From aee1fcc28e08c0fccd6883b9d3afe9f03f099dd8 Mon Sep 17 00:00:00 2001 From: Geoff Bourne Date: Sun, 12 Mar 2023 09:22:25 -0500 Subject: [PATCH] Clarify in docs to not port forward RCON unless secure --- Dockerfile | 2 +- README.md | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a344cff7742..275cf219411 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN --mount=target=/build,source=build \ COPY --chmod=644 files/sudoers* /etc/sudoers.d -EXPOSE 25565 25575 +EXPOSE 25565 # hook into docker BuildKit --platform support # see https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope diff --git a/README.md b/README.md index 21d62b11e99..4a026a541a7 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ [![Build and Publish](https://github.com/itzg/docker-minecraft-server/workflows/Build%20and%20Publish/badge.svg)](https://github.com/itzg/docker-minecraft-server/actions) [![](https://img.shields.io/badge/Donate-Buy%20me%20a%20coffee-orange.svg)](https://www.buymeacoffee.com/itzg) +## Intro + This docker image provides a Minecraft Server that will automatically download the latest stable version at startup. You can also run/upgrade to any specific version or the latest snapshot. See the _Versions_ section below for more information. @@ -19,11 +21,9 @@ where, in this case, the standard server port 25565, will be exposed on your hos > Be sure to always include `-e EULA=TRUE` in your commands and container definitions, as Mojang/Microsoft requires EULA acceptance. -By default, the container will download the latest version of the "vanilla" [Minecraft: Java Edition server](https://www.minecraft.net/en-us/download/server) provided by Mojang. The [`VERSION`](#versions) and the [`TYPE`](#server-types) can be configured to create many variations of desired Minecraft server. +> **DO NOT** port forward RCON on 25575 without first setting `RCON_PASSWORD` to a secure value. It is highly recommended to only use RCON within the container, such as with `rcon-cli`. -## Mitigated Log4jShell Vulnerability - -**Please ensure you have pulled the latest image** since [all official mitigations](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) are automatically applied by the container startup process. +By default, the container will download the latest version of the "vanilla" [Minecraft: Java Edition server](https://www.minecraft.net/en-us/download/server) provided by Mojang. The [`VERSION`](#versions) and the [`TYPE`](#server-types) can be configured to create many variations of desired Minecraft server. ## Looking for a Bedrock Dedicated Server @@ -1902,6 +1902,10 @@ To run this image on a RaspberryPi 3 B+, 4, or newer, use any of the image tags > If experiencing issues such as "sleep: cannot read realtime clock: Operation not permitted", ensure `libseccomp` is up to date on your host. In some cases adding `:Z` flag to the `/data` mount may be needed, [but use cautiously](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label). +## Mitigated Log4jShell Vulnerability + +**Please ensure you have pulled the latest image** since [all official mitigations](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) are automatically applied by the container startup process. + ## Contributing See [Development](DEVELOPMENT.md) and [Building](BUILDING.md).