Caddy is no longer in the base stack. Two ingress paths now: - docker-compose.caddy.yml — LAN/air-gap; build-stack.sh adds it for all up modes + the prep pre-bake. Holds the mcnet auth./pack. aliases. - docker-compose.nginx.yml — production behind the host's nginx: publishes drasl on 127.0.0.1:25585, points minecraft at the host (extra_hosts) over HTTPS for pack + authlib. Base loses the caddy service and minecraft's caddy depends_on (re-added by caddy.yml). Blessing Skin override now requires caddy.yml (it only swaps caddy's core conf). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
106 lines
4.7 KiB
YAML
106 lines
4.7 KiB
YAML
# ──────────────────────────────────────────────────────────────────
|
|
# Blessing Skin auth variant — use INSTEAD of Drasl.
|
|
# ──────────────────────────────────────────────────────────────────
|
|
# Layer this over the base file AND the caddy ingress (caddy lives in its own
|
|
# file now; this override only swaps caddy's core conf, so caddy.yml is required):
|
|
#
|
|
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml \
|
|
# -f docker-compose.blessingskin.yml up -d
|
|
#
|
|
# What it does vs the base stack:
|
|
# - drasl → left running but UNUSED + unreachable (Caddy no longer
|
|
# routes to it; it has no host port). Compose merges
|
|
# depends_on, so it can't be removed from an override —
|
|
# idling it is the clean option. `docker compose ... stop
|
|
# drasl` after up if you want it down.
|
|
# - caddy → auth.* now reverse-proxies blessing-skin:80
|
|
# - mariadb → new; Blessing Skin's datastore (no SQLite support)
|
|
# - blessing-skin → new; PHP skin server + yggdrasil-api plugin
|
|
# - minecraft → authlib-injector now points at /api/yggdrasil,
|
|
# ONLINE_MODE=TRUE (real session validation against BSS)
|
|
#
|
|
# First-run is a WEB WIZARD — see plan/03b-blessing-skin.md. The yggdrasil-api
|
|
# plugin must be installed + enabled from the BSS admin panel before the
|
|
# /api/yggdrasil endpoint (and thus Minecraft login) works.
|
|
#
|
|
# DB creds + APP_KEY come from .env (see .env.example: BS_* vars).
|
|
# ──────────────────────────────────────────────────────────────────
|
|
|
|
services:
|
|
caddy:
|
|
# Swap the core ingress conf for the Blessing Skin one. Compose MERGES
|
|
# volumes by container path, so mounting the BSS conf at the SAME target
|
|
# (/etc/caddy/conf.d/00-core.caddy) shadows the base 00-core.caddy; all
|
|
# other base mounts (pack, custom, static, ca) are kept automatically.
|
|
volumes:
|
|
- ./caddy/conf.d/00-core-blessingskin.caddy:/etc/caddy/conf.d/00-core.caddy:ro
|
|
depends_on:
|
|
- blessing-skin
|
|
|
|
mariadb:
|
|
image: mariadb:11
|
|
container_name: mariadb
|
|
restart: unless-stopped
|
|
environment:
|
|
MARIADB_DATABASE: ${BS_DB_NAME}
|
|
MARIADB_USER: ${BS_DB_USER}
|
|
MARIADB_PASSWORD: ${BS_DB_PASSWORD}
|
|
MARIADB_ROOT_PASSWORD: ${BS_DB_ROOT_PASSWORD}
|
|
TZ: "Europe/Madrid"
|
|
volumes:
|
|
- bs_db:/var/lib/mysql
|
|
healthcheck:
|
|
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 10
|
|
networks:
|
|
- mcnet
|
|
|
|
blessing-skin:
|
|
image: azusamikan/blessing-skin-server-docker:latest
|
|
container_name: blessing-skin
|
|
restart: unless-stopped
|
|
# Internal-only — reached via Caddy at auth.${BASE_DOMAIN}.
|
|
environment:
|
|
APP_URL: "http://auth.${BASE_DOMAIN}"
|
|
# Persist APP_KEY across recreates (else sessions/encryption break).
|
|
# Generate once: docker run --rm azusamikan/blessing-skin-server-docker:latest php artisan key:generate --show
|
|
APP_KEY: ${BS_APP_KEY}
|
|
DB_DRIVER: "mysql"
|
|
DB_HOST: "mariadb"
|
|
DB_PORT: "3306"
|
|
DB_DATABASE: ${BS_DB_NAME}
|
|
DB_USERNAME: ${BS_DB_USER}
|
|
DB_PASSWORD: ${BS_DB_PASSWORD}
|
|
TZ: "Europe/Madrid"
|
|
volumes:
|
|
- bs_storage:/app/storage # uploaded skins/capes + textures
|
|
- bs_plugins:/app/plugins # yggdrasil-api plugin lives here
|
|
depends_on:
|
|
mariadb:
|
|
condition: service_healthy
|
|
networks:
|
|
- mcnet
|
|
|
|
minecraft:
|
|
environment:
|
|
# authlib-injector API root for Blessing Skin's yggdrasil-api plugin
|
|
# is <site>/api/yggdrasil (NOT /authlib-injector like Drasl).
|
|
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/api/yggdrasil"
|
|
# authlib-injector needs real auth: online-mode TRUE so the server
|
|
# validates sessions against Blessing Skin. (Drasl variant used FALSE.)
|
|
ONLINE_MODE: "TRUE"
|
|
# Keep FALSE for safety on 1.21+. The yggdrasil-api plugin DOES sign
|
|
# profile keys, so you MAY flip this to TRUE if signed chat is wanted.
|
|
ENFORCE_SECURE_PROFILE: "FALSE"
|
|
# Merged with the base depends_on (drasl, caddy); just adds blessing-skin so
|
|
# Minecraft starts after the skin server is up.
|
|
depends_on:
|
|
- blessing-skin
|
|
|
|
volumes:
|
|
bs_db:
|
|
bs_storage:
|
|
bs_plugins:
|