From 56769e81d586ac88988adb61b18920627cf19023 Mon Sep 17 00:00:00 2001 From: uprightbass360 Date: Mon, 26 Jan 2026 12:48:07 -0500 Subject: [PATCH] fix: server startup hardening --- .env.prebuilt | 8 +- .env.template | 8 +- .../docker.service.d/nfs-dependencies.conf | 13 +++ scripts/bash/install-docker-nfs-fix.sh | 96 +++++++++++++++++++ scripts/bash/migrate-stack.sh | 10 +- 5 files changed, 126 insertions(+), 9 deletions(-) create mode 100644 config/systemd/docker.service.d/nfs-dependencies.conf create mode 100644 scripts/bash/install-docker-nfs-fix.sh diff --git a/.env.prebuilt b/.env.prebuilt index 68a9dc9..9dcf284 100644 --- a/.env.prebuilt +++ b/.env.prebuilt @@ -105,21 +105,21 @@ NETWORK_GATEWAY=172.20.0.1 # ===================== # Change this to your server's public IP or domain name SERVER_ADDRESS=127.0.0.1 -REALM_PORT=8215 +REALM_PORT=8085 # ===================== # Ports # ===================== # Authentication server -AUTH_EXTERNAL_PORT=3784 +AUTH_EXTERNAL_PORT=3724 AUTH_PORT=3724 # World server -WORLD_EXTERNAL_PORT=8215 +WORLD_EXTERNAL_PORT=8085 WORLD_PORT=8085 # SOAP/Remote access -SOAP_EXTERNAL_PORT=7778 +SOAP_EXTERNAL_PORT=7878 SOAP_PORT=7878 # MySQL database (for external access) diff --git a/.env.template b/.env.template index 717f883..4b3fd52 100644 --- a/.env.template +++ b/.env.template @@ -118,11 +118,11 @@ ALPINE_IMAGE=alpine:latest # ===================== # Ports # ===================== -AUTH_EXTERNAL_PORT=3784 +AUTH_EXTERNAL_PORT=3724 AUTH_PORT=3724 -WORLD_EXTERNAL_PORT=8215 +WORLD_EXTERNAL_PORT=8085 WORLD_PORT=8085 -SOAP_EXTERNAL_PORT=7778 +SOAP_EXTERNAL_PORT=7878 SOAP_PORT=7878 # ===================== @@ -136,7 +136,7 @@ NETWORK_GATEWAY=172.20.0.1 # Server address / realm # ===================== SERVER_ADDRESS=127.0.0.1 -REALM_PORT=8215 +REALM_PORT=8085 # ===================== # MySQL / Database Layer diff --git a/config/systemd/docker.service.d/nfs-dependencies.conf b/config/systemd/docker.service.d/nfs-dependencies.conf new file mode 100644 index 0000000..4c856a8 --- /dev/null +++ b/config/systemd/docker.service.d/nfs-dependencies.conf @@ -0,0 +1,13 @@ +# AzerothCore RealmMaster - Docker NFS Dependencies +# Ensures Docker waits for NFS mounts before starting to prevent race conditions +# where containers create local directories before NFS mounts are ready + +[Unit] +# Wait for NFS mounts to be active before starting Docker +After=nfs-azerothcore.mount nfs-containers.mount + +# Require the primary backup NFS mount (critical for data integrity) +Requires=nfs-azerothcore.mount + +# Prefer the containers NFS mount but don't fail if unavailable +Wants=nfs-containers.mount diff --git a/scripts/bash/install-docker-nfs-fix.sh b/scripts/bash/install-docker-nfs-fix.sh new file mode 100644 index 0000000..a647b97 --- /dev/null +++ b/scripts/bash/install-docker-nfs-fix.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# AzerothCore RealmMaster - Install Docker NFS Dependencies Fix +# This script installs a systemd drop-in configuration to ensure Docker +# waits for NFS mounts before starting, preventing backup folder deletion issues + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +DROP_IN_SOURCE="$PROJECT_ROOT/config/systemd/docker.service.d/nfs-dependencies.conf" +DROP_IN_TARGET="/etc/systemd/system/docker.service.d/nfs-dependencies.conf" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +log_info() { echo -e "${BLUE}ℹ️ $*${NC}"; } +log_ok() { echo -e "${GREEN}✅ $*${NC}"; } +log_warn() { echo -e "${YELLOW}⚠️ $*${NC}"; } +log_err() { echo -e "${RED}❌ $*${NC}"; } + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + log_err "This script must be run as root (use sudo)" + exit 1 +fi + +# Check if source file exists +if [ ! -f "$DROP_IN_SOURCE" ]; then + log_err "Source configuration file not found: $DROP_IN_SOURCE" + exit 1 +fi + +# Check if NFS mounts exist +log_info "Checking NFS mount configuration..." +if ! systemctl list-units --type=mount | grep -q "nfs-azerothcore.mount"; then + log_warn "nfs-azerothcore.mount not found. This fix requires NFS mounts to be configured." + log_warn "Continue anyway? (y/n)" + read -r response + if [[ ! "$response" =~ ^[Yy]$ ]]; then + log_info "Installation cancelled." + exit 0 + fi +fi + +# Create drop-in directory +log_info "Creating systemd drop-in directory..." +mkdir -p "$(dirname "$DROP_IN_TARGET")" +log_ok "Drop-in directory ready: $(dirname "$DROP_IN_TARGET")" + +# Install configuration file +log_info "Installing NFS dependencies configuration..." +cp "$DROP_IN_SOURCE" "$DROP_IN_TARGET" +chmod 644 "$DROP_IN_TARGET" +log_ok "Configuration installed: $DROP_IN_TARGET" + +# Show what was installed +echo "" +log_info "Installed configuration:" +echo "---" +cat "$DROP_IN_TARGET" +echo "---" +echo "" + +# Reload systemd +log_info "Reloading systemd daemon..." +systemctl daemon-reload +log_ok "Systemd daemon reloaded" + +# Verify configuration +log_info "Verifying Docker service dependencies..." +echo "" +systemctl show -p After,Requires,Wants docker.service | grep -E '^(After|Requires|Wants)=' +echo "" + +# Check if Docker is running +if systemctl is-active --quiet docker.service; then + log_warn "Docker is currently running" + log_warn "The new configuration will take effect on next Docker restart or system reboot" + echo "" + log_info "To apply immediately, restart Docker (WARNING: will stop all containers):" + echo " sudo systemctl restart docker.service" + echo "" + log_info "Or reboot the system:" + echo " sudo reboot" +else + log_ok "Docker is not running - configuration will apply on next start" +fi + +echo "" +log_ok "Docker NFS dependencies fix installed successfully!" +log_info "Docker will now wait for NFS mounts before starting" +log_info "This prevents backup folders from being deleted during server restarts" diff --git a/scripts/bash/migrate-stack.sh b/scripts/bash/migrate-stack.sh index 607ffdf..9089db5 100755 --- a/scripts/bash/migrate-stack.sh +++ b/scripts/bash/migrate-stack.sh @@ -253,7 +253,15 @@ STAGE_SQL_PATH_RAW="$(read_env_value STAGE_PATH_MODULE_SQL "${LOCAL_STORAGE_ROOT if [ -z "${STORAGE_PATH_LOCAL:-}" ]; then STORAGE_PATH_LOCAL="$LOCAL_STORAGE_ROOT" fi -# Expand any env references (e.g., ${STORAGE_PATH_LOCAL}) +# Ensure STORAGE_PATH is defined to avoid set -u failures during expansion +if [ -z "${STORAGE_PATH:-}" ]; then + STORAGE_PATH="$(read_env_value STORAGE_PATH "./storage")" +fi +# Ensure STORAGE_MODULE_SQL_PATH is defined to avoid set -u failures during expansion +if [ -z "${STORAGE_MODULE_SQL_PATH:-}" ]; then + STORAGE_MODULE_SQL_PATH="$(read_env_value STORAGE_MODULE_SQL_PATH "${STORAGE_PATH}/module-sql-updates")" +fi +# Expand any env references (e.g., ${STORAGE_PATH_LOCAL}, ${STORAGE_MODULE_SQL_PATH}) STAGE_SQL_PATH_RAW="$(eval "echo \"$STAGE_SQL_PATH_RAW\"")" LOCAL_STAGE_SQL_DIR="$(resolve_path_relative_to_project "$STAGE_SQL_PATH_RAW" "$PROJECT_ROOT")" REMOTE_STAGE_SQL_DIR="$(resolve_path_relative_to_project "$STAGE_SQL_PATH_RAW" "$PROJECT_DIR")"