# ────────────────────────────────────────────────────────────────── # Blessing Skin auth variant — use INSTEAD of Drasl. # ────────────────────────────────────────────────────────────────── # Layer this over the base file: # # docker compose -f docker-compose.yml -f docker-compose.blessingskin.yml up -d # # What it does vs the base stack: # - drasl → left running but UNUSED + unreachable (Caddy no longer # routes to it; it has no host port). Compose merges # depends_on, so it can't be removed from an override — # idling it is the clean option. `docker compose ... stop # drasl` after up if you want it down. # - caddy → auth.* now reverse-proxies blessing-skin:80 # - mariadb → new; Blessing Skin's datastore (no SQLite support) # - blessing-skin → new; PHP skin server + yggdrasil-api plugin # - minecraft → authlib-injector now points at /api/yggdrasil, # ONLINE_MODE=TRUE (real session validation against BSS) # # First-run is a WEB WIZARD — see plan/03b-blessing-skin.md. The yggdrasil-api # plugin must be installed + enabled from the BSS admin panel before the # /api/yggdrasil endpoint (and thus Minecraft login) works. # # DB creds + APP_KEY come from .env (see .env.example: BS_* vars). # ────────────────────────────────────────────────────────────────── services: caddy: # Swap the core ingress conf for the Blessing Skin one (same mount target, # so it shadows the base 00-core.caddy). volumes is a full replacement here. volumes: - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro - ./caddy/conf.d/00-core-blessingskin.caddy:/etc/caddy/conf.d/00-core.caddy:ro - ./pack:/srv/pack:ro depends_on: - blessing-skin mariadb: image: mariadb:11 container_name: mariadb restart: unless-stopped environment: MARIADB_DATABASE: ${BS_DB_NAME} MARIADB_USER: ${BS_DB_USER} MARIADB_PASSWORD: ${BS_DB_PASSWORD} MARIADB_ROOT_PASSWORD: ${BS_DB_ROOT_PASSWORD} TZ: "Europe/Madrid" volumes: - bs_db:/var/lib/mysql healthcheck: test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] interval: 10s timeout: 5s retries: 10 networks: - mcnet blessing-skin: image: azusamikan/blessing-skin-server-docker:latest container_name: blessing-skin restart: unless-stopped # Internal-only — reached via Caddy at auth.${BASE_DOMAIN}. environment: APP_URL: "http://auth.${BASE_DOMAIN}" # Persist APP_KEY across recreates (else sessions/encryption break). # Generate once: docker run --rm azusamikan/blessing-skin-server-docker:latest php artisan key:generate --show APP_KEY: ${BS_APP_KEY} DB_DRIVER: "mysql" DB_HOST: "mariadb" DB_PORT: "3306" DB_DATABASE: ${BS_DB_NAME} DB_USERNAME: ${BS_DB_USER} DB_PASSWORD: ${BS_DB_PASSWORD} TZ: "Europe/Madrid" volumes: - bs_storage:/app/storage # uploaded skins/capes + textures - bs_plugins:/app/plugins # yggdrasil-api plugin lives here depends_on: mariadb: condition: service_healthy networks: - mcnet minecraft: environment: # authlib-injector API root for Blessing Skin's yggdrasil-api plugin # is /api/yggdrasil (NOT /authlib-injector like Drasl). JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/api/yggdrasil" # authlib-injector needs real auth: online-mode TRUE so the server # validates sessions against Blessing Skin. (Drasl variant used FALSE.) ONLINE_MODE: "TRUE" # Keep FALSE for safety on 1.21+. The yggdrasil-api plugin DOES sign # profile keys, so you MAY flip this to TRUE if signed chat is wanted. ENFORCE_SECURE_PROFILE: "FALSE" # Merged with the base depends_on (drasl, caddy); just adds blessing-skin so # Minecraft starts after the skin server is up. depends_on: - blessing-skin volumes: bs_db: bs_storage: bs_plugins: