Override stack that swaps Drasl for Blessing Skin Server + MariaDB, talking to Minecraft via the yggdrasil-api plugin (authlib endpoint /api/yggdrasil, ONLINE_MODE=TRUE). Caddy auth.* repointed to blessing-skin:80; Drasl left idle (compose merges depends_on). Run: docker compose -f docker-compose.yml -f docker-compose.blessingskin.yml up -d Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
3.9 KiB
Blessing Skin — auth + skin server (Drasl alternative)
Summary
Drop-in alternative to Drasl (plan/03-drasl.md). Blessing Skin Server (BSS) is
a PHP skin station; the yggdrasil-api plugin gives it a Yggdrasil API that
authlib-injector talks to — same end result as Drasl, different internals.
Run it as an override instead of Drasl:
docker compose -f docker-compose.yml -f docker-compose.blessingskin.yml up -d
The override (docker-compose.blessingskin.yml) repoints Caddy's auth.* vhost
at blessing-skin:80, adds mariadb + blessing-skin, and switches the
Minecraft authlib endpoint to /api/yggdrasil. Drasl stays defined but idle and
unreachable (compose merges depends_on, so an override can't remove it);
docker compose … stop drasl after up if you want it down.
Drasl vs Blessing Skin — what changes
| Drasl | Blessing Skin | |
|---|---|---|
| Backend | single Go binary | PHP app + MariaDB (no SQLite) |
| Config | rendered config.toml |
web install wizard + DB |
| Yggdrasil API | built in | yggdrasil-api plugin (install + enable) |
| authlib endpoint | …/authlib-injector |
…/api/yggdrasil |
| OIDC/Keycloak | supported (future) | not native (OAuth plugins exist) |
| Server online-mode | repo used FALSE | TRUE (real session validation) |
Setup (first run)
cp .env.example .env, fill theBS_*vars. GenerateBS_APP_KEY:docker run --rm azusamikan/blessing-skin-server-docker:latest \ php artisan key:generate --show- Bring the stack up with the override (command above).
- Open
http://auth.${BASE_DOMAIN}→ BSS install wizard. DB host =mariadb, port3306, name/user/pass = theBS_*values. Create the admin account. - Admin panel → Plugins → Plugin Market → install yggdrasil-api →
enable it. (Needs internet; for air-gap, pre-place the plugin jar/zip into
the
bs_pluginsvolume.) After enabling, the API root is live athttp://auth.${BASE_DOMAIN}/api/yggdrasil. - Each player: register on the BSS site, add a character whose name == their in-game player name, upload a skin.
- Restart minecraft if it came up before the plugin was enabled.
Client (Prism / authlib-injector)
- authlib-injector URL:
http://auth.${BASE_DOMAIN}/api/yggdrasil - Login = BSS email + password (BSS uses email as the account id).
- Must match the server's
-javaagentarg exactly (same host + path).
Gotchas
/api/yggdrasil, not/authlib-injector. Wrong path → silent "Invalid session". ServerJVM_OPTSand every client must agree.- ONLINE_MODE=TRUE. authlib-injector only authenticates when online-mode is on; the server then validates the join against BSS. (The Drasl variant in this repo set FALSE — do not copy that here.)
- Secure profile (1.21+). Override ships
ENFORCE_SECURE_PROFILE=FALSEfor safety. yggdrasil-api does sign profile keys, so TRUE may work — flip and test if signed chat matters; revert on "Invalid signature". - APP_KEY must persist. Set
BS_APP_KEYin.env. Losing it invalidates all sessions and breaks encrypted data. - DB is the source of truth.
bs_dbvolume holds accounts;bs_storageholds skins;bs_pluginsholds the yggdrasil-api plugin. Back these up. - Air-gap: the plugin market needs internet. Install + enable yggdrasil-api
while online (it persists in
bs_plugins), or stage the plugin manually.
Image note
azusamikan/blessing-skin-server-docker:latest is a community image and the
env-var names (DB_*, APP_KEY) may differ slightly by tag — if auto-config
doesn't take, the web wizard is the reliable path. Official source:
https://github.com/bs-community/blessing-skin-server ,
plugin: https://github.com/bs-community/yggdrasil-api , authlib-injector setup:
https://github.com/bs-community/blessing-skin-manual/blob/master/man/yggdrasil-api/authlib-injector.md