Linux dedicated server
This guide assumes that the reader has a basic understanding of using the Linux command line. |
This is a setup guide that walks you through the installation process of a basic Team Fortress 2 dedicated server on GNU/Linux (x86 or amd64) or a FreeBSD (x86 or amd64) system with Linux compatibility patches running in it's kernel. In the example below, the server is installed into the user's home directory in a directory called hlserver
.
Basic installation and configuration of a dedicated server is almost the same on most Linux distributions, but small details, such as package names and directories may differ from distribution to distribution. It is recommended that you check your package manager's repositories for the required packages before continuing.
NOTE: Information about running a server on Windows is often applicable on Linux, for example, files like server.cfg
and motd_default.txt
are identical between platforms. Check that page for additional details and suggestions. Information on that page and this one may also be useful on other Unix-like platforms.
Contents
- 1 Reading this article
- 2 Requirements
- 3 Download and install the SteamCMD Tool
- 4 Creating a SteamCMD update script
- 5 Create an updating shell script
- 6 Start the download/update
- 7 Creating/Updating server configuration files
- 8 Create a shell script to run the server
- 9 Common errors and fixes
- 10 Successful Startup
- 11 Inbound Port
- 12 IPTables rules
- 13 Troubleshooting
- 14 See also
Reading this article
This article has been written according to standard Linux terminal documentation syntax, meaning the following:
- A command prefixed by
#
(a hashtag) is meant to be run as root. Most distributions have a separate root account; for other distributions such as Ubuntu, Linux Mint and Crunchbang, prependingsudo
to a command will ensure that the command is run as root. An alternative would be to use thesu
command to make all following commands run as root, although this is not recommended. - A command prefixed by
$
(a dollar sign) is meant to be run as a regular user without root permissions. ./
means current working directory, the directory in which commands entered into the terminal will be executed.
Requirements
A number of requirements exist in order to run a Team Fortress 2 dedicated server on the GNU/Linux platform, namely:
- Write-access to the current working directory
- A version of
glibc
equal to or newer than 2.3.6. - Approximately 8GB of free hard-drive space (for a barebones server with no custom maps, sounds, etc).
- If you are following this tutorial on a FreeBSD system, then most of the commands shown here are still applicable, but you must enable Linux compatibility in the kernel and install a base system via the ports collection. Instructions to get you started are located here. WARNING: This guide is outdated. Consider consulting the FreeBSD Handbook or other more recent sources of information.
- In the case of a 64-bit distribution, the package named lib32gcc1 or ia32-libs is required to be installed:
- On 64-bit CentOS run:
# yum install ncompress libgcc.x86_64 libgcc.i686 glibc.i686 zlib.i686 ncurses-libs.i686
- On 64-bit Debian/Ubuntu/Linux Mint run:
$ sudo dpkg --add-architecture i386
$ sudo apt-get update
$ sudo apt-get install lib32z1 lib32ncurses5:i386 libbz2-1.0:i386 lib32gcc1 lib32stdc++6 libtinfo5:i386 libcurl3-gnutls:i386
- For x86_64 Arch Linux run:
# pacman -Syy lib32-gcc-libs
- (you need to have multilib repositories enabled)
You may also need to install other packages in their 32-bit forms (eg libcurl4-gnutls).
Download and install the SteamCMD Tool
It is recommended you create a separate user (such as "gameserver") to install and run game servers.
- Create an user named "gameserver"
# useradd gameserver
- Create a directory in which SteamCMD will be installed, eg './hlserver':
$ mkdir ./hlserver
- Change the current working directory to hlserver:
$ cd hlserver
- Download steamcmd_linux.tar.gz :
$ wget http://media.steampowered.com/installer/steamcmd_linux.tar.gz
- Use the tar command to uncompress the archive into the working directory:
tar zxf steamcmd_linux.tar.gz
Creating a SteamCMD update script
- Create a text file named 'tf2_ds.txt' using your favourite text editor in the SteamCMD install directory, in this guide, we are going to use nano:
nano tf2_ds.txt
- Add the following details into the file:
login anonymous
force_install_dir ./tf2
app_update 232250
quit
- Save the file by pressing Ctrl + X.
- If you want to opt-in to the pre-release version of the TF2 dedicated server, add the following line before
app_update
(line 3):
beta prerelease
Create an updating shell script
- Create a file named
update.sh
in the folder where you installed the SteamCMD tool with the following contents:
#!/bin/sh
./steamcmd.sh +runscript tf2_ds.txt
- Make the script executable:
chmod +x update.sh
Start the download/update
- Run
$ ./update.sh
to start the download. WARNING: This may take several hours with a slow internet connection, as Team Fortress 2 dedicated server content is currently around ~8GB in size. - If you receive the error "Error! App '232250' state is 0x202 after update job.", it means you do not have enough available disk space.
- You may need to run the file *multiple* times until the message "Success! App '232250' fully installed." displays.
- You can update the server in the future by executing this file again.
Creating/Updating server configuration files
- Change the current working directory to
~/hlserver/tf2/tf/cfg
:
$ cd ~/hlserver/tf2/tf/cfg
- Create a file named server.cfg:
$ nano server.cfg
- Add the following content into your server.cfg (see Windows dedicated server for more information):
hostname "Your_Server's_Name"
rcon_password "Your_Rcon_Password"
sv_contact "admin@yourdomain.com"
mp_timelimit "30"
- Edit the files motd.txt, maplist.txt (?), and mapcycle.txt, all found in the '~/hlserver/tf2/tf' folder.
Create a shell script to run the server
- Create a file in './hlserver/tf.sh' with the following contents:
#!/bin/sh
tf2/srcds_run -console -game tf +sv_pure 1 +randommap +maxplayers 24
- Make the file named ./tf.sh executable:
# chmod u+x tf.sh
- Run
./tf.sh
to launch the server:
$ ./tf.sh
Common errors and fixes
- [S_API FAIL] SteamAPI_Init() failed; SteamAPI_IsSteamRunning() failed.
- safe to ignore. This is just the Steam code looking for, but not finding the Steam client.
- dlopen failed trying to load: /home/ubuntu/.steam/sdk32/steamclient.so
- TF2 server could not locate 32-bit binary. To fix this, run:
$ ln ~/hlserver/tf2/bin ~/.steam/sdk32
- Could not load: replay_srv.so
- Search your package manager for packages named libtinfo5:i386, libncurses5:i386, and libcurl3-gnutls:i385, and install them.
- Segmentation fault (core dumped)
- This means your dedicated server has crashed. To help resolve the issue, add
-debug
to the tf2/srcds_run file. Doing this will generate a file named debug.log, which contains detailed information about the crash.
Successful Startup
- If everything goes well, the terminal should display the following:
Connection to Steam servers successful.
Public IP is X.X.X.X.
Assigned anonymous gameserver Steam ID [A:1:XXXXXXXXXXX:NNNN].
- You can test connecting to the server using its public IP from steam client
Client "play_username" connected (x.x.x.x:27005)
- Set up auto-start upon system reboot via rc.d scripts (see further section).
Inbound Port
- Ports used by TF2 & those that need to be opened on your server to allow connection from users outside your local network. See below section on setting up port forwarding.
- UDP 27015 - Main connection port (MUST). This is the port and protocol used by the server browser, allows clients to connect.
- TCP 27015 - This port is used for RCON such as with SourceBans (if needed).
- UDP 27020 - SourceTV (if enabled). You can disable this port by adding "-nohltv" to the start up command.
- UDP 27005 - This is an outgoing connection used by clients. Typically you would not need to open this port in your firewall because this is for OUTBOUND connections.
- if you are using AWS EC2, open at least the main inbound port UDP 27015 src 0.0.0.0/0, and add as other ports as needed.
- To see ports used by TF2 and user connecting:
$ netstat -a |egrep 270
Other command line options
Some other common command-line options for TF2 are:
+ip 0.0.0.0
- Bind to a specific IP. By default, listens on all network interfaces
-port 27015
- Bind to a different port (27015 is the default)
-secured
- VAC secured
-timeout 0
- Faster server restart on crash
-strictportbind
- If a server is already running on the specified port, stop the server from running
+randommap
- Use instead of +map to select a map at random
+servercfgfile
- Which tf/cfg/ file to execute on map change, defaults to server.cfg
+mapcyclefile
- Which tf/cfg/ file contains this server's mapcycle, defaults to mapcycle.txt. Will also look in tf/
-replay
- Executes replay.cfg and adds an additional slot for the replay bot, but removes it from the player count.
-autoupdate
- Attempts to auto-update the server when an update comes out. You MUST use -steam_dir and -steamcmd_script
-steam_dir ~/hlserver/
- Location of steamcmd. Required by -autoupdate
-steamcmd_script ~/hlserver/tf2_ds.txt
- SteamCMD script to update this server. Required by -autoupdate
+sv_shutdown_timeout_minutes 360
- When autoupdating, automatically restart after this many minutes. Defaults to 360 (6 hours).
screen
Many server operators choose to run the server under screen
or similar packages (such as tmux
), as it allows you to switch between the console and the shell at will, as well as end your SSH session without killing the server. It can be installed via your distribution's package manager. The server can then be run with:
$ screen -m -S tf2 ./srcds_run parameters
Command string example:
$ screen -m -S tf2.MapNameHere -t MapNameHere /home/Username/hlserver/srcds_run -game tf +map MapFileNameHere -maxplayers 32 -autoupdate -steam_dir /home/Username/hlserver/ -steamcmd_script /home/Username/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5 -port 27015 +exec server.cfg +mapcyclefile mapcycle.txt
where parameters is your normal srcds_run
parameters. You can use Ctrl+A+D to minimize the console, and screen -r tf2
to bring it back up. Ctrl+D will terminate the session (make sure you use the killserver console command first) and Ctrl+A, followed by Esc will allow you to scroll through it using ↑ and ↓. See the manual for more commands and parameters.
Automated startup at server boot
In the event of unexpected power outages, it might be useful to automatically restart your server.
Systemd service and timer
For systems that use systemd instead of init scripts you need to make a systemd service
Make a file in the /etc/systemd/system/ directory, named tf2server.service and put the following text into it:
[Unit]
Description=Team Fortress 2 server
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/bin/sh /home/tf2server/hlserver/tf2.sh
[Install]
WantedBy=multi-user.target
This should run the shell script at /home/tf2server/hlserver/tf2 at server boot. You can change /home/tf2server/hlserver/tf2.sh in the ExecStart=/bin/sh /home/tf2server/hlserver/tf2.sh
line of the tf2server.service to the path your shell script for running the server is. Now only thing left to do is tell systemd to refresh the the *.service files and add the file to the startup:
# systemctl daemon-reload
# systemctl enable tf2server.service
After this, the server should start automatically after the system starts.
Debian init script
NOTE: Most modern systems should be able to use systemd (see above) rather than a system init script. Use these instructions only if you are unable/unwilling to use systemd.
The following example Debian LSB init script can be used to automatically restart the server. Note that screen
is used. This script should be named tf2-server and can be put in the folder /etc/init.d. After doing that, run:
$ update-rc.d tf2-server defaults
This should ensure a proper startup of the server after each reboot.
#!/bin/sh
### BEGIN INIT INFO
# Provides: tf2server
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Team Fortress 2 server
# Description: Starts a Team Fortress 2 server
### END INIT INFO
NAME="Team Fortress 2"
USER="tf2server"
SCREENREF="tf2"
BINARYPATH="/home/tf2server/hlserver/tf2"
BINARYNAME="srcds_run"
PIDFILE="tf2server.pid"
OPTS="-game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2server/hlserver/ -steamcmd_script /home/tf2server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5"
cd "$BINARYPATH"
running() {
if [ -n "`pgrep -f $BINARYNAME`" ]; then
return 0
else
return 1
fi
}
start() {
if ! running; then
echo -n "Starting the $NAME server... "
start-stop-daemon --start --chuid $USER --user $USER --chdir $BINARYPATH --exec "/usr/bin/screen" -- -dmS $SCREENREF $BINARYPATH/$BINARYNAME $OPTS
pgrep -f $BINARYNAME > $PIDFILE
if [ -s $PIDFILE ]; then
echo "Done"
else
echo "Failed"
rm $PIDFILE
fi
else
echo "The $NAME server is already started."
fi
}
stop() {
if running; then
echo -n "Stopping the $NAME server... "
kill `cat $PIDFILE`
while running; do
sleep 1
done
rm $PIDFILE
echo "Done"
else
echo "The $NAME server is already stopped."
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
if running; then
echo "The $NAME server is started."
else
echo "The $NAME server is stopped."
fi
;;
*)
echo "Usage: $0 (start|stop|restart|status)"
exit 1
esac
exit 0
Upstart script
As above, a systemd script is preferable. But if you'd rather use an upstart script, paste the following into /etc/init/tf2-server.conf
description "TF2 Server"
author "TF2 Wiki"
start on runlevel [2345]
stop on starting rc RUNLEVEL=[016]
pre-start script
cd /home/tf2-server/hlserver
su -c "screen -dmS tf2 ./srcds_run -game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2-server/hlserver/ -steamcmd_script /home/tf2-server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5" tf2server
while [ -z "$(pidof srcds_linux)" ]; do
sleep 1
done
end script
script
while [ -n "$(pidof srcds_linux)" ]; do
sleep 1
done
end script
post-stop script
fuser -k /home/tf2-server/hlserver/tf2/srcds_run
while [ -n "$(pidof srcds_linux)" ]; do
sleep 1
done
end script
IPTables rules
Firstly, run sudo -i
to get a root prompt. Then, enter this (all one line). To leave the root prompt and return to the standard user, just type exit
like normal.
iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
CentOS 6.4 (minimal install)
on CentOS 6.4 the default IPTables rules has a reject line as the last entry. This will cause all traffic to be rejected if you append (as the above commands recommend). To fix this I recommend first running the server to determine what ports it uses:
netstat -lnptu
This should output something like this:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:27015 0.0.0.0:* LISTEN 1393/./srcds_linux
tcp 0 0 :::22 :::* LISTEN -
tcp 0 0 ::1:25 :::* LISTEN -
udp 0 0 0.0.0.0:27020 0.0.0.0:* 1393/./srcds_linux
udp 0 0 0.0.0.0:26901 0.0.0.0:* 1393/./srcds_linux
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:27005 0.0.0.0:* 1393/./srcds_linux
udp 0 0 0.0.0.0:27015 0.0.0.0:* 1393/./srcds_linux
The ports listed with the ./srcds_linux name are being used by your server. In this instance port 27015 is using TCP, and ports 26901, 27005, 27015, and 27020 are using UDP. These ports need to be added to the iptables rules so that the firewall will not block access to incoming traffic.
To add them, first you should find out what is currently in your iptables config. You must do all these commands as root. The most secure method of doing this is prepending sudo
to each command.
# iptables -nL --line-numbers
Which should output something like this:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Notice that line 5 says "REJECT all..." This means your server will reject everything. If you choose to append new rules to the iptables, you will still have no success with the server as the rules are followed in the order they appear in iptables. The commands you would like to run (again as root or sudo) are:
# iptables -I INPUT 5 -p tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 6 -p udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 7 -p udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 8 -p udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 9 -p udp --dport 26901 -m state --state NEW,ESTABLISHED -j ACCEPT
# service iptables save
# service iptables restart
This will add the new rules above the reject line. If you look at the commands, they have a section that says "-I INPUT 5,6,7,8,9." This is telling what to make the rule number for this entry. Each time you add a new rule, you move the reject line down one, so you increment the rule number. You can choose to just keep adding the commands all as "-I INPUT 5". and everything will still work, but I like to keep my iptables nice and orderly. call me OCD. If you wanted, you could delete the REJECT LINE (sudo iptables -D INPUT 5) and re-add it later, but you have to get the syntax correct so it is easier to insert them above. The save will keep your iptables for reboot, and you must restart the service so the new rules are recognized. Your iptables should now look like this:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:27015 state NEW,ESTABLISHED
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:27015 state NEW,ESTABLISHED
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:27005 state NEW,ESTABLISHED
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:27020 state NEW,ESTABLISHED
9 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:26901 state NEW,ESTABLISHED
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
This should fix your firewall issues.
Troubleshooting
- My server doesn’t show up in the LAN tab of my client’s server browser.
- I cannot access my loadout when playing on this server.
- Are you still able to connect using
connect <ip-address>
in the Developer Console?
- During startup, does your server report the following?
* Unable to load Steam support library.*
* This server will operate in LAN mode only.*
- When you connect with your client, does the server say the following?
NULL ISteamGameServer in ConnectClient. Steam authentication may fail.
…
Cannot verify load for invalid steam ID […]
- If so, then both of these problems have the same solution: Make sure you have a
steam_appid.txt
file containing the number 232250
in your orange box
folder. See Running the server, above.
- My server doesn’t auto-update on startup.
- When starting up, does your server say the following?
ERROR: -autoupdate requires -steam_dir and -steamcmd_script.
WARNING: Failed to locate steam binary.
WARNING: Could not locate steam binary:, ignoring.
- If so, then you need point
srcds_run
to the location of your SteamCMD binary, using the -steam_dir
argument and to your steamcmd update script using the -steamcmd_script
argument. See Other command line options, above.
- My server is stuck at 0/0 during updates
- When an update is running, does the console output the following?
force_install_dir /home/your/server/directory
app_update 232250 validate
Initial App state (0x4) installed
App state (0x4) installed, progress: 0.00 (0 / 0)
Success! App '232250' already up to date.
- If so, remove the "validate" instruction from the update command.
- My server doesn't work with rcon and/or refuses to broadcast UDP logs
- Do you have IPv6 or multiple network interfaces? If so, the server will have an existential crisis when trying to perform these, and you'll need to reassure it by giving it IPs to listen on
- To do this, include
+ip 0.0.0.0
on the command-line arguments and add rcon_address 0.0.0.0
to your server.cfg
- Note:
rcon_address
is not exclusively used by rcon, UDP logging will fail without it.
- steamclient.so error - 64bit
dlopen failed trying to load:
~/.steam/sdk32/steamclient.so
with error:
~/.steam/sdk32/steamclient.so: cannot open shared object file: No such file or directory
File is not in the ~.steam/sdk32/ run
cp ~/hlserver/linux32/steamclient.so ~/.steam/sdk32/
- Could not load replay_srv.so
Search for packages named mailutils
, lib32gcc1
, libstdc++6
, libstdc++6:i386
, and libcurl4-gnutls-dev:i386
, and install them.
- Server fails to start with ./srcds_run line 324 18491 Segmentation fault $HL_CMD
run the following 2 commands
yum install libcurl.i686
ln -s /usr/lib/libcurl.so.4 /usr/lib/libcurl-gnutls.so.4
See also