We will build a secure linux debian based docker container image for a Foundry VTT environment. Foundry VTT is my favourite virtual tabletop system to play online with friends. Debian is my favourite linux distribution, so I combined my favs to create my online service solution.
The project aim is to provide a Dockerfile to build your own debian 10 docker container image and to start a container for FoundryVTT.
| ID | Object | Description |
|---|---|---|
| 0 | Git Repository | create repository on github |
| 1 | Readme | Fill readme file with operating details |
| 2 | Dockerfile - Linux | assemble basic Dockerfile for debian 10 (buster) |
| 3 | Dockerfile - NodeJs | evaluate methods to automate deployment of latest NodeJs version |
| 4 | Dockerfile - FoundryVTT | prepare server environment of Foundry Virtual Tabletop server |
| 5 | Testing - Deployment | Get Foundry Virtual Tabletop license |
| 6 | Testing - Application | Get FVTT up and running as Docker Container |
| 7 | Have fun with FVTT and friends | Invite friends and provide access keys to connect to your server. |
| 8 | SSL/TLS Security | Take a note to connect with TLS certificates using certbot |
All you need to start is:
- Dockerfile experience
- debian linux experience
- debian 10 (slim) for the docker image
- NodeJS 14.x or newer for the docker image
- Foundry VTT account with a purchased software license
- the official Foundry VTT distribution
- Some TCP/IP networking and firewalling experience
- Login to your target linux vps host and become root (# symbol)
- Do some preperations on hosting machine
- Install docker and docker-ce.
- Download Dockerfile
- Create docker image
- Run docker container in detached. volumes and ports
- Login to your created container and start Foundry VTT as user foundry
- Check some firewall rules
If you need more software on your hosting system, add some more sources to your /etc/apt/sources.list
#echo 'deb http://httpredir.debian.org/debian buster main non-free contrib' >> /etc/apt/sources.list
#echo 'deb-src http://httpredir.debian.org/debian buster main non-free contrib' >> /etc/apt/sources.list
#echo 'deb http://security.debian.org/debian-security buster/updates main contrib non-free' >> /etc/apt/sources.list
#echo 'deb-src http://security.debian.org/debian-security buster/updates main contrib non-free' >> /etc/apt/sources.list
You need to do some steps before you can install docker-ce.
#apt update
#apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
#curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
#add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
#apt update
#apt-cache policy docker-ce
#apt install docker-ce
#systemctl status docker
Install some packages if you need more, add some more tools. We don't need to install any manpages on the vps.
#apt install apt-transport-https ca-certificates curl software-properties-common
#apt update && apt upgrade
#apt install apt-file iproute2 inetutils-ping dns-utils free atop tree net-tools ufw
Create your project directory on the host machine (/opt/fvtt)
#mkdir /opt/fvtt
Create your project folder on host machine to work with docker volume and provide files to sync between them (/srv/foundry/xfer)
#mkdir /opt/fvtt/xfer
#useradd -K PASS_MAX_DAYS=-1 foundry
#groupadd fvtt
usermod -a -G fvtt foundry
#chown -R foundry:fvtt /opt/fvtt/
I've downloaded fvtt files outside my linux host and created a read only shared folder for my virtual box machine (also debian 10). My source folder was "/WinShared/Linux\ Server/FoundryVTT-9-2/" and my target /opt/fvtt/xfer. Logged into my virtual machine I've used rsync to syncronize my fvtt files to "/opt/fvtt/xfer" with update options, permissions safed on my host machine. (Change folders if you need)
- Find some examples of rsync options at geeksforgeeks
#rsync -h --progress --stats -r -tgo -p -l -S --update /WinShared/Linux\ Server/FoundryVTT-9-2/ /opt/fvtt/xfer ;
find '/opt/fvtt/xfer/' -perm -2 -type f -exec chmod o-w {} ; ;chmod 760 /opt/fvtt/xfer/ ;
- Change to project directory and download or clone my files from github repository files.
- Change some system config details in the Dockerfile as you wish (hostnames, ports i.e.)
- Docker container is listening on port 12345 (use any Port)
- We share container volume "/srv/foundry/xfer" with our host folder "/opt/fvtt/xfer"
wget https://github.com/k8af/fvtt-buster-Dockerfile/edit/main/Dockerfile
- We create the docker image within the directory where the Dockerfile exists
- Send any docker output to standard output it into a file called "build.log"
- It tooks several minutes to download all parts from internet. (depends on your inet connection)
#docker build -t fvtt-deb10-slim . 1>build_status.log 2>build_error.log
Considering the docker volumes specification, we will share our "/opt/fvtt/xfer/" directory with our new container volume "/srv/foundry/xfer". If all is fine now, run an interactive container in detach mode, with volumes, network and with hostname "fvtt" from the image we've created above
#docker run -itd -h fvtt -p 12345:30000 --ip=172.23.3.2 --volume=/opt/fvtt/xfer:/srv/foundry/xfer --name foundryvtt-server --network=fvtt-net --add-host=fvtt:172.23.3.2 --add-host=rproxy:172.23.3.1 fvtt-deb10-slim
Run and start container in the background without published ports (access by proxy container through exposed port 30000)
#docker run -itd -h fvtt --ip=172.23.3.2 --volume=/opt/fvtt/xfer:/srv/foundry/xfer --name foundryvtt-server --network=fvtt-net --add-host=fvtt:172.23.3.2 --add-host=rproxy:172.23.3.1 fvtt-deb10-slim
#docker container start foundryvtt-server
#docker container stop foundryvtt-server
After you run the container, have a look at the container stats of your host in a seperate terminal with the following command:
docker container stats
#docker exec -it foundryvtt-server /bin/bash
Change to User foundry
#su - foundry
Start Foundry VTT with logfile options and put it in the background
#node /srv/foundry/fvtt/resources/app/main.js --dataPath=/srv/foundry/data 1>>log/access.log 2>>log/error.log &
Hint: You also can try out my simple shell script "Container-Manager" to run, start, stop and login to your container.
We use to open just that ports on our host machine if you need more you can change the commands below
sudo ufw allow 22
sudo ufw allow 12345
sudo ufw allow 443
sudo ufw enable
Foundry VTT Server is listening on Port 30000 by default, my container will redirect it to my hosting port 12345. At this point it depends on your firewall configurations to open your container port to public access.
Take a minute to think about your port forwardings.
Foundry-VTT (30000) <--> Container Port (12345) <--> VPS Provider Firewall Forwarding <--> Public Access
If you want to use SSL/TLS security on your vps machine, I recommend to use certbot. Follow the instructions to install and run certbot on your vps hosting machine without a webserver.
Feel free to download my docker file and improve the container performance or implement new security features. Use the files to test, run and improve your Foundry VTT instance for a better virtual tabletop experience.
- Please comment or send me a feedback on my git account.
- next devop stage is to use ansible playbook
- If you are new to foundry's VTT - virtual Tabletop check: Foundry Virtual Tabletop
- Here you can find more about the the latest Foundry VTT Release
- If you know Foundry VTT but you don't know hosting with docker visit: Hosting with Docker
- A good start to read more about the Foundry VTT installation is the official Installation Guide
- You can find more stuff about the Foundry VTT System if you visit the official wiki.
- Last but not least learn to play rpgs on Foundry's Virtual Table Top join the Foundry VTT community on discord