FoundryVTT - leuco.net

# FoundryVTT Server Setup (split from [[LattePanda]]) #FoundryVTT #homelab - [x] get Foundry VTT running as a server! (again, strong passwords please) [completion:: 2024-01-14] - [x] get port forwarding from router to panda going [completion:: 2024-01-16] - [x] run Foundry with SSL (try [certbot](https://certbot.eff.org/) because AWS ACM won't give me artifacts) [completion:: 2024-01-16] - [x] forward vtt.spencerenglish.com to Panda [completion:: 2024-01-16] - [x] learn how to reconnect and disconnect to background services [completion:: 2024-01-28] - [x] make sure the logs are going somewhere useful? [completion:: 2024-01-28] - [x] make sure if Panda restarts, that it starts servers (write a systemctl for Foundry?). [completion:: 2024-01-30] - [-] dynamic DNS updating (no longer necessary here, but from [[Caddy]]) - [x] extra credit: when 443 comes in to home network, can I have a router here determine where it should go? maybe a caddy proxy something? so that https://foundry.spencerenglish.com gets routed to panda but https://octo.spencerenglish.com gets routed to octoprint? [completion:: 2024-02-19] Next up I'll log into the running foundry server and see what's what. Passwords for the password manager, of course. Took a snapshot of my macos foundry server. Trying to get the linux one to recognize that the snapshot file exists. hmmm. Aha! I ended up taking a test snapshot on linux, so I could find where the `Backups` folder was. Turns out it hadn't been created yet, it's now in `~/foundrydata/Backups`. I also had to copy over all Backups from my mac (which are in `~/Library/Application Support/FoundryVTT/Backups`) in order for the snapshot Restore to work. But then it worked great! --- Foundry is now running with port-forwarding! It's still in http mode, on port 30000, but at least it can stay up as long as possible now. --- Back at it. Going to look at SSL next. A few people seem to have set up Foundry with Terraform already: - [Self-Hosting on AWS | Foundry VTT Community Wiki](https://foundryvtt.wiki/en/setup/hosting/Self-Hosting-on-AWS) - [scooper4711/foundryvtt-terraform](https://github.com/scooper4711/foundryvtt-terraform) makes a lot of things: - EC2 with EBS, AMI, and keypair - a `aws_dlm_lifecycle_policy`?? - ah, it's an [EBS thing](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) - Route53 zone and www record - Bucket - SGs (notably, allows ingress on: `tcp80`, `tcp443`, `udp33478` ("AV relay master port"), udp49152-65535 ("AV relay client ports")) - default VPC and subnet (yikes) - [chmking/foundry-terraform](https://github.com/chmking/foundry-terraform) makes an EC2 with S3 access and a Route53 record. - [Justinon/terraform-aws-foundryvtt](https://github.com/Justinon/terraform-aws-foundryvtt) makes a lot of things: - Bucket - Parameters for Foundry credentials - ECS cluster, service, task definition - ALB with listener and target group - EFS - SGs - allows ingress to foundry server on `tcp2049` for NFS(?), and one more tcp port (`var.foundry_port`, default 30000) from the ALB - allows ingress to ALB on `tcp80` and `tcp443` - Roles and policies - VPC with public and private subnets, IG, NAT, Route table Ok. All of this is overkill for me. I'm running onprem. There are probably other options out there already for "direct traffic from Route53 to an onprem server with dyndns and one-click cert updates". But I can't be bothered to search for it yet. I'll pseudo it here first: ``` data route53 zone local exec for getting my ip address? resource route53 record cname local exec for certbot ``` I don't mind storing it in a github repo (in which case I'll need an ssh key on Panda). I definitely need AWS credentials on panda. I wonder about maybe setting up a user just for Panda with a tight policy... (in case the running server gets infiltrated) So! I have manually run the steps in https://foundryvtt.com/article/ssl/ and got a cert downloaded locally (for free, oh gosh the future is bright and networked!). The server is running! I also did a manual route in Route53 (if and when my IP changes I can work on dynamic DNS then). I haven't done any proxying yet, so 443 on vtt.spencerenglish comes to my home IP, and my router port-forwards directly to Panda. I had to run node with `sudo` because Ubuntu doesn't like it when non-root users try to take the Very Important Ports. I also haven't made a start script or systemctl for it (systemctl using sudo sounds like a terrible idea). But at least Panda doesn't have AWS or GitHub credentials! --- Why is Foundry shutting down when I don't use it? oh! ubuntu helpfully kills processes started by my shell when my ssh tunnel collapses due to inactivity! This [comment](https://www.reddit.com/r/FoundryVTT/comments/kdamuo/comment/gfvg4xl/?utm_source=share&utm_medium=web2x&context=3) seems very helpful. I should check out that [guide](https://theelous3.net/how_to_set_up_foundryvtt_server) OP mentioned. After reading, yes. Clearly I need to build a systemd service. The guide still runs the server on port 30000, which means it doesn't need sudo, so maybe I have to run the service with `root`. --- Hi future Spencer! If you're here because you need to do womething to the service, remember it's `foundry.service` to systemctl. So that would be ```` sudo systemctl status foundry.service sudo systemctl stop foundry.service sudo systemctl start foundry.service ```