Linux dedicated server

From Team Fortress Wiki
Revision as of 15:19, 27 January 2014 by Autotune (talk | contribs) (Automated startup at server boot)
Jump to: navigation, search

This is a setup guide that allows you to install a basic Team Fortress 2 Linux dedicated server. In the below example the server is installed into the user's home directory in a directory called 'hlserver'.

Basic installation and configuration for a Linux dedicated server is the same for all distributions, but small details, such as package names, directories, etc. may differ from distribution to distribution. It is recommended that you check your distribution's repositories for the required packages before continuing. A link to a chef recipe based on this guide is also available in the "See also" section.

Reading this article

This article has been written according to standard Linux documentation syntax, meaning the following:

  • A command prefixed by # (a hash) is meant to be run as root. Most distributions have a separate root account; for other distributions such as Ubuntu, Linux Mint, Crunchbang, etc., the sudo prefix to a command will ensure the command is run as root.
  • A command prefixed by $ (a dollarsign) is meant to be run as a user.
  • ./ means "current working directory".

Requirements

A number of requirements exist in order to run a Team Fortress 2 server on the Linux platform, namely:

  • Write-access to the current working directory
  • glibc >= 2.3.6
  • Approximately 4.49GB hard-drive space (for a barebones server with no custom maps, sounds, etc.)
  • In the case of a 64-bit distribution, the package lib32gcc1 or ia32-libs is required to be installed:

On 64-bit CentOS run:

# yum install libgcc.i686 glibc.i686

On 64-bit Debian/Ubuntu/Linux Mint run:

$ sudo apt-get install lib32gcc1 ia32-libs

For x86_64 Arch Linux see here

  • If you are installing on CentOS, you will have to use this command before yum install ncompress
  • If you are installing on FreeBSD (which is not Linux at all), you must enable Linux compatibility in the kernel and install a base system via the ports collection. Instructions to get you started are located here.

Download and install the SteamCMD Tool

It is recommended you create a separate user (such as "gameserver") to install and run game servers.

tar zxf steamcmd_linux.tar.gz

Create a steamcmd script

  • Create a file called tf2_ds.txt in the folder where you install the tool, i.e. './hlserver'
  • Edit the file with this text:
login anonymous
force_install_dir ./tf2
app_update 232250
quit

If you want to opt in to the prerelease version of the TF2 dedicated server, add this line before the app_update line:

beta prerelease

Create an updating batch file

  • Create a file called update.sh in the folder where you installed the tool, i.e. './hlserver'
  • Edit the file with this text:
#!/bin/sh
./steamcmd.sh +runscript tf2_ds.txt

Start the download/update

  • Run ./update.sh to start the download, may take several hours as dedicated server content is currently 4.4GB
  • If however you get a permission denied error, execute this:
chmod +x update.sh
  • You may need to run the file *multiple* times until the message "Success! App '232250' fully installed." displays.

Create/Update server files

  • Create a file called server.cfg in '~/hlserver/tf2/tf/cfg'
  • Edit the file with these details
hostname "Your_Servers_Name"
rcon_password "Your_Rcon_Password"
sv_contact "admin@yourdomain.com"
mp_timelimit "30" 
  • Edit the files motd.txt, maplist.txt and mapcycle.txt all found in the '~/hlserver/tf2/tf' folder

Create a shell script to run the server

  • Create a file in './hlserver/' called tf.sh
  • Edit the file with this text:
#!/bin/sh
tf2/srcds_run -game tf +sv_pure 1 +map ctf_2fort.bsp +maxplayers 24
  • Run the file tf.sh to start your server

Other command line options

Some other common command-line options for TF2 are:

  • +ip 1.2.3.4 - Bind to a specific IP. By default, listens on all network interfaces
  • -port 27015 - Bind to a different port (27015 is the default)
  • -strictportbind - If a server is already running on the specified port, stop the server from running
  • +randommap - Use instead of +map to select a map at random
  • +servercfgfile - Which tf/cfg/ file to execute on map change, defaults to server.cfg
  • +mapcyclefile - Which tf/cfg/ file contains this server's mapcycle, defaults to mapcycle.txt. Will also look in tf/
  • -replay - Executes replay.cfg and adds an additional slot for the replay bot, but removes it from the player count.
  • -autoupdate - Attempts to auto-update the server when an update comes out. You MUST use -steam_dir and -steamcmd_script
  • -steam_dir ~/hl1server/ - Location of steamcmd. Required by -autoupdate
  • -steamcmd_script ~/hl1server/tf2_ds.txt - SteamCMD script to update this server. Required by -autoupdate
  • +sv_shutdown_timeout_minutes 360 - When autoupdating, automatically restart after this many minutes. Defaults to 360 (6 hours).

screen

Many server operators choose to run the server under screen, as it allows you to switch between the console and the shell at will, as well as end your SSH session without killing the server. It can be installed via your distribution's package manager. The server can then be run with:

$ screen -m -S tf2 ./srcds_run parameters

where parameters is your normal srcds_run parameters. You can use Ctrl+A+D to minimize the console, and screen -r tf2 to bring it back up. Ctrl+D will terminate the session (make sure you use the killserver console command first) and Ctrl+A+[ will allow you to scroll through it. See the manual for more commands and parameters.

Automated startup at server boot

In the event of unexpected power outages, it might be useful to automatically restart your server. The following example Debian LSB init script can be used to automatically restart the server. Note that screen is used. This script should be named tf2-server and can be put in the folder /etc/init.d. After doing that, run:

$ update-rc.d tf2-server defaults

This should ensure a proper startup of the server after each reboot.

#!/bin/sh

### BEGIN INIT INFO
# Provides:          tf2server
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Team Fortress 2 server
# Description:       Starts a Team Fortress 2 server
### END INIT INFO

NAME="Team Fortress 2"
USER="tf2server"
SCREENREF="tf2"
BINARYPATH="/home/tf2server/hlserver/tf2"
BINARYNAME="srcds_run"
PIDFILE="tf2server.pid"

OPTS="-game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2server/hlserver/ -steamcmd_script /home/tf2server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5"

cd "$BINARYPATH"

running() {
    if [ -n "`pgrep -f $BINARYNAME`" ]; then
        return 0
    else
        return 1
    fi
}

start() {
    if ! running; then
        echo -n "Starting the $NAME server... "
        start-stop-daemon --start --chuid $USER --user $USER --chdir $BINARYPATH --exec "/usr/bin/screen" -- -dmS $SCREENREF $BINARYPATH/$BINARYNAME $OPTS
        pgrep -f $BINARYNAME > $PIDFILE
        if [ -s $PIDFILE ]; then
            echo "Done"
        else
            echo "Failed"
            rm $PIDFILE
        fi
    else
        echo "The $NAME server is already started."
    fi
}

stop() {
    if running; then
        echo -n "Stopping the $NAME server... "
        kill `cat $PIDFILE`
        while running; do
            sleep 1
        done
        rm $PIDFILE
        echo "Done"
    else
        echo "The $NAME server is already stopped."
    fi
}

case "$1" in
    start)
        start
    ;;
    stop)
        stop
    ;;
    restart)
	stop
        start
    ;;
    status)
        if running; then
            echo "The $NAME server is started."
        else
            echo "The $NAME server is stopped."
        fi
    ;;
    *)
        echo "Usage: $0 (start|stop|restart|status)"
        exit 1
esac
exit 0

Alternatively, if you'd rather use an upstart script, paste the following into /etc/init/tf2-server.conf

description     "TF2 Server"
author          "TF2 Wiki"

start on runlevel [2345]
stop on starting rc RUNLEVEL=[016]

pre-start script
    cd /home/tf2-server/hlserver
    su -c "screen -dmS tf2 ./srcds_run -game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2server/hlserver/ -steamcmd_script /home/tf2server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5" tf2server
    while [ -z "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

script
    while [ -n "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

post-stop script
    fuser -k /home/tf2server/hlserver/tf2/srcds_run 
    while [ -n "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

iptables rules

sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i venet0 -p udp -m udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
  • Note: may be shortened if you have multiports extension.

CentOS 6.4 (minimal install)

on CentOS 6.4 the default iptables rules has a reject line as the last entry. This will cause all traffic to be rejected if you append (as the above commands recommend). To fix this I recommend first running the server to determine what ports it uses:

netstat -lnptu

This should output something like this:

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:27015               0.0.0.0:*                   LISTEN      1393/./srcds_linux  
tcp        0      0 :::22                       :::*                        LISTEN      -                   
tcp        0      0 ::1:25                      :::*                        LISTEN      -                   
udp        0      0 0.0.0.0:27020               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:26901               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               -                   
udp        0      0 0.0.0.0:27005               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:27015               0.0.0.0:*                               1393/./srcds_linux

The ports listed with the ./srcds_linux name are being used by your server. In this instance port 27015 is using TCP, and ports 26901, 27005, 27015, and 27020 are using UDP. These ports need to be added to the iptables rules so that the firewall will not block access to incoming traffic.

To add them, first you should find out what is currently in your iptables config. You must do all these commands as root. The best practice is to add your account to the sudoers file so that you are somewhat restricted and access will time out. The choice is yours, su and login, or sudo

sudo iptables -nL --line-numbers

Which should output something like this:

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination  

Notice that line 5 says "REJECT all..." This means your server will reject everything. If you choose to append new rules to the iptables, you will still have no success with the server as the rules are followed in the order they appear in iptables. The commands you would like to run (again as root or sudo) are:

sudo iptables -I INPUT 5 -p tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -I INPUT 6 -p udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -I INPUT 7 -p udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -I INPUT 8 -p udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -I INPUT 9 -p udp --dport 26901 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo service iptables save
sudo service iptables restart

This will add the new rules above the reject line. If you look at the commands, they have a section that says "-I INPUT 5,6,7,8,9." This is telling what to make the rule number for this entry. Each time you add a new rule, you move the reject line down one, so you increment the rule number. You can choose to just keep adding the commands all as "-I INPUT 5". and everything will still work, but I like to keep my iptables nice and orderly. call me OCD. If you wanted, you could delete the REJECT LINE (sudo iptables -D INPUT 5) and re-add it later, but you have to get the syntax correct so it is easier to insert them above. The save will keep your iptables for reboot, and you must restart the service so the new rules are recognized. Your iptables should now look like this:

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 state NEW,ESTABLISHED 
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27015 state NEW,ESTABLISHED 
7    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27005 state NEW,ESTABLISHED 
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27020 state NEW,ESTABLISHED 
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:26901 state NEW,ESTABLISHED 
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination 

This should fix your firewall issues.


Troubleshooting

My server doesn’t show up in the LAN tab of my client’s server browser.
I cannot access my loadout when playing on this server.
Are you still able to connect using connect <ip-address> in the Developer Console?
During startup, does your server report the following?
*	Unable to load Steam support library.*
*	This server will operate in LAN mode only.*
When you connect with your client, does the server say the following?
NULL ISteamGameServer in ConnectClient. Steam authentication may fail.
…
Cannot verify load for invalid steam ID […]
If so, then both of these problems have the same solution: Make sure you have a steam_app.txt file containing the number 440 in your orange box folder. See Running the server, above.
My server doesn’t auto-update on startup.
When starting up, does your server say the following?
ERROR: -autoupdate requires -steam_dir and -steamcmd_script.
WARNING: Failed to locate steam binary.
WARNING: Could not locate steam binary:, ignoring.
If so, then you need point srcds_run to the location of your SteamCMD binary, using the -steam_dir argument and to your steamcmd update script using the -steamcmd_script argument. See Other command line options, above.
My server is stuck at 0/0 during updates
When an update is running, does the console output the following?
force_install_dir /home/your/server/directory
app_update 232250 validate
Initial App state (0x4) installed
App state (0x4) installed, progress: 0.00 (0 / 0)
Success! App '232250' already up to date.
If so, remove the "validate" instruction from the update command.


My server doesn't work with rcon and/or refuses to broadcast UDP logs
Do you have IPv6 or multiple network interfaces? If so, the server will have an existential crisis when trying to perform these, and you'll need to reassure it by giving it IPs to listen on:
To do this, include +ip 0.0.0.0 on the command-line arguments and add rcon_address 0.0.0.0 to your server.cfg
Note: rcon_address is not exclusively used by rcon, UDP logging will fail without it.

See also