search

joni1802 / ts3-manager

A modern web interface for maintaining Teamspeak3 servers
https://www.ts3.app
MIT License
189 stars 23 forks source link

Docs: Examples for nginx, systemd, separate user #10

Closed dionysius closed 4 years ago

dionysius commented 4 years ago

My setup consists of running the manager as systemd service with its own user and using an nginx as reverse proxy (On ubuntu 20.04, but is pretty same on all debian based systems). Feel free to use this in the docs/examples:

Create own user:group

adduser --system --no-create-home --group --disabled-password ts3-manager (Automatically creates group thanks to --group)

Systemd service unit

Create file /etc/systemd/system/ts3-manager.service

[Unit]
Description=TeamSpeak 3 Server Manager
After=network.service

[Service]
User=ts3-manager
Group=ts3-manager
Type=simple
WorkingDirectory=/var/www/ts3-manager/ts3.example.com
# Use your wished free port
Environment=PORT=8003
ExecStart=/var/www/ts3-manager/ts3.example.com/ts3-manager
RestartSec=15
Restart=always
# Not so sure about those
StandardOutput=journal
StandardError=inherit

[Install]
WantedBy=multi-user.target

Enable the service: systemctl enable ts3-manager Start the service: systemctl start ts3-manager Verify running: journalctl -fu ts3-manager Verify port open: netstat -tulpen | grep ts3-manager

Nginx reverse proxy configuration

I'm not going into detail here, refer to the docs of nginx for more about configuring nginx.

Create file /etc/nginx/sites-enabled/ts3.example.com and edit to your needs

server {
        # Suggest using ssl, setup is pretty easy using certbot: https://certbot.eff.org/
        listen [::]:443 ssl;
        listen 443 ssl;
        # Without ssl use those
        #listen [::]:80;
        #listen 80;

        server_name ts3.example.com;

        proxy_set_header X-Forwarded-For $remote_addr;

        # Optional: Use additional Basic Auth to protect the app and teamspeak a bit more from attacks. Instructions: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
        #auth_basic "TS3 Manager";
        #auth_basic_user_file /var/www/ts3-manager/ts3.example.com/.htpasswd;

        location / {
                # Insert the port you selected in systemd service unit above
                proxy_pass http://127.0.0.1:8003;
        }

        # Let certbot install certificates for you or remove those if you don't use ssl
        ssl_certificate /etc/letsencrypt/live/ts3.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/ts3.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Restart/reload nginx: systemctl restart nginx

Check if everything works, let your browser open ts3.example.com (your respective address)

joni1802 commented 4 years ago

Thank you. Added systemd and nginx to the docs.

Links: Running as systemd service Reverse proxy NGINX