TF2 SERVER INSTILLATION ON A DEBIAN/UBUNTU SERVER

In this post, I will explain and show the basics of getting a tf2server installed on a Debian or Ubuntu based server. We will be utilizing LGSM’s framework stack for ease of management, but a post for a more manual approach will be coming shortly.

First, you will need to ssh into your server.  Doing this on a Linux, BSD, or OSX workstation is easy, just drop down to a terminal and run:

ssh [email protected]

If you’re on a Windows computer it gets a bit more complex. You will need to download putty, a tool with allows you to ssh into your server from a Windows computer. This guide is written from the perspective of someone who uses a Linux box for day-to-day work, so you will need to substitute ssh [email protected] to be used in putty rather than a terminal. After which everything I show on the server’s terminal will be the same.

Once you have ssh’d into your server, ensure that you are using the root account. To change to the root user simply type:

sudo -i

Quick Note:

To see what user account you are using look at the left of your prompt, the series goes [email protected]

Once you have logged in as root we can begin.

Update the server base

We need to update the server base to run on the latest versions of the packages available for our version. When asked to install the updates choose y at the prompt.

apt update
apt upgrade
apt dist-upgrade
apt autoremove
apt clean

Disable auto updates

I personally like to have manual control over when updates are installed on servers I manage. If you don’t see yourself being willing to manually update your servers operating system using the commands we used before, then skip this section. But I strongly suggest you turn off auto updates and just update your server manually once every few weeks.

sed 's/"1"/"0"/' /etc/apt/apt.conf.d/10periodic > tmp-file && mv tmp-file /etc/apt/apt.conf.d/10periodic
sed 's/"1"/"0"/' /etc/apt/apt.conf.d/20auto-upgrades > tmp-file && mv tmp-file /etc/apt/apt.conf.d/20auto-upgrades

The commands you just ran do the following.
* Use sed to search the file specified for 1 and replace with 0
* Write the output file to a temp file
* Move the temp file to its proper location on the filesystem

Install dependencies for the tf2server

This command will vary based on the distribution you are using. Reference the LGSM doc’s if you are running something other than Debian or Ubuntu.
For Debian and Ubuntu systems:

sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get install mailutils postfix curl wget file bzip2 gzip unzip bsdmainutils python util-linux ca-certificates binutils bc tmux lib32gcc1 libstdc++6 libstdc++6:i386 libcurl4-gnutls-dev:i386 libtcmalloc-minimal4:i386 vim

Setup the user account

This will add an unprivileged user account to your server. We then change the password immediately after creating the user account. (You should avoid putting passwords into the shell command as they will show in your bash history.) In general, it’s best practice to segregate off services to unprivileged user accounts that only have access to the basics they need to function. (also if possible removing shell access, in this case however, we need it).

useradd -m --password default -s /bin/bash tf2server
passwd tf2server

Installing the tf2server

Switch to the tf2server user account, changing to the users home directory.

su - tf2server

Download the LGSM management framework:

wget -N --no-check-certificate https://gameservermanagers.com/dl/linuxgsm.sh && chmod +x linuxgsm.sh && bash linuxgsm.sh tf2server

Install the tf2server instance. This will take a while, so just leave your ssh connection running while it installs.

./tf2server auto-install

Once the install is finished, lets set the default start map, the player slots, and turn on auto server updates upon the tf2server restarting. Change the player slots and default map as you see fit.

echo `defaultmap="cp_badlands"' > /home/tf2server/lgsm/config-lgsm/tf2server/tf2server.cfg
echo 'maxplayers="24"' >> /home/tf2server/lgsm/config-lgsm/tf2server/tf2server.cfg
echo 'updateonstart="on"' >> /home/tf2server/lgsm/config-lgsm/tf2server/tf2server.cfg

Now start the tf2server

./tf2server start

Lastly type logout to exit back to the root account.

Firewall configuration

I recommend setting up some kind of a firewall on the server. Ideally, it should use the following configuration
– block all incoming traffic except what is specified to be allowed.
– Allow all outgoing traffic except what is specified to be blocked.
– Only allow essential ports to be opened.

For our use case, we need to at minimum open the following ports
* 22 (ssh)
* 80 (non ssl http requests)
* 443 (ssl https requests)
* 27015 (Standard tf2server port)
* 27020 (Standard source tv port)

First we will clear the current firewall rules:

#-----------------
#wipe the v4 rules
#-----------------
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X
#-----------------
#wipe the v6 rules
#-----------------
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P OUTPUT ACCEPT
sudo ip6tables -t nat -F
sudo ip6tables -t mangle -F
sudo ip6tables -F
sudo ip6tables -X

Now setup firewall rule baseline

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -I INPUT 1 -i lo -j ACCEPT
sudo iptables -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED  --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED  -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED  -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 27015 -m conntrack --ctstate NEW,ESTABLISHED  -j ACCEPT
sudo iptables -A INPUT -p udp --dport 27015 -m conntrack --ctstate NEW,ESTABLISHED  -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 27020 -m conntrack --ctstate NEW,ESTABLISHED  -j ACCEPT
sudo iptables -P INPUT DROP

Setup the ipv6 firewall

sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -A OUTPUT -o lo -j ACCEPT
sudo ip6tables -A INPUT -p tcp --syn -j DROP
sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
sudo ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
sudo ip6tables -A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT
sudo ip6tables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
sudo ip6tables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
sudo ip6tables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
sudo ip6tables -P INPUT DROP

Save the firewall rules:

sudo apt install iptables-persistent
sudo su
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
exit

Now if everything went correctly you should be able to connect to your server using the in-game console.

connect {{ ip-address }}

Once you can see that you can connect to the server, exit tf2 and switch back to the terminal session.

Fastdl setup

For our fastdl server we will be utilizing apache as it works out of the box and is fine for our needs. I personally run my fastdl servers on Nginx, but that requires more configuration and for a simple fastdl server, isn't needed.

Run the following to install the server and set up a symlink to the maps directory. This will allow you to not have to worry about coping map files to a separate location as they are simply symlinked to their real location.

apt install apache
mkdir -p /var/www/html/fastdl/tf2/
cd /var/www/html/fastdl/tf2/
ln -s /home/tf2server/serverfiles/tf/maps maps
cd /var/www/html
mv index.html index.html.bak

Go to the servers ip address in your web browser. You should see a directory called fastdl, navigate through the directory structure and test downloading a map from the list.

Sourcemod and Metamod installation

First, we need to switch to the tf2server user account:

su - tf2server

Then change to the proper directory.

cd ~/serverfiles/tf

Now in your web browser go to MetaMod's site

Right-click on the Linux icon and click copy link address. Replace (link here) with the link, removing the brackets. Use tab completion to finish the file names.

wget (link here)
tar -zxf mmsource-(Tab complete)
rm mmsource-(Tab-Complete)

Now for sourcemod in your web browser go to SourceMod's site

Right-click on the Linux icon and click copy link address. Replace (link here) with the link, removing the brackets. Use tab completion to finish the file names.

wget (link here)
tar -zxf sourcemod-(Tab complete)
rm sourcemod-(Tab-Complete)

Now you will need your steam id to put yourself on the admin list. Copy your steam profile link and go to steamidfinder. Paste your steam link and copy the steamid it returns.

Now edit this command to use your steam id and username. Repeat this for any aditional admins you would like to add.

echo '"(your steam-id)" "99:z" //(your steam username)' >> /home/tf2server/serverfiles/tf/addons/sourcemod/configs/admins_simple.ini

Restart your tf2 server, then connect to it again and test your admin. You should get an admin menu in-game after running sm_admin

./tf2server restart
connect ip-address
sm_admin

Setting up FTP access

I will be showing you how to use SFTP. It is FTP but it is encrypted with ssh rather than being plain text. This is better for security. Personally, I think FTP is a terrible protocol due to its massive performance overhead. I prefer to do a SSHFS mount and then Rsync files back and forth. However, I realize that FTP access is what users typically expect and know how to use to manage remote files.

Because we are using SFTP it is built into ssh. Meaning it is already configured on the server side. You will need to use an FTP client to connect. I recommend using FileZilla if you want a GUI to manage your files with.

Your SFTP login credentials will be as follows

Address sftp:// ip -here
User tf2server
Password The password you set up on the tf2 server account
Port 22

Server cfg generation

    To generate a configuration for your server I recommend using cfg.tf's server config generator Change the following to match your desired settings.

  • Hostname
  • Server pass (If wanted).
  • Rcon (I personally use a randomly generated one and use sm_rcon to give rcon access via the sourcemod admin file, making it easy to revoke access without having to hand out new passwords).
  • Competitive league configs. (Choose these if you want them).
  • Addons (Do NOT select MetaMod or SourceMod here. We already installed them).
  • Server purity ( I like to restrict off of a whitelist approach).
  • Random crits (Please just turn these off).
  • Random bullet spread. (The way this is shown on site is backward as it's actually disabled bullet spread, not enable. This option if enabled, disables random bullet spread, if disabled it enables it. I recommend setting this to enabled to disable it. All the setting does when enabled is mess with bullet spreads and create inconsistency in hitscan weapons).
  • Maps section.
    • Here check the allow fastdl box, Then replace the url line with:
http://IP-GOES-HERE/fastdl/tf2/
  • Network section. (Don't touch these unless you know what you are doing or have a good reason for doing so).
  • Custom commands. Enter what is below, changing ip-goes-here for your servers ip-address.
// Server downloads and files
net_maxfilesize "64" 
sv_allowupload "1" 
sv_consistency "1"

Click the Generate config button.

Once the file downloads, unzip it to a temporary directory, then rename server.cfg to tf2server.cfg.

Upload the config files to serverfiles/tf/cfg/ and overwrite any files as prompted.

Restart your tf2server for the changes to take effect,

su - tf2server
./tf2server restart

Automation

In this section, I will guide you through setting up some simple cronjobs which will automate our tf2server. These jobs will do the following:
* Monitor the tf2server for crashes every 5 minutes.
* Start the server when the host operating system starts.
* Restart the tf2server instance at midnight each night. This will keep the server up to date if there was an update released that day and you haven't gotten a chance to update the server manually.

Configuration for this will be done by adding these cronjobs to the system-wide crontab file.

Exit back the root account. Then run the following:

echo '0 0 * * * tf2server /home/tf2server/tf2server restart' >> /etc/crontab
echo '@reboot tf2server /home/tf2server/tf2server start' >> /etc/crontab
echo '*/5 * * * * tf2server /home/tf2server/tf2server monitor' >> /etc/crontab

Lastly, I would recommend you plan a whole system reboot once for midnight, to test the cronjobs and to ensure that the updates you ran earlier will take effect. This is a one time reboot and will only happen once.

shutdown -r -t 0:00

Your tf2server stack is now installed, Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.