My setup consists of running the manager as systemd service with its own user and using an nginx as reverse proxy (On ubuntu 20.04, but is pretty same on all debian based systems). Feel free to use this in the docs/examples:
Create own user:group
adduser --system --no-create-home --group --disabled-password ts3-manager
(Automatically creates group thanks to --group)
[Unit]
Description=TeamSpeak 3 Server Manager
After=network.service
[Service]
User=ts3-manager
Group=ts3-manager
Type=simple
WorkingDirectory=/var/www/ts3-manager/ts3.example.com
# Use your wished free port
Environment=PORT=8003
ExecStart=/var/www/ts3-manager/ts3.example.com/ts3-manager
RestartSec=15
Restart=always
# Not so sure about those
StandardOutput=journal
StandardError=inherit
[Install]
WantedBy=multi-user.target
Enable the service: systemctl enable ts3-manager
Start the service: systemctl start ts3-manager
Verify running: journalctl -fu ts3-manager
Verify port open: netstat -tulpen | grep ts3-manager
Nginx reverse proxy configuration
I'm not going into detail here, refer to the docs of nginx for more about configuring nginx.
Create file /etc/nginx/sites-enabled/ts3.example.com and edit to your needs
server {
# Suggest using ssl, setup is pretty easy using certbot: https://certbot.eff.org/
listen [::]:443 ssl;
listen 443 ssl;
# Without ssl use those
#listen [::]:80;
#listen 80;
server_name ts3.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
# Optional: Use additional Basic Auth to protect the app and teamspeak a bit more from attacks. Instructions: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
#auth_basic "TS3 Manager";
#auth_basic_user_file /var/www/ts3-manager/ts3.example.com/.htpasswd;
location / {
# Insert the port you selected in systemd service unit above
proxy_pass http://127.0.0.1:8003;
}
# Let certbot install certificates for you or remove those if you don't use ssl
ssl_certificate /etc/letsencrypt/live/ts3.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ts3.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Restart/reload nginx: systemctl restart nginx
Check if everything works, let your browser open ts3.example.com (your respective address)
My setup consists of running the manager as systemd service with its own user and using an nginx as reverse proxy (On ubuntu 20.04, but is pretty same on all debian based systems). Feel free to use this in the docs/examples:
Create own user:group
adduser --system --no-create-home --group --disabled-password ts3-manager
(Automatically creates group thanks to--group
)Systemd service unit
Create file
/etc/systemd/system/ts3-manager.service
Enable the service:
systemctl enable ts3-manager
Start the service:systemctl start ts3-manager
Verify running:journalctl -fu ts3-manager
Verify port open:netstat -tulpen | grep ts3-manager
Nginx reverse proxy configuration
I'm not going into detail here, refer to the docs of nginx for more about configuring nginx.
Create file
/etc/nginx/sites-enabled/ts3.example.com
and edit to your needsRestart/reload nginx:
systemctl restart nginx
Check if everything works, let your browser open
ts3.example.com
(your respective address)