Additional Info for Server Admins
Clone this wiki locally
Gamocosm creates droplets running 64 bit Fedora 27 (latest as of 2018 Feb 19).
You can see everything Gamocosm does in
server_setup in the project root contains additional resources used for setting up servers.
As of 2018 Feb 19, it currently only contains zram scripts
firewalld sits on top of
iptables and provides a dynamically managed firewall.
Many people (myself included) are familiar with
iptables, but after quickly getting used to it, I find it much easier to use, for experienced and new techies alike.
It was included by default on the Fedora 20 distribution.
Fedora 21 does not include an active firewall service by default, so Gamocosm installs
Gamocosm opens ports 5000 (Minecraft Server Wrapper), and 25565 (Minecraft) to TCP.
It also opens whatever
ssh_port under the "Advanced" tab is to TCP the first time you start a server (if you change the SSH port on your server later, you should update this).
firewall-cmd --get-zones(supported zones)
firewall-cmd --list-all-zones(zones with enabled features)
firewall-cmd [--permanent] [--zone=<zone>] --add-port=<port>[-<port>]/<protocol>
firewall-cmd [--permanent] [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>
firewall-cmd [--zone=<zone>] --query-port=<port>[-<port>]/<protocol>(query if port and protocol combination enabled in a zone)
When you add
--permanent, it does not affect the runtime firewall.
The changes will take affect after rebooting.
Usually, when adding ports you want to run the command once with and once without
--permanent, to make the changes immediate and persistent.
firewall-cmd --add-port=9010/tcp firewall-cmd --permanent --add-port=9010/tcp
Source: Fedora wiki
Checking that your ports are open/accessible
Check that a port is open/accessible from the "outside" by doing
telnet <IP> <port> from your local computer or another server.
You should see "Connection refused", "No route to host", or if it works something like:
Trying 188.8.131.52... Connected to 184.108.40.206. Escape character is '^]'. SSH-2.0-OpenSSH_7.5
You can do this for any port you have a service listening on (the last line would only show for the SSH service/port).
To quit, hit
] which should bring you to a
telnet > prompt, and then you can type
quit and hit enter/return (mashing control-c and enter will usually work too).
Tmux is a terminal multiplexer. It is installed by default by Gamocosm. You can use it to have multiple windows in a single SSH session. You can also use it to leave processes running after disconnecting from SSH, and you can reattach the tmux windows later. Read more about it on its project homepage
Changing the SSH port
Gamocosm sets up SSH on port 4022. You can read more about it on this Stack Exchange/Security thread, but in short changing the default SSH port reduces the number of generic hacking attempts
Open up the new ports! See the
firewalldinstructions above. If you don't open the new ports in the firewall, you won't be able to connect. In Fedora 21 you also have to update SELinux! Run
semanage port -a -t ssh_port_t -p tcp <port>. To show the ports SSH is allowed on, run
semanage port -l | grep ssh
/etc/ssh/sshd_config. There should be a line
Port 4022. Change the number to whatever you want. 22 is the default SSH port
(sudo) systemctl restart sshd
- Update the "SSH port" under the "Advanced" tab on Gamocosm. Otherwise, Gamocosm won't know how to connect to your server (it uses SSH to perform updates if necessary, and test when a server is ready; sometimes when Digital Ocean says a droplet is active, it's not reachable by the network immediately)
- Then next time you try to SSH, use the new port (you won't be disconnected from your existing sessions)
Zram is a kernel module available since Linux 3.14 (Fedora 22 is on 4.0) which avoids paging to the disk by using a compressed block in RAM. It is often helpful for devices with limited RAM (e.g. Google uses it for both Chrome OS and Android)
There is a systemd service file and helper script based on Ubuntu's
zram-config package in
Gamocosm puts them in
/etc/systemd/system/zram.service (as you can see in
However, Gamocosm only enables zram for servers with less than 4GB of RAM
To enable zram (enabled by default for servers < 4GB), do
(sudo) systemctl enable zram (start on boot) and
(sudo) systemctl start zram (start right now).
To disable zram, do
(sudo) systemctl disable zram (don't start on boot) and
(sudo) zram-helper stop (stop right now).
You can optionally delete the two files above (but it really makes no difference)
The total zram size is half the amount of RAM, and is divided into
N devices, where
N is the number of processors (this is what Ubuntu does)
Gamocosm creates a 1GB swap
/swapfile by default.
You can create multiple swaps and enable them.
Creating a swap (run as root, or with sudo)
fallocate -l 512M /swapfile # create swap file, M for Megabytes, G for Gigabytes chmod 600 /swapfile # set proper permissions mkswap /swapfile # format to swap file swapon /swapfile # activate swap file echo "/swapfile none swap defaults 0 0" >> /etc/fstab # make permanent, add to fstab
Removing a swap file (run as root, or with sudo)
swapoff /swapfile rm -f /swapfile sed -i "/\/swapfile none swap defaults 0 0/d" /etc/fstab # remove line from fstab
Source: ArchLinux wiki