Every avatar rendered the default skin. NMSR fetched the player profile from
Drasl fine, but the profile embeds an absolute HTTPS skin URL (Drasl BaseURL is
https), and NMSR could not connect to auth.${BASE_DOMAIN}:443: the mcnet alias
resolves auth. -> caddy, which only listens on :80 internally. Logs showed
`fetch_texture_from_mojang … client error (Connect)` for the skin URL, so NMSR
fell back to the default skin.
Mirror what the minecraft service already does: pin auth.${BASE_DOMAIN} to the
host via extra_hosts so NMSR reaches the host nginx on :443 (real LE cert,
publicly trusted — no private CA needed), and switch the nmsr mojank endpoints
from http:// to https:// so the profile/texture scheme matches the embedded
skin URLs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
52 lines
2.3 KiB
Cheetah
52 lines
2.3 KiB
Cheetah
# NMSR-aas config — renders to nmsr/config.toml (gitignored) via
|
|
# tooling/render-config.sh. Only ${BASE_DOMAIN} is substituted.
|
|
#
|
|
# Skins come from Drasl, NOT Mojang. Drasl exposes Mojang-compatible routes at
|
|
# the bare BaseURL:
|
|
# session_server -> {url}/session/minecraft/profile/{uuid}
|
|
# mojang_api_server -> {url}/users/profiles/minecraft/{name}
|
|
# and embeds absolute skin URLs (https://auth.${BASE_DOMAIN}/web/texture/skin/…)
|
|
# in the profile — Drasl's BaseURL is https, so these are https and NMSR must
|
|
# fetch them over :443. The mcnet alias only resolves auth. -> caddy on :80, so
|
|
# the nmsr service pins auth.${BASE_DOMAIN} to the host (extra_hosts in
|
|
# docker-compose.yml) and talks to the host nginx on :443 (real LE cert). Hence
|
|
# the https:// endpoints below — they must match the scheme of the embedded
|
|
# skin URLs, or the skin fetch Connect-fails and avatars render the default skin.
|
|
|
|
[server]
|
|
address = "0.0.0.0"
|
|
port = 8080
|
|
|
|
[caching]
|
|
cleanup_interval = "1h"
|
|
# resolve_cache_duration caches the uuid -> profile (incl. skin URL) lookup, so
|
|
# it bounds how long a changed skin keeps showing the OLD avatar. Kept short so
|
|
# skin changes on the account page propagate within ~1 min (NMSR has no
|
|
# per-request force-refresh; a `?skin=` override is ignored by this build). Cost
|
|
# is one extra internal Drasl profile lookup per avatar per minute — trivial over
|
|
# mcnet for a 4-10 player server. For an instant global flush: restart nmsr.
|
|
resolve_cache_duration = "60s"
|
|
# texture cache stays long: Drasl skin URLs are content-hashed
|
|
# (/web/texture/skin/<sha256>.png), so a new skin = new URL = fresh fetch; this
|
|
# 48h cache never serves a stale skin.
|
|
texture_cache_duration = "48h"
|
|
|
|
[caching.cache_biases]
|
|
|
|
[mojank]
|
|
# Point every Mojang endpoint at Drasl over https — auth. is pinned to the host
|
|
# (extra_hosts), so this reaches the host nginx on :443 with the real LE cert.
|
|
# Must stay https to match the https skin URLs Drasl embeds in the profile.
|
|
session_server = "https://auth.${BASE_DOMAIN}"
|
|
textures_server = "https://auth.${BASE_DOMAIN}"
|
|
mojang_api_server = "https://auth.${BASE_DOMAIN}"
|
|
session_server_rate_limit = 10
|
|
# This is an offline-mode (authlib-injector) server — Drasl issues v3 offline
|
|
# UUIDs, so they must be accepted.
|
|
allow_offline_mode_uuids = true
|
|
use_dashless_uuids = false
|
|
|
|
[rendering]
|
|
sample_count = 1
|
|
use_smaa = true
|