Replace CFG_ env-var issues with forwarding.secret file
Closed this issue · 6 comments
I've set up the itzg/mc-proxy image with the very useful env-vars that enables copying of configs from the /config dir, together with interpolation of custom env-vars.
The only problem I've stumbled upon is an issue where the forwarding.secret file will successfully copy over from the /config dir, but the env-var isn't replaced with the actual value. This seems to be because the script won't replace the env-var if that is the only content in the file. Every other CFG_ env-var get's replaced properly, it's only the one in /server/forwarding.secret which doesn't get replaced properly.
Here's the full contents of /config/forwarding.secret:
${CFG_VELOCITY_FORWARDING_SECRET}
Here's the full docker-compose.yml service:
# MC-VELOCITY
mc-velocity:
container_name: mc-velocity
image: itzg/mc-proxy:latest
environment:
- TYPE=VELOCITY
- VELOCITY_VERSION=latest
- VELOCITY_BUILD_ID=latest
- ENABLE_RCON=false
- ICON=$VELOCITY_ICON
- PLUGINS=https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar
- MINECRAFT_VERSION=1.21
- MODRINTH_PROJECTS=viaversion,minimotd,tab-was-taken
- MODRINTH_DOWNLOAD_DEPENDENCIES=required
- REPLACE_ENV_VARIABLES=true
- REPLACE_ENV_DURING_SYNC=true
- CFG_VELOCITY_KICK_EXISTING_PLAYERS=true
- CFG_VELOCITY_PLAYER_FORWARDING_MODE=modern
- CFG_VELOCITY_FORWARDING_SECRET_FILE=forwarding.secret
- CFG_VELOCITY_FORWARDING_SECRET=$VELOCITY_FORWARDING_SECRET
- CFG_MINIMOTD_MOTDS_LINE1=$VELOCITY_MINIMOTD_MOTD
- CFG_LUCKPERMS_STORAGE_METHOD=MariaDB
- CFG_LUCKPERMS_DB_ADDRESS=mariadb
- CFG_LUCKPERMS_DB_NAME=luckperms
- CFG_LUCKPERMS_DB_USERNAME=luckperms
- CFG_LUCKPERMS_DB_PASSWORD=$LUCKPERMS_DB_PASSWORD
- CFG_LUCKPERMS_SERVER=mc-velocity
- CFG_LUCKPERMS_SYNC_MINUTES=3 #Defaults to "-1", which disables the feature.
- CFG_BSTATS_ENABLED=false
ports:
- 25565:25577/tcp
volumes:
- $DATA/mc-velocity/config:/config
- $DATA/mc-velocity/server:/server
tty: true
stdin_open: true
<<: *default_container_settingsThe logs that are relevant to the issue:
2024-10-28T14:15:54.431912837Z [init] Copying configs over...
2024-10-28T14:15:55.451768047Z [mc-image-helper] 14:15:55.449 INFO : Copying /config/forwarding.secret -> /server/forwarding.secret
2024-10-28T14:15:55.457051591Z [mc-image-helper] 14:15:55.456 INFO : Interpolating /config/plugins/bStats/config.txt -> /server/plugins/bStats/config.txt
2024-10-28T14:15:55.459910016Z [mc-image-helper] 14:15:55.459 INFO : Interpolating /config/plugins/luckperms/config.yml -> /server/plugins/luckperms/config.yml
2024-10-28T14:15:55.466984287Z [mc-image-helper] 14:15:55.464 INFO : Interpolating /config/velocity.toml -> /server/velocity.toml
2024-10-28T14:15:55.477159625Z [init] Replacing env variables in configs that match the prefix CFG_...
You might be misunderstanding what Velocity is expecting from that config field. It wants to reference the file that contains the secret value. Instead you're doing some conflicting config that is attempting to read the value from the file into an env var.
Refer to this example https://github.com/itzg/docker-mc-proxy/tree/master/docs/velocity
I'm trying to set the forwarding secret in the docker compose file. I've done this by creating the following entry in the .env file:
VELOCITY_FORWARDING_SECRET=SomeValueWhich is then forwarded to the docker-compose.yml file:
environment:
- CFG_VELOCITY_FORWARDING_SECRET=$VELOCITY_FORWARDING_SECRETLastly it's referenced in the /config/forwarding.secret file as:
${CFG_VELOCITY_FORWARDING_SECRET}
in order to be replaced by the value of the env-var during the container startup script, as described in the following docs: Replacing variables inside configs.
In theory the docker-compose.yml file would look like this in my current setup, after the docker .env file substitution:
environment:
- CFG_VELOCITY_FORWARDING_SECRET=SomeValueTherefore the startup script of itzg/mc-proxy should in theory:
- Copy the
/config/forwarding.secretfile to/server/forwarding.secret - Replace the
${CFG_VELOCITY_FORWARDING_SECRET}value inside the/server/forwarding.secretfile withSomeValue.
The problem is that the replace part of the 2nd step above isn't happening as in the docs referenced previously (Replacing variables inside configs.)
Essentially I'd like to create the forwarding.secret file with a value that is defined in the docker compose .env file, so it could be referenced by all my back-end servers too. This implementation is currently working for both of my back-end servers, one running paper, and the other running fabric with FabricProxy-Lite. The thing missing is the itzg/mc-proxy velocity container being able to take the value from my docker env-var $VELOCITY_FORWARDING_SECRET into the forwarding.secret file.
CFG_VELOCITY_FORWARDING_SECRET_FILE is conflicting and you need to update REPLACE_ENV_SUFFIXES to also include "*.secret" files
CFG_VELOCITY_FORWARDING_SECRET_FILE is conflicting
Thanks for the heads-up! I changed the value to CFG_VELOCITY_FORWARDING_SECRET_FILE_NAME.
you need to update REPLACE_ENV_SUFFIXES to also include "*.secret" files
Oh, I didn't realize that this was an option. Is this documented for the itzg/mc-proxy image? I can see that it's in the docs for itzg/minecraft-server (itzg/minecraft-server - Optional plugins, mods, and config attach points), but didn't know that everything behaved the same for the proxy image.
Here I added the env-var to replace all the default suffixes, and the secret suffix:
environment:
- REPLACE_ENV_SUFFIXES=yml,yaml,txt,cfg,conf,properties,hjson,json,tml,toml,secret Here's my full working docker-compose.yml for that service if anyone else has the same problem:
Show docker-compose.yml
services:
# MC-VELOCITY
mc-velocity:
container_name: mc-velocity
image: itzg/mc-proxy:latest
environment:
- TYPE=VELOCITY
- VELOCITY_VERSION=latest
- VELOCITY_BUILD_ID=latest
- ENABLE_RCON=false
- ICON=$VELOCITY_ICON
- PLUGINS=https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar
- MINECRAFT_VERSION=1.21
- MODRINTH_PROJECTS=viaversion,minimotd,tab-was-taken
- MODRINTH_DOWNLOAD_DEPENDENCIES=required
- REPLACE_ENV_VARIABLES=true
- REPLACE_ENV_DURING_SYNC=true
- REPLACE_ENV_SUFFIXES=yml,yaml,txt,cfg,conf,properties,hjson,json,tml,toml,secret
- CFG_VELOCITY_KICK_EXISTING_PLAYERS=true
- CFG_VELOCITY_PLAYER_FORWARDING_MODE=modern
- CFG_VELOCITY_FORWARDING_SECRET_FILE_NAME=forwarding.secret
- CFG_VELOCITY_FORWARDING_SECRET=$VELOCITY_FORWARDING_SECRET
- CFG_MINIMOTD_MOTDS_LINE1=$VELOCITY_MINIMOTD_MOTD
- CFG_LUCKPERMS_STORAGE_METHOD=MariaDB
- CFG_LUCKPERMS_DB_ADDRESS=mariadb
- CFG_LUCKPERMS_DB_NAME=luckperms
- CFG_LUCKPERMS_DB_USERNAME=luckperms
- CFG_LUCKPERMS_DB_PASSWORD=$LUCKPERMS_DB_PASSWORD
- CFG_LUCKPERMS_SERVER=mc-velocity
- CFG_LUCKPERMS_SYNC_MINUTES=3 #Defaults to "-1", which disables the feature.
- CFG_BSTATS_ENABLED=false
ports:
- 25565:25577/tcp
volumes:
- $DATA/mc-velocity/config:/config
- $DATA/mc-velocity/server:/server
tty: true
stdin_open: true
<<: *default_container_settingsOh, I didn't realize that this was an option. Is this documented for the itzg/mc-proxy image? I can see that it's in the docs
You're right, it seems to be missing. Speaking of the Minecraft server docs, I should probably just have a link to those instead of copying over parts of it.
Sure, that's atleast a more complete and in-depth documentation of all features :)