a work in progress. The group I play with have been relying on solely this for the last few months, but
-I'm still working on making it more user-friendly._**
+**_Note: this is a work in progress. Prior to 1.0's release, the group I played with had been relying on solely this for many months. Now that 1.0 is released, dedicated servers are much more reliable, meaning we haven't really been using SaveShare._**
 
 The dedicated server for Satisfactory introduces a few unique bugs to the game, where multiplayer (through joining a
 friend) doesn't. This application introduces save sharing with friends. It's designed to function similarly to how the
@@ -15,7 +14,7 @@ leaves, anyone else can pick up from where they left off.
 
 Download the release from the releases tab. When you initially run it, it'll ask for the following information:
 
-- Server address (IP and port, e.g. `localhost:15770`)
+- Server address (IP and port, e.g. `localhost:7790`)
 - Server password (the SFTP password)
 - Session name (this must be EXACTLY as it is formatted within Satisfactory)
 
@@ -31,7 +30,7 @@ services:
     volumes:
       - /opt/saveshare:/home/saveshare/upload
     ports:
-      - "15770:22"
+      - "7790:22"
     command: saveshare:PASSWORD_HERE:1001
 ```
 

ssl/README.md

@@ -0,0 +1,100 @@
+# SSL Certificate with Certbot
+
+The instructions below will help you to deploy a signed SSL certificate for your Satisfactory server.
+
+## Docker Compose
+
+```yaml
+services:
+  satisfactory-server:
+    container_name: 'satisfactory-server'
+    hostname: 'satisfactory-server'
+    image: 'wolveix/satisfactory-server:latest'
+    ports:
+      - '7777:7777/udp'
+      - '7777:7777/tcp'
+    volumes:
+      - './satisfactory-server:/config'
+      - './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem'
+      - './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem'
+    environment:
+      - MAXPLAYERS=4
+      - PGID=1000
+      - PUID=1000
+      - ROOTLESS=false
+      - STEAMBETA=false
+    restart: unless-stopped
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+    healthcheck:
+      test: bash /healthcheck.sh
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 120s
+    deploy:
+      resources:
+        limits:
+          memory: 6G
+        reservations:
+          memory: 4G
+
+  certbot:
+    image: certbot/certbot
+    command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN}
+    ports:
+      - '80:80/tcp'
+    volumes:
+      - ./certs:/etc/letsencrypt
+    environment:
+      - [email protected]
+      - DOMAIN=satisfactory.domain.tld
+```
+
+The `docker-compose.yml` file above should replace the `docker-compose.yml` file you already have configured. Adjust the
+`CERTBOT_MAIL` and `DOMAIN` environment variables under the `certbot` service to be a real email address, and the domain
+you'd like to issue the SSL certificate for. Ensure prior to running this that you've already created the necessary DNS
+record for your domain. If you don't certbot will fail, and you'll likely hit your rate limit and need to wait a while
+to try again (check the `certbot` container's logs for further information).
+
+**Ensure that you open/port forward for port `80/tcp`.**
+
+You can now launch the Docker Compose configuration in the same way you normally would. Do note that if Certbot fails,
+the game server will not start.
+
+## Troubleshooting
+
+### What if port 80 is already in-use with a reverse-proxy?
+
+Change the port for the certbot service (e.g. `7800:80/tcp`), and forward HTTP traffic from your reverse proxy through
+to your `certbot` container.
+
+Here are examples on how you can do this with Caddy and NGINX
+
+#### Caddy
+
+Modify your Caddyfile to include your given domain above. Ensure that you put `http://` **before** the domain, otherwise
+Caddy will _also_ request an SSL certificate for it.
+
+```
+http://satisfactory.domain.tld {
+    reverse_proxy :7780
+}
+```
+
+
+#### NGINX
+
+Modify your NGINX configuration file to include the following virtual host:
+
+```
+server {
+    listen       80;
+    server_name  satisfactory.domain.tld;
+
+    location / {
+        proxy_pass  http://localhost:7780;
+    }
+}
+```

ssl/docker-compose.yml

@@ -0,0 +1,45 @@
+services:
+  satisfactory-server:
+    container_name: 'satisfactory-server'
+    hostname: 'satisfactory-server'
+    image: 'wolveix/satisfactory-server:latest'
+    ports:
+      - '7777:7777/udp'
+      - '7777:7777/tcp'
+    volumes:
+      - './satisfactory-server:/config'
+      - './certs/live/${DOMAIN}/fullchain.pem:/config/gamefiles/FactoryGame/Certificates/cert_chain.pem'
+      - './certs/live/${DOMAIN}/privkey.pem:/config/gamefiles/FactoryGame/Certificates/private_key.pem'
+    environment:
+      - MAXPLAYERS=4
+      - PGID=1000
+      - PUID=1000
+      - ROOTLESS=false
+      - STEAMBETA=false
+    restart: unless-stopped
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+    healthcheck:
+      test: bash /healthcheck.sh
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 120s
+    deploy:
+      resources:
+        limits:
+          memory: 6G
+        reservations:
+          memory: 4G
+
+  certbot:
+    image: certbot/certbot
+    command: certonly --standalone --non-interactive --agree-tos -m ${CERTBOT_MAIL} -d ${DOMAIN}
+    ports:
+      - '80:80/tcp'
+    volumes:
+      - ./certs:/etc/letsencrypt
+    environment:
+      - [email protected]
+      - DOMAIN=satisfactory.domain.tld