Server Access
Hey. Ive been running a minecraft bedrock Server inside of a docker container and i wondered if there is a possibility for other persons to access the console without using ssh or installing pterodactyl?
65 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by moritzwastaken#0
(ping me)
Just install pterodactyl if you want multi user access/access control
(or any of the other panels with subuser support)
@ProGamingDk did you even read my question
I said i dont want to use any panels
I did, but there's no good alternative.
you want a feature that is a big feature of panels
:eyes_zoom: new discord bot idea is coming to my mind
Without SSH access to enter the container via
docker attach <container> or docker exec -it <container> /bin/bash, you're effectively asking for a STDIN/STDOUT/STDERR proxy for docker containers. It is possible to create (hence how Pterodactyl/wings works), but can I understand why you're wanting this?
Just a more light weight way of administrating the server or?
Would RCON not fulfil this purpose?
If you want to restart the server too, this would need to be done via a startup script / setting docker to always-restart the container, as even with a STD* proxy, you wouldn't be able to restart the server without one of these.
@Moritz (since you said ping me)The problem is, i dont want to give the users ssh access because its my homeserver with valuable data on it (bitwarden passwords)
What are you wanting them to be able to do?
Simply console access, ability to restart the container, etc?
Just the console access
To ban people etc
I would honestly just setup RCON
^
thanks for your help
btw hey skullian
heya :)
quick question if I were to make a discord bot with perms that gave people specific RCON access would you be interested? :Shruge:
yeah sure
dm me
done :)
Doesn't DiscordSRV allow you to do this?
Yeah it does
Though they have a bedrock server which discordsrv wont work for
Thanks, I completely glanced over the fact it was bedrock.
Yeah you don't.
You can do shit like RCON which other people have said, but you don't give access to a server without needing something like SSH, and if you wanted some kind of filter method to choose who can access what you either need a very custom reverse proxy solution with weird setup, or you just use a panel.
Or, and here's a neat thing, don't run Vaultwarden on the same server as your game servers that you're exposing to the internet.
well, there is one, but its just start or stop server
he has just started coding lol
Should be super easy to do hopefully
Docker exposes a websocket of the containers console STD buffers
Such a bot would need to be mega carefully designed.
Authentication, yeah
Oh yeah.
Wouldn't trust just Discord auth either since most people are turbo stupid with their passwords and the last thing you want is someone with access falling for an obvious phishing scam and getting your servers crashed.
oh lol
I was honestly just going to throw together a light weight app which wraps the websocket in xterm.js with auth as it seems easy enough to do.
How're you gonna do auth? And how're you gonna impose limits?
auth would be just standard user/pw using bcrypt, with just lockouts after a few failed attempts
:PepeYikes:
What do you mean by limits, as in what somebody can run?
Yeeeahhh...
Absolutely, what? They're getting attach access to a docker container.
Wanna add to what you mean by this?
They are getting access as if they attached, that would be the point of it.
That's still root for the MC server.
One fuckoff scary thing to hold behind the infinitely flimsy walls of 'user password creation'.
Sorry but John McJohnface password password isn't something I want having attach via discord.
It's quite literally no different than pterodactyl, adding 2fa** would be super easy.
Ptero I can wrap behind Authentik and Caddy.
That I trust for prod.
And this is a simple http server /w websockets and auth, you think that couldn't too?
It can if you do it, most won't themselves. :Sadge:
Though I'd very much love passwordless.
End users are not trustworthy with making passwords damnit.
I don't disagree with your comments, in my mind this was just going to be Pterodactyl without everything but the console effectively.
12345678
So same authentication scheme, etc.
thats the u/admincraft-modteam account password fyi
:HACKERMANS:
no one likes us tho
But really though, passwordless. Please.
More things need to just remove the apparently infinite burden of a goddamn password manager from the end user. It's horrific the state we're in.
There's no security on rcon FYI. No logging on who is doing what commands. Any staff member would be able to do things without being able to track who it was.
yup
and fun fact looks like vanilla bedrock servers don't have RCON built in
Not surprised at all. Pretty sure Java doesn't have it either. Most use the itzg image and that has it included.
No, rcon exists in Java natively.
Thought it wasn't actually enabled in MC though?
it's not enabled by default in server.properties iirc
@Moritz I know you said without using ssh, however ssh does have a
ForcedCommand option, which could be used to override the shell the user would normally get with just a docker attach command. This would ensure that all console input features would work properly.
there are a few things you'll need to do to ensure the user can't use x11 forwarding or sftp/scp, however the user should ideally have their own untrusted accountNot enabled by default, but it exists.
I did word that badly.
Honestly though this is getting to the point of a stupid amount of effort versus just using like... a panel. :THONK:
Bedrock doesn't seem to have rcon at all
^
i think pocketmine does though
honestly though, if it's just for the purpose of banning people, then just have them log into the game to do it. Java and bedrock both take less than like 30 seconds to start and join a server
believe java even has a launch arg you can set to make the game instantly log you into a server, skipping the main menu/server list page
cant you just leave the attached docker container after you got forced to run the command
from my understanding, if the ForcedCommand exits, ssh disconnects. Believe it refers to forcing the ssh command that automatically is ran
but I haven't tried it at all
Rcon isn't an option because he runs a bedrock server :FrogeBIGEYES:
👀 I didn’t know bedrock servers didn’t have RCON built in :KEKW:
I mean if you're Microsoft do you build it in?
Can't see a whole heap of reason to do so.
Maybe for server admins, but then again maybe not.
fair enough