Matt Sijbers
a1331212cb
Self-hosted Minecraft modpack distribution + administration system.
- launcher/ Avalonia 12 desktop client; single-file win-x64 publish.
Microsoft auth via XboxAuthNet, manifest+SHA-1 mod sync,
portable install path, sidecar settings.
- server/ brass-sigil-server daemon (.NET 8, linux-x64). Wraps the
MC subprocess, embedded Kestrel admin panel with cookie
auth + rate limiting, RCON bridge, scheduled backups,
BlueMap CLI integration with player markers + skin proxy,
friend-side whitelist request flow, world wipe with seed
selection (keep current / random / custom).
- pack/ pack.lock.json (Modrinth + manual CurseForge entries),
data-only tweak source under tweaks/, build outputs in
overrides/ (gitignored).
- scripts/ Build-Pack / Build-Tweaks / Update-Pack / Check-Updates
plus Deploy-Brass.ps1 unified one-shot deploy with
version-bump pre-flight and daemon-state detection.
51 lines
1.9 KiB
Caddyfile
51 lines
1.9 KiB
Caddyfile
# Caddyfile for the brass-sigil-server web panel.
|
|
#
|
|
# Caddy auto-fetches and renews a Let's Encrypt cert for your domain,
|
|
# so HTTPS just works once DNS is pointed at the server and ports 80 + 443
|
|
# are open.
|
|
#
|
|
# Prereqs:
|
|
# 1. A domain name (e.g. panel.example.com) with an A/AAAA record pointing
|
|
# at this server's public IP. Let's Encrypt does NOT issue certs for
|
|
# raw IPs -- you need a hostname.
|
|
# 2. Inbound 80 (for the HTTP-01 ACME challenge) and 443 (for the panel)
|
|
# open in your firewall and in any cloud security group.
|
|
# 3. Caddy installed:
|
|
# sudo apt install caddy # Debian / Ubuntu
|
|
# brew install caddy # macOS
|
|
# winget install CaddyServer.Caddy # Windows
|
|
# 4. brass-sigil-server running on localhost:8080 with webHost: localhost
|
|
# and webPassword set (use `brass-sigil-server set-password` if you
|
|
# haven't already).
|
|
#
|
|
# Install:
|
|
# Linux package: replace /etc/caddy/Caddyfile with this file, then
|
|
# sudo systemctl reload caddy
|
|
# Manual: caddy run --config Caddyfile
|
|
|
|
panel.example.com {
|
|
encode gzip
|
|
|
|
reverse_proxy localhost:8080 {
|
|
# SSE log stream uses chunked streaming responses -- Caddy must not
|
|
# buffer them, otherwise console updates arrive in batches every minute
|
|
# instead of in real time.
|
|
flush_interval -1
|
|
|
|
# Pass the real client IP through. brass-sigil-server's ForwardedHeaders
|
|
# middleware honours this so the per-IP login rate limit partitions
|
|
# correctly (10 attempts / minute / IP).
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
|
|
# Sensible hardening defaults.
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|