Add final documentation from daemon

2025-12-11 14:00:27 -06:00 · 2018-07-28 13:24:56 -07:00 · 2018-07-28 13:24:56 -07:00 · 9f1401df1e
commit 9f1401df1e
parent 65880046ec
6 changed files with 153 additions and 15 deletions
--- a/.vuepress/config.js
+++ b/.vuepress/config.js
@ -55,6 +55,7 @@ module.exports = {
                children: [
                    '/daemon/installing',
                    '/daemon/upgrading',
                    '/daemon/configuration',
                    '/daemon/kernel_modifications',
                    '/daemon/debian_8_docker',
                ]
--- a/.vuepress/theme/styles/layout.css
+++ b/.vuepress/theme/styles/layout.css
@ -44,8 +44,3 @@
        @apply .float-right;
    }
 }
 table td, table th {
    @apply .border;
    padding: 0.6rem 1rem !important;
 }
--- a/.vuepress/theme/styles/text.css
+++ b/.vuepress/theme/styles/text.css
@ -81,18 +81,22 @@ hr {
 }
 table {
-    @apply block my-4 border-collapse;
+    @apply .block .my-4 .border-collapse;
    overflow-x: auto;
    tr {
-        @apply border-t;
+        @apply .border-t;
        &:nth-child(2n) {
-            @apply bg-grey-lightest;
+            @apply .bg-grey-lightest;
        }
    }
    th, td {
-        @apply border py-2 px-4;
+        @apply .border .py-2 .px-4;
    }
    td {
        @apply .leading-normal;
    }
 }
--- a/daemon/configuration.md
+++ b/daemon/configuration.md
@ -0,0 +1,138 @@
 # Additional Configuration
 [[toc]]
 ::: warning
 These are advanced configurations for the daemon. You risk breaking your daemon and making containers un-usable if
 you modify something incorrectly. Proceed at your own risk, and only if you know what each configuration value does.
 :::
 The documentation below uses dot-notated JSON to explain where each setting should live. You will need to manually
 expand this syntax when adding to the `core.json` file for the Daemon. For example, something like `internals.throttle.enabled`
 would be expanded to the JSON below.
 ``` json
 {
  "internals": {
    "throttle": {
      "enabled": true
    }
  }
 }
 ```
 ## Output Throttles
 There are a few throttle limits built into the Daemon to keep people from causing issues with data volume and CPU usage.
 Under normal circumstances users should not encounter these limits. You might see the occasional data throttling
 warning while starting a server or when there is a sudden spike in data output.
 If you're seeing more servers than you expected being killed as a result of the Daemon throttler, you can make
 adjustments to the settings below. Please note the configs below are in JSON dot-notation and should be expanded
 out into a normal JSON object.
 | Setting Path | Default Value | Notes |
 | ------------ | ------------- | ----- |
 | `enabled` | true | Determines if the throttle (and associated values below) should be used. |
 | `kill_at_count` | 5 | The number of warnings that can accumulate for a particular instance before the server process is killed. The decay time below affects how quickly this value is decreased. |
 | `decay` | 10 | The number of seconds that a server process must go without triggering a data throttle warning before the throttle count begins decreasing. This loop is processed every 5 seconds and will decrement the throttle count by one when the process goes more than this number of seconds without a data throttle occurring. |
 | `bytes` | 30720 | :warning: _(removed in v0.5.5)_ The maximum number of bytes of data that can be output in the defined interval before a warning occurs. |
 | `lines` | 1000 | :warning: _(added in v0.5.6)_ The number of lines that can be output by the server process in the defined check interval time. By default, 5,000 lines in ~500ms results in a server process kill. |
 | `check_interval_ms` | 100 | The number of milliseconds between the throttle resetting the used bytes or line count. |
 Please note that all of the settings above are in the `internals.throttle.X` path. So, `enabled` is actually `internals.throttle.enabled`.
 ## Custom Network Interfaces
 If for whatever reason you need to modify the network interfaces used for Pterodactyl's local Docker network you
 can do so by modifying the `core.json` file for the daemon. In most cases you'll just be modifying the network
 name to allow your servers to use the host network stack. To do so, just change `docker.network.name` to be `host`
 rather than `pterodactyl_nw` as shown below.
 ::: warning
 While changing to the host network stack does allow servers running on Pterodactyl to have direct access to local
 interfaces and bind to specific IP addresses (required for some Steam games), it is not recommended on public
 installations of Pterodactyl (where you have other users running servers).
 Using the `host` stack removes many network specific protections afforded by Docker, and will allow server processes
 to access anything on the host, as well as bind to any IP or Port they wish.
 :::
 ``` json{5}
 "docker": {
    "socket": "/var/run/docker.sock",
    "autoupdate_images": true,
    "network": {
      "name": "pterodactyl_nw"
      "interfaces": {
        "v4": {
          "subnet": "172.18.0.0/16",
          "gateway": "172.18.0.1"
        }
      }
    },
    "interface": "172.18.0.1"
 },
 ```
 ## Private Registries
 | Setting Path | Default Value | Notes |
 | ------------ | ------------- | ----- |
 | `username` | _none_ | The username to use when connecting to the registry. |
 | `password` | _none_ | The password associated with the account. |
 | `auth` | _none_ | |
 | `email` | _none_ | |
 | `serveraddress` | _none_ | The address to the server the registry is located on. |
 | `key` | _none_ | A pre-generated base64 encoded authentication string. If provided none of the above options are required. |
 Please note that all of the settings above are in the `docker.registry.X` path. So, `username` is actually `docker.registry.username`.
 ## Security Policies
 This daemon ships with a very strict security configuration designed to limit access to the host system, and mitigate
 a large range of potential attack vectors. However, some users might need to tweak these settings, or are running on
 a private instance and are willing to decrease some of the security measures.
 | Setting Path | Default Value | Notes |
 | ------------ | ------------- | ----- |
 | `ipv6` | true | Set this to false to disable IPv6 networking on the pterodactyl0 interface. |
 | `internal` | false | Set this to true to prevent any external network access to all containers on the pterodactyl0 interface. |
 | `enable_icc` | true | Set this to false to disallow containers to access services running on the host system's non-public IP addresses. Setting this to false does make it impossible to connect (from a container) to MySQL/Redis/etc. running on the host system without using the public IP address. |
 | `enable_ip_masquerade` | true | Set this to false to disable IP Masquerading on the pterodactyl0 interface. |
 Please note that all of the settings above are in the `docker.policy.network.X` path. So, `ipv6` is actually `docker.policy.network.ipv6`.
 ## Container Policy
 | Setting Path | Default Value | Notes |
 | ------------ | ------------- | ----- |
 | `tmpfs` | `rw,exec,nosuid,size=50M` | These are the arguments used for mounting a `tmpfs` directory into containers to allow certain programs to run. |
 | `log_driver` | none | The log driver to use for containers. We default to `none` to mitigate a potential DoS attack vector if a server were to spam log output. |
 | `readonly_root` | true | Determines if the root filesystem of the container should be readonly. |
 | `securityopts` | array | An array of security options to apply to a container. The default array is provided below. |
 | `cap_drop` | array | An array of linux capabilities to drop from the container (in addition to ones [dropped by docker already](https://docs.docker.com/engine/security/security/#linux-kernel-capabilities). A listing of the default array is below. |
 Please note that all of the settings above are in the `docker.policy.container.X` path. So, `tmpfs` is actually `docker.policy.container.tmpfs`.
 ### Default Security Opts Array
 ``` json
 [
    'no-new-privileges',
 ]
 ```
 ### Default Capabilities Drop Array
 ``` json
 [
    'setpcap',
    'mknod',
    'audit_write',
    'chown',
    'net_raw',
    'dac_override',
    'fowner',
    'fsetid',
    'kill',
    'setgid',
    'setuid',
    'net_bind_service',
    'sys_chroot',
    'setfcap',
 ]
 ```
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "dependencies": {
-    "vuepress": "^0.12.0"
+    "vuepress": "^0.13.0"
  },
  "scripts": {
    "build": "./node_modules/vuepress/bin/vuepress.js build",
--- a/yarn.lock
+++ b/yarn.lock
@ -5608,7 +5608,7 @@ regexpu-core@^4.1.3, regexpu-core@^4.1.4:
    unicode-match-property-ecmascript "^1.0.4"
    unicode-match-property-value-ecmascript "^1.0.2"
-register-service-worker@^1.2.0:
+register-service-worker@^1.4.1:
  version "1.4.1"
  resolved "https://registry.yarnpkg.com/register-service-worker/-/register-service-worker-1.4.1.tgz#4b4c9b4200fc697942c6ae7d611349587b992b2f"
@ -6645,9 +6645,9 @@ vuepress-html-webpack-plugin@^3.2.0:
    toposort "^1.0.0"
    util.promisify "1.0.0"
-vuepress@^0.12.0:
+vuepress@^0.13.0:
-  version "0.12.0"
+  version "0.13.0"
-  resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-0.12.0.tgz#1a268c34622fa5869db3883da5e0f9ef8609d5a0"
+  resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-0.13.0.tgz#7959feeb8c4bbd1cd96238383566182419576d5d"
  dependencies:
    "@babel/core" "7.0.0-beta.47"
    "@vue/babel-preset-app" "3.0.0-beta.11"
@ -6687,7 +6687,7 @@ vuepress@^0.12.0:
    portfinder "^1.0.13"
    postcss-loader "^2.1.5"
    prismjs "^1.13.0"
-    register-service-worker "^1.2.0"
+    register-service-worker "^1.4.1"
    semver "^5.5.0"
    stylus "^0.54.5"
    stylus-loader "^3.0.2"