Linux dedicated server

From Team Fortress Wiki
Revision as of 22:02, 8 August 2018 by Melectrome (talk | contribs) (Small AppID correction)
Jump to: navigation, search

This is a setup guide that walks you through the installation process of a basic Team Fortress 2 dedicated server on GNU/Linux (x86 or amd64) or a FreeBSD (x86 or amd64) system with Linux compatibility patches running in it's kernel. In the example below, the server is installed into the user's home directory in a directory called hlserver.

Basic installation and configuration of a dedicated server is almost the same on most Linux distributions, but small details, such as package names and directories may differ from distribution to distribution. It is recommended that you check your package manager's repositories for the required packages before continuing.

NOTE: Information about running a server on Windows is often applicable on Linux, for example, files like server.cfg and motd_default.txt are identical between platforms. Check that page for additional details and suggestions. Information on that page and this one may also be useful on other Unix-like platforms.

Reading this article

This article has been written according to standard Linux terminal documentation syntax, meaning the following:

  • A command prefixed by # (a hashtag) is meant to be run as root. Most distributions have a separate root account; for other distributions such as Ubuntu, Linux Mint and Crunchbang, prepending sudo to a command will ensure that the command is run as root. An alternative would be to use the su command to make all following commands run as root, although this is not recommended.
  • A command prefixed by $ (a dollar sign) is meant to be run as a regular user without root permissions.
  • ./ means current working directory, the directory in which commands entered into the terminal will be executed.

Requirements

A number of requirements exist in order to run a Team Fortress 2 dedicated server on the GNU/Linux platform, namely:

  • Write-access to the current working directory
  • A version of glibc equal to or newer than 2.3.6.
  • Approximately 8GB of free hard-drive space (for a barebones server with no custom maps, sounds, etc).
  • If you are following this tutorial on a FreeBSD system, then most of the commands shown here are still applicable, but you must enable Linux compatibility in the kernel and install a base system via the ports collection. Instructions to get you started are located here. WARNING: This guide is outdated. Consider consulting the FreeBSD Handbook or other more recent sources of information.
  • In the case of a 64-bit distribution, the package named lib32gcc1 or ia32-libs is required to be installed:
On 64-bit CentOS run:
# yum install ncompress libgcc.x86_64 libgcc.i686 glibc.i686 zlib.i686 ncurses-libs.i686
On 64-bit Debian/Ubuntu/Linux Mint run:
$ sudo dpkg --add-architecture i386
$ sudo apt-get update
$ sudo apt-get install lib32z1 lib32ncurses5:i386 libbz2-1.0:i386 lib32gcc1 lib32stdc++6 libtinfo5:i386 libcurl3-gnutls:i386
For x86_64 Arch Linux run:
# pacman -Syy lib32-gcc-libs
(you need to have multilib repositories enabled)

You may also need to install other packages in their 32-bit forms (eg libcurl4-gnutls).

Download and install the SteamCMD Tool

It is recommended you create a separate user (such as "gameserver") to install and run game servers.

  • Create an user named "gameserver"

# useradd gameserver

  • Create a directory in which SteamCMD will be installed, eg './hlserver':

$ mkdir ./hlserver

  • Change the current working directory to hlserver:

$ cd hlserver

$ wget http://media.steampowered.com/installer/steamcmd_linux.tar.gz

  • Use the tar command to uncompress the archive into the working directory:

tar zxf steamcmd_linux.tar.gz

Creating a SteamCMD update script

  • Create a text file named 'tf2_ds.txt' using your favourite text editor in the SteamCMD install directory, in this guide, we are going to use nano:

nano tf2_ds.txt

  • Add the following details into the file:

login anonymous

force_install_dir ./tf2

app_update 232250

quit

  • Save the file by pressing Ctrl + X.
  • If you want to opt-in to the pre-release version of the TF2 dedicated server, add the following line before app_update (line 3):
beta prerelease

Create an updating shell script

  • Create a file named update.sh in the folder where you installed the SteamCMD tool with the following contents:

#!/bin/sh

./steamcmd.sh +runscript tf2_ds.txt

  • Make the script executable:

chmod +x update.sh

Start the download/update

  • Run $ ./update.sh to start the download. WARNING: This may take several hours with a slow internet connection, as Team Fortress 2 dedicated server content is currently around ~8GB in size.
  • If you receive the error "Error! App '232250' state is 0x202 after update job.", it means you do not have enough available disk space.
  • You may need to run the file *multiple* times until the message "Success! App '232250' fully installed." displays.
  • You can update the server in the future by executing this file again.

Creating/Updating server configuration files

  • Change the current working directory to ~/hlserver/tf2/tf/cfg:

$ cd ~/hlserver/tf2/tf/cfg

  • Create a file named server.cfg:

$ nano server.cfg

hostname "Your_Server's_Name"

rcon_password "Your_Rcon_Password"

sv_contact "admin@yourdomain.com"

mp_timelimit "30"

  • Edit the files motd.txt, maplist.txt (?), and mapcycle.txt, all found in the '~/hlserver/tf2/tf' folder.

Create a shell script to run the server

  • Create a file in './hlserver/tf.sh' with the following contents:
#!/bin/sh
tf2/srcds_run -console -game tf +sv_pure 1 +randommap +maxplayers 24
  • Make the file named ./tf.sh executable:

# chmod u+x tf.sh

  • Run ./tf.sh to launch the server:

$ ./tf.sh

Common errors and fixes

  • [S_API FAIL] SteamAPI_Init() failed; SteamAPI_IsSteamRunning() failed.
    • safe to ignore. This is just the Steam code looking for, but not finding the Steam client.
  • dlopen failed trying to load: /home/ubuntu/.steam/sdk32/steamclient.so
    • TF2 server could not locate 32-bit binary. To fix this, run: $ ln ~/hlserver/tf2/bin ~/.steam/sdk32
  • Could not load: replay_srv.so
    • Search your package manager for packages named libtinfo5:i386, libncurses5:i386, and libcurl3-gnutls:i385, and install them.
  • Segmentation fault (core dumped)
    • This means your dedicated server has crashed. To help resolve the issue, add -debug to the tf2/srcds_run file. Doing this will generate a file named debug.log, which contains detailed information about the crash.

Successful Startup

  • If everything goes well, the terminal should display the following:
Connection to Steam servers successful.
Public IP is X.X.X.X.
Assigned anonymous gameserver Steam ID [A:1:XXXXXXXXXXX:NNNN].
  • You can test connecting to the server using its public IP from steam client
Client "play_username" connected (x.x.x.x:27005)
  • Set up auto-start upon system reboot via rc.d scripts (see further section).

Inbound Port

  • Ports used by TF2 & those that need to be opened on your server to allow connection from users outside your local network. See below section on setting up port forwarding.
    • UDP 27015 - Main connection port (MUST). This is the port and protocol used by the server browser, allows clients to connect.
    • TCP 27015 - This port is used for RCON such as with SourceBans (if needed).
    • UDP 27020 - SourceTV (if enabled). You can disable this port by adding "-nohltv" to the start up command.
    • UDP 27005 - This is an outgoing connection used by clients. Typically you would not need to open this port in your firewall because this is for OUTBOUND connections.
  • if you are using AWS EC2, open at least the main inbound port UDP 27015 src 0.0.0.0/0, and add as other ports as needed.
  • To see ports used by TF2 and user connecting: $ netstat -a |egrep 270

Other command line options

Some other common command-line options for TF2 are:

  • +ip 0.0.0.0 - Bind to a specific IP. By default, listens on all network interfaces
  • -port 27015 - Bind to a different port (27015 is the default)
  • -secured - VAC secured
  • -timeout 0 - Faster server restart on crash
  • -strictportbind - If a server is already running on the specified port, stop the server from running
  • +randommap - Use instead of +map to select a map at random
  • +servercfgfile - Which tf/cfg/ file to execute on map change, defaults to server.cfg
  • +mapcyclefile - Which tf/cfg/ file contains this server's mapcycle, defaults to mapcycle.txt. Will also look in tf/
  • -replay - Executes replay.cfg and adds an additional slot for the replay bot, but removes it from the player count.
  • -autoupdate - Attempts to auto-update the server when an update comes out. You MUST use -steam_dir and -steamcmd_script
  • -steam_dir ~/hlserver/ - Location of steamcmd. Required by -autoupdate
  • -steamcmd_script ~/hlserver/tf2_ds.txt - SteamCMD script to update this server. Required by -autoupdate
  • +sv_shutdown_timeout_minutes 360 - When autoupdating, automatically restart after this many minutes. Defaults to 360 (6 hours).

screen

Many server operators choose to run the server under screen or similar packages (such as tmux), as it allows you to switch between the console and the shell at will, as well as end your SSH session without killing the server. It can be installed via your distribution's package manager. The server can then be run with:

$ screen -m -S tf2 ./srcds_run parameters

Command string example:

$ screen -m -S tf2.MapNameHere -t MapNameHere /home/Username/hlserver/srcds_run -game tf +map MapFileNameHere -maxplayers 32 -autoupdate -steam_dir /home/Username/hlserver/ -steamcmd_script /home/Username/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5 -port 27015 +exec server.cfg +mapcyclefile mapcycle.txt

where parameters is your normal srcds_run parameters. You can use Ctrl+A+D to minimize the console, and screen -r tf2 to bring it back up. Ctrl+D will terminate the session (make sure you use the killserver console command first) and Ctrl+A, followed by Esc will allow you to scroll through it using and . See the manual for more commands and parameters.

Automated startup at server boot

In the event of unexpected power outages, it might be useful to automatically restart your server.

Systemd service and timer

For systems that use systemd instead of init scripts you need to make a systemd service Make a file in the /etc/systemd/system/ directory, named tf2server.service and put the following text into it:

[Unit]
Description=Team Fortress 2 server
RefuseManualStart=no
RefuseManualStop=yes

[Service]
Type=oneshot
ExecStart=/bin/sh /home/tf2server/hlserver/tf2.sh

[Install]
WantedBy=multi-user.target

This should run the shell script at /home/tf2server/hlserver/tf2 at server boot. You can change /home/tf2server/hlserver/tf2.sh in the ExecStart=/bin/sh /home/tf2server/hlserver/tf2.sh line of the tf2server.service to the path your shell script for running the server is. Now only thing left to do is tell systemd to refresh the the *.service files and add the file to the startup:

# systemctl daemon-reload
# systemctl enable tf2server.service

After this, the server should start automatically after the system starts.

Debian init script

NOTE: Most modern systems should be able to use systemd (see above) rather than a system init script. Use these instructions only if you are unable/unwilling to use systemd.

The following example Debian LSB init script can be used to automatically restart the server. Note that screen is used. This script should be named tf2-server and can be put in the folder /etc/init.d. After doing that, run:

$ update-rc.d tf2-server defaults

This should ensure a proper startup of the server after each reboot.

#!/bin/sh

### BEGIN INIT INFO
# Provides:          tf2server
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Team Fortress 2 server
# Description:       Starts a Team Fortress 2 server
### END INIT INFO

NAME="Team Fortress 2"
USER="tf2server"
SCREENREF="tf2"
BINARYPATH="/home/tf2server/hlserver/tf2"
BINARYNAME="srcds_run"
PIDFILE="tf2server.pid"

OPTS="-game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2server/hlserver/ -steamcmd_script /home/tf2server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5"

cd "$BINARYPATH"

running() {
    if [ -n "`pgrep -f $BINARYNAME`" ]; then
        return 0
    else
        return 1
    fi
}

start() {
    if ! running; then
        echo -n "Starting the $NAME server... "
        start-stop-daemon --start --chuid $USER --user $USER --chdir $BINARYPATH --exec "/usr/bin/screen" -- -dmS $SCREENREF $BINARYPATH/$BINARYNAME $OPTS
        pgrep -f $BINARYNAME > $PIDFILE
        if [ -s $PIDFILE ]; then
            echo "Done"
        else
            echo "Failed"
            rm $PIDFILE
        fi
    else
        echo "The $NAME server is already started."
    fi
}

stop() {
    if running; then
        echo -n "Stopping the $NAME server... "
        kill `cat $PIDFILE`
        while running; do
            sleep 1
        done
        rm $PIDFILE
        echo "Done"
    else
        echo "The $NAME server is already stopped."
    fi
}

case "$1" in
    start)
        start
    ;;
    stop)
        stop
    ;;
    restart)
	stop
        start
    ;;
    status)
        if running; then
            echo "The $NAME server is started."
        else
            echo "The $NAME server is stopped."
        fi
    ;;
    *)
        echo "Usage: $0 (start|stop|restart|status)"
        exit 1
esac
exit 0
Upstart script

As above, a systemd script is preferable. But if you'd rather use an upstart script, paste the following into /etc/init/tf2-server.conf

description     "TF2 Server"
author          "TF2 Wiki"

start on runlevel [2345]
stop on starting rc RUNLEVEL=[016]

pre-start script
    cd /home/tf2-server/hlserver
    su -c "screen -dmS tf2 ./srcds_run -game tf +sv_pure 1 +maxplayers 32 +ip 0.0.0.0 +map mvm_decoy -autoupdate -steam_dir /home/tf2-server/hlserver/ -steamcmd_script /home/tf2-server/hlserver/tf2_ds.txt +sv_shutdown_timeout_minutes 5" tf2server
    while [ -z "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

script
    while [ -n "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

post-stop script
    fuser -k /home/tf2-server/hlserver/tf2/srcds_run 
    while [ -n "$(pidof srcds_linux)" ]; do
        sleep 1
    done
end script

IPTables rules

Firstly, run sudo -i to get a root prompt. Then, enter this (all one line). To leave the root prompt and return to the standard user, just type exit like normal.

iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p tcp -m tcp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27016 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27017 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27018 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27019 -m state --state NEW,ESTABLISHED -j ACCEPT && iptables -A INPUT -i venet0 -p udp -m udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT


CentOS 6.4 (minimal install)

on CentOS 6.4 the default IPTables rules has a reject line as the last entry. This will cause all traffic to be rejected if you append (as the above commands recommend). To fix this I recommend first running the server to determine what ports it uses:

netstat -lnptu

This should output something like this:

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:27015               0.0.0.0:*                   LISTEN      1393/./srcds_linux  
tcp        0      0 :::22                       :::*                        LISTEN      -                   
tcp        0      0 ::1:25                      :::*                        LISTEN      -                   
udp        0      0 0.0.0.0:27020               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:26901               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               -                   
udp        0      0 0.0.0.0:27005               0.0.0.0:*                               1393/./srcds_linux  
udp        0      0 0.0.0.0:27015               0.0.0.0:*                               1393/./srcds_linux

The ports listed with the ./srcds_linux name are being used by your server. In this instance port 27015 is using TCP, and ports 26901, 27005, 27015, and 27020 are using UDP. These ports need to be added to the iptables rules so that the firewall will not block access to incoming traffic.

To add them, first you should find out what is currently in your iptables config. You must do all these commands as root. The most secure method of doing this is prepending sudo to each command.

# iptables -nL --line-numbers

Which should output something like this:

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination  

Notice that line 5 says "REJECT all..." This means your server will reject everything. If you choose to append new rules to the iptables, you will still have no success with the server as the rules are followed in the order they appear in iptables. The commands you would like to run (again as root or sudo) are:

# iptables -I INPUT 5 -p tcp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 6 -p udp --dport 27015 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 7 -p udp --dport 27005 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 8 -p udp --dport 27020 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -I INPUT 9 -p udp --dport 26901 -m state --state NEW,ESTABLISHED -j ACCEPT
# service iptables save
# service iptables restart

This will add the new rules above the reject line. If you look at the commands, they have a section that says "-I INPUT 5,6,7,8,9." This is telling what to make the rule number for this entry. Each time you add a new rule, you move the reject line down one, so you increment the rule number. You can choose to just keep adding the commands all as "-I INPUT 5". and everything will still work, but I like to keep my iptables nice and orderly. call me OCD. If you wanted, you could delete the REJECT LINE (sudo iptables -D INPUT 5) and re-add it later, but you have to get the syntax correct so it is easier to insert them above. The save will keep your iptables for reboot, and you must restart the service so the new rules are recognized. Your iptables should now look like this:

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 state NEW,ESTABLISHED 
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27015 state NEW,ESTABLISHED 
7    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27005 state NEW,ESTABLISHED 
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:27020 state NEW,ESTABLISHED 
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:26901 state NEW,ESTABLISHED 
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination 

This should fix your firewall issues.


Troubleshooting

My server doesn’t show up in the LAN tab of my client’s server browser.
I cannot access my loadout when playing on this server.
Are you still able to connect using connect <ip-address> in the Developer Console?
During startup, does your server report the following?
*	Unable to load Steam support library.*
*	This server will operate in LAN mode only.*
When you connect with your client, does the server say the following?
NULL ISteamGameServer in ConnectClient. Steam authentication may fail.
…
Cannot verify load for invalid steam ID […]
If so, then both of these problems have the same solution: Make sure you have a steam_appid.txt file containing the number 232250 in your orange box folder. See Running the server, above.
My server doesn’t auto-update on startup.
When starting up, does your server say the following?
ERROR: -autoupdate requires -steam_dir and -steamcmd_script.
WARNING: Failed to locate steam binary.
WARNING: Could not locate steam binary:, ignoring.
If so, then you need point srcds_run to the location of your SteamCMD binary, using the -steam_dir argument and to your steamcmd update script using the -steamcmd_script argument. See Other command line options, above.
My server is stuck at 0/0 during updates
When an update is running, does the console output the following?
force_install_dir /home/your/server/directory
app_update 232250 validate
Initial App state (0x4) installed
App state (0x4) installed, progress: 0.00 (0 / 0)
Success! App '232250' already up to date.
If so, remove the "validate" instruction from the update command.


My server doesn't work with rcon and/or refuses to broadcast UDP logs
Do you have IPv6 or multiple network interfaces? If so, the server will have an existential crisis when trying to perform these, and you'll need to reassure it by giving it IPs to listen on
To do this, include +ip 0.0.0.0 on the command-line arguments and add rcon_address 0.0.0.0 to your server.cfg
Note: rcon_address is not exclusively used by rcon, UDP logging will fail without it.
steamclient.so error - 64bit

dlopen failed trying to load: ~/.steam/sdk32/steamclient.so with error: ~/.steam/sdk32/steamclient.so: cannot open shared object file: No such file or directory

File is not in the ~.steam/sdk32/ run cp ~/hlserver/linux32/steamclient.so ~/.steam/sdk32/

Could not load replay_srv.so

Search for packages named mailutils, lib32gcc1, libstdc++6, libstdc++6:i386, and libcurl4-gnutls-dev:i386, and install them.

Server fails to start with ./srcds_run line 324 18491 Segmentation fault $HL_CMD

run the following 2 commands

yum install libcurl.i686
ln -s /usr/lib/libcurl.so.4 /usr/lib/libcurl-gnutls.so.4

See also