Minecraft Server on Debian 6+

2014-03-21

Debian Installation
Minecraft Installation
Manual Minecraft Start
Running Minecraft as System Service
Setting Up Periodic Backups
Setting Up NTP
Log Management
Securing the Server

Debian Installation

Most of this guide will suit other GNU/Linux distributions, especially Debian/Ubuntu. I chose Debian because it is most stable and secure. I won't go into much detail with OS setup itself, but start with downloading an ISO image. If you're planning to host a server with more than 4GB of RAM go with amd64 version of the operating system, otherwise choose i386. From the large file list pick 'debian-*-CD1.iso.torrent', burn it/flash it, boot it. Installation is pretty straight forward, keep reading and choose what is best for your location and server setup. If you have no idea what you're doing, refer to this guide, just don't forget during package selection to tick 'OpenSSH Server' and untick 'Graphical Desktop Environment', you don't need a GUI, really. Wait for installation to complete.

Minecraft Installation

Go root, update 'apt-get', install 'screen' and 'Java'. It weighs over 100MB, give it some time to finish.

su
apt-get update
apt-get install screen default-jre

As a security precaution, you need to add a new user to run Minecraft service. Choose any name you want instead of 'minecraft_username'.

useradd -ms /bin/bash minecraft_username
passwd minecraft_username

Use WinSCP to transfer files to your server if you have any saved Minecraft worlds. Log in as minecraft_username, transfer the files to "/home/minecraft_username/mc_server". If you are starting a new map, use 'wget' to download a new 'minecraft_server.jar' from offical Minecraft page:

su minecraft_username
cd ~
mkdir mc_server
cd mc_server
wget https://s3.amazonaws.com/MinecraftDownload/launcher/minecraft_server.jar

There are two ways of starting Minecraft, either as service on system startup or manually.

Manual Minecraft Start

These simple lines will start Minecraft:

su minecraft_username
cd ~/mc_server
java -Xms512M -Xmx1024M -jar minecraft_server.jar nogui

-Xms and -Xmx are start and end points of how much RAM you are willing to dedicate for your Minecraft server. Don't go under 512M if you want to run stably.

Another option is to enter the following:

su minecraft_username
screen -mdS minecraft_console java -Xms512M -Xmx1024M -jar ~/mc_server/minecraft_server.jar nogui

Where '/mc_server' is a directory where you keep 'minecraft_server.jar' and 'minecraft_username' with whatever you thought of earlier. You can also use different screen name for 'minecraft_console'.

If you're lazy you can just put this script inside your '/mc_server' directory and execute it, or just like this:

su minecraft_username
cd ~/mc_server
wget http://www.ignas.net/files/mc_start.sh
chmod +x mc_start.sh
./mc_start.sh

'Screen' command will conveniently place all Minecraft logs in another console window. To switch to that window use command:

screen -r minecraft_console

and to go back to your previous screen press CTRL+A and then D to detach.

Running Minecraft as System Service

You can use 'mc_start.sh' script, described in a previous chapter, and run it as service if you want. Just download this script. Run:

su minecraft_username
cd ~
wget http://www.ignas.net/files/minecraftsh
nano minecraftsh

Edit fourth line. Set path to your 'mc_start.sh' script based on your previous entries. Save and exit. Enter:

su
cp /home/minecraft_username/minecraftsh /etc/init.d/minecraft
cd /etc/init.d/
chmod 755 minecraft
insserv minecraft
exit

Now Minecraft server starts with system boot. You can also start/stop the server with:

/etc/init.d/minecraft start
/etc/init.d/minecraft stop

Next, there is a little bit more sophisticated script. You can find its configuration here, though I made my version of the script with one additional variable to support multiple servers. Copy the script to a file and transfer via WinSCP (run dos2unix to convert text files if you edited them on Windows machine), or copy to PuTTY window (right click) with 'vi' or 'nano' editor open, or download from here or just:

su minecraft_username
cd ~
wget http://www.ignas.net/files/minecraft
nano minecraft

You want to edit few lines based on your created directories during the process of this guide. Like 'minecraft_username' or 'mc_server'.

Change USERNAME='minecraft' to USERNAME='minecraft_username'.
Change WORLD='world' to your saved world's name WORLD='world_name'.
Change MCPATH='/home/minecraft/minecraft' to MCPATH='/home/minecraft_username/mc_server'.
Change BACKUPPATH='/home/minecraft/backup' to BACKUPPATH='/home/minecraft_username/backup' or even BACKUPPATH='/mnt/my_external_disk/backup'.
MAXHEAP=2048 represents '-Xmx' parameter, it defines maximum amount of RAM in megabytes you want to assign to Minecraft.
MINHEAP=1024 represents '-Xms' parameter, it defines initial size of RAM dedicated to a program, setting below 512 is not recommended.
CPU_COUNT=2 depends on how many cores your CPU has.

Press CTRL + x to save the file. Now you need to copy the file to its directory, set proper permissions and apply it:

su
cp /home/minecraft_username/minecraft /etc/init.d/minecraft
cd /etc/init.d/
chmod 755 minecraft
insserv minecraft
exit

Finished. Now you can just run:

/etc/init.d/minecraft start

and server starts! Instead of 'start' you can also append update, status, stop, restart or backup. Like this:

/etc/init.d/minecraft update
/etc/init.d/minecraft status
/etc/init.d/minecraft stop
/etc/init.d/minecraft restart
/etc/init.d/minecraft backup

Setting Up Periodic Backups

Run:

su minecraft_username
crontab -e

Editor window pops up. Add this line:

0 3 * * * /etc/init.d/minecraft backup > /dev/null 2>&1

This will back up your Minecraft server files every day at 3AM. Basically every star [*] represents timestamp [min][hours][day_of_month][month][weekday]. So if you want to back up only once a week, let's say every Thursday at 5:35PM, you enter this:

35 17 * * 4 /etc/init.d/minecraft backup > /dev/null 2>&1

Or if you prefer to back up every 30 minutes:

*/30 * * * * /etc/init.d/minecraft backup > /dev/null 2>&1

/dev/null part of the command stops cron email notifications everytime backup task ends.

Setting Up NTP

Network Time Protocol is a great way of keeping servers in sync. If you have a couple of machines dependent on each other, it's always a good idea to match the clocks.

su
apt-get install ntp
nano /etc/ntp.conf

Default configuration works just fine, but it's a good practice to find a reliable NTP server closest to your location, it's even better if you possess a server with NTPd on your network. Find four lines starting with 'server', comment them out and insert your own:

server ntp.mydomain.com

Or, for example, if you live in U.K.:

server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org

If you changed anything, restart NTP.

/etc/init.d/ntp restart

Log Management

Minecraft server keeps a log of traffic, chat, commands and server events. If you have a busy server, log file could get quite large and difficult to manage. Use logrotate, to periodically cycle the log file. Debian should have logrotate installed with default services, but in case it's not, use apt-get to get it.

su
apt-get install logrotate
cp /etc/logrotate.conf /etc/logrotate.conf.default
nano /etc/logrotate.conf

Now at the end of configuration file append new block of settings.

# Minecraft Server
/home/minecraft_username/mc_server/server.log {
rotate 4
weekly
copytruncate
compress
}

It is self-explanatory, what all of this does:

rotate 4 - keeps last 4 logs.
weekly - rotate log file once a week. You can also set it to daily, monthly or yearly.
copytruncate - makes a copy of a log file and clears the contents of original file.
compress - compresses the log file.

These are enough to keep your logs under control, though depending on your server setup you can also add some of the following lines.

size 100k - when log file reaches 100 kilobytes, it rotates. Can also set it to any size: 1M, 142M, 3G etc.
postrotate /path/to/script.sh endscript - execute a script after log rotation.
notifempty - no rotation is initiated if log file is empty.
missingok - doesn't spit out errors if log file cannot be found.
create 0600 user group - similar to copytruncate (mutually exclusive) only instead of leaving original log file, it moves it to archive and creates a new one with set permissions, user(minecraft_username) and group(minecraft_username).

So these settings are most common ones, refer to manpages if you need more tweaking.

Securing the Server

Nowadays most of Debian/Ubuntu distributions come with firewall, though without any restriction rules. I followed a guide on iptables (firewall) here. Again, copy the basic set of rules from that guide into a file, transfer it with WinSCP, or copy to PuTTY window or download it here and copy it to "/etc/iptables.test.rules". Don't trust random person on the internet, though if you are editing iptables yourself, crucial line you want to add to your configuration is:

-A INPUT -p tcp --dport 25565 -j ACCEPT

It opens up a 25565 port, you guessed it, its a default Minecraft server port. Anyway if you already cross-checked my iptables file and decided that I haven't fiddled with it, run:

su
cd /etc/
wget http://ignas.net/files/iptables.test.rules
iptables-restore < /etc/iptables.test.rules
iptables -L

Check printed list of rules and decide if you accept them. Before you apply these rules, make sure you can access your server physically, i.e. you can plug your monitor into a server and log in directly, otherwise you should make an antilockout script, in case firewall blocks you out. Make a simple script:

cd /root
nano fw-anti-lockout.sh

Paste:

#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Set permissions and make a cronjob:

chmod 750 fw-anti-lockout.sh
crontab -e

Paste this at the end:

*/15 * * * * /root/antilockout.sh > /dev/null 2>&1

Now, every 15 minutes firewall will be reset. If you want to disable this precaution, either delete this whole cron line or just comment it out (insert '#' in the beginning of the line). Alright, back to the firewall. Apply the rules on system startup:

iptables-save > /etc/iptables.up.rules
nano /etc/network/if-pre-up.d/iptables

Paste:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

Save and exit. Make the file executable:

chmod +x /etc/network/if-pre-up.d/iptables

Change configuration permissions:

chmod 600 /etc/iptables.*

Now you have port 22 and 25565 open for SSH and Minecraft only. Also, you don't want to allow straight access to root user via SSH. Edit one sshd_config line:

su
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
nano /etc/ssh/sshd_config

Find the line 'PermitRootLogin yes' and change 'yes' to 'no'. Save and exit. Done. Check out my other guide, if you want to improve server security furthermore.