diff --git a/README.md b/README.md
index 96fd999..2b728c9 100644
--- a/README.md
+++ b/README.md
@@ -2,21 +2,34 @@
[简体中文](./docs/README_zh-Hans.md) | [繁體中文](./docs/README_zh-Hant.md) | [日本語](./docs/README_ja.md)
-Using one command to start the [Syncplay](https://syncplay.pl/) service. Yes, it's very simple.
+Using one command to start the [Syncplay](https://syncplay.pl/) service. Yes, that's it.
```bash
-> docker run --rm --net=host dnomd343/syncplay
-Welcome to Syncplay server, ver. 1.7.1
+$ docker run --rm --net=host dnomd343/syncplay
+Welcome to Syncplay server, ver. 1.7.4
```
> Pressing `Ctrl+C` will exit the service.
+
+
+Unable to access Docker Hub?
+
+
+
+If you cannot access the Internet, you need to obtain the OCI image and copy it into storage medium. For details, see [offline usage](#Registry).
+
+If you are located in China Mainland that cannot access the Docker Hub normally, you can replace the `dnomd343/syncplay` as `ccr.ccs.tencentyun.com/dnomd343/syncplay` , which will access the TCR service at Guangzhou.
+
+
+
If there are no accidents, you can fill in the server IP or domain name on the client for verification, the default port is `tcp/8999` . If you can't connect, please check your firewall settings.
-In order to run the service better, we can use the following command to make Syncplay run in the background and keep it started.
+In order to run the service better, we can use the following command to make Syncplay running in the background.
```bash
-docker run -d --net=host --restart=always --name=syncplay dnomd343/syncplay
+$ docker run -d --net=host \
+ --restart=always --name=syncplay dnomd343/syncplay
```
> You can use `docker ps -a` to see the running service, and using `docker rm -f syncplay` to stop the service.
@@ -26,17 +39,18 @@ You can add more arguments to achieve customization. For example, we require a p
> Note that before pressing Enter, you must execute `docker rm -f syncplay` to remove the original services, otherwise they will conflict.
```bash
-docker run -d --net=host --restart=always --name=syncplay dnomd343/syncplay \
- --disable-chat --password=PASSWD --motd='HELLO WORLD'
+$ docker run -d --net=host \
+ --restart=always --name=syncplay dnomd343/syncplay \
+ --disable-chat --motd='Hello' --password='PASSWD'
```
-The server will be restarted when necessary, or the Docker service may need to be updated. Whether it is expected or not, it is necessary to persist Syncplay at this time, which means that the room data will be saved to disk. You need to choose a working directory to save them, such as `/etc/syncplay/` , execute the following command, the data will be saved to the `rooms.db` file.
+Sometimes we need to restart the server, it is necessary to persist Syncplay at this time, which means that the room data will be saved to disk. You need to choose a working directory to save them, such as `/etc/syncplay/` , execute the following command, the data will be saved to the `rooms.db` file.
```bash
-docker run -d --net=host \
- --restart=always --name=syncplay \
- --volume /etc/syncplay/:/data/ \
- dnomd343/syncplay --persistent
+$ docker run -d --net=host \
+ --volume /etc/syncplay/:/data/ \
+ --restart=always --name=syncplay dnomd343/syncplay \
+ --persistent --motd='Persistent Server'
```
This directory has more uses. For example, adding the `--enable-stats` option will enable the statistics function, and the data will be saved to the file `stats.db` in the directory. You can also create a `config.yml` file in the directory and write the configuration options in it, Syncplay will automatically read it when it starts, avoiding the need to type a large number of arguments in the command line.
@@ -52,31 +66,31 @@ motd: |
More information...
```
-When deploying, it's always a good idea to turn on TLS (of course it's not necessary and this step can be skipped), and luckily Syncplay makes it easy to do this. Before starting, you need to prepare a domain name and resolve its DNS to the current server. At the same time, we must have its certificate file.
+When deploying, it's always a good idea to turn on TLS (of course it's not necessary and this step can be skipped), and luckily Syncplay makes it easy to do this. Before starting, you need to prepare a domain name and resolve its DNS to the current server. At the same time, we must have its private key and certificate file.
-Application for a certificate can be made through [`acme.sh`](https://acme.sh/) , [`certbot`](https://certbot.eff.org/) or other reasonable methods. Anyway, you will end up with a private key and a certificate, and Syncplay requires you to provide the following three files.
+Application for a certificate can be made through [`acme.sh`](https://acme.sh/) , [`certbot`](https://certbot.eff.org/) or other reasonable methods. Anyway, you will end up with a private key and certificate file, and Syncplay requires you to provide the following three files.
-+ `cert.pem` :The certificate issued by the CA.
-+ `chain.pem` :The certificate chain of CA service.
-+ `privkey.pem` :The private key for the certificate.
++ `cert.pem` : The certificate issued by the CA.
++ `chain.pem` : The certificate chain of CA service.
++ `privkey.pem` : The private key of the certificate.
For example, in `acme.sh` , you can execute the command like this to save the certificate configuration of the domain name `343.re` to the `/etc/ssl/certs/343.re/` directory.
```bash
-acme.sh --install-cert -d 343.re \
- --cert-file /etc/ssl/certs/343.re/cert.pem \
- --ca-file /etc/ssl/certs/343.re/chain.pem \
- --key-file /etc/ssl/certs/343.re/privkey.pem
+$ acme.sh --install-cert -d 343.re \
+ --cert-file /etc/ssl/certs/343.re/cert.pem \
+ --ca-file /etc/ssl/certs/343.re/chain.pem \
+ --key-file /etc/ssl/certs/343.re/privkey.pem
```
Now that we are ready, we just need to execute the following command and a more secure and private Syncplay service will be started.
```bash
-docker run -d --net=host \
- --restart=always --name=syncplay \
- --volume /etc/syncplay/:/data/ \
- --volume /etc/ssl/certs/343.re/:/certs/ \
- dnomd343/syncplay --persistent --enable-tls
+$ docker run -d --net=host \
+ --volume /etc/syncplay/:/data/ \
+ --volume /etc/ssl/certs/343.re/:/certs/ \
+ --restart=always --name=syncplay dnomd343/syncplay \
+ --enable-tls --motd='Secure Server'
```
> Note that the client's server address must match the certificate, otherwise the connection will fail.
@@ -89,80 +103,112 @@ You can customize the Syncplay server by specifying the following command line a
> The following parameters are adjusted for docker and are not exactly the same as [official documentation](https://man.archlinux.org/man/extra/syncplay/syncplay-server.1). Please refer to this when using.
-+ `--port [PORT]` :Listening port of Syncplay server, the default is `8999` .
++ `--config [FILE]` : Specify the configuration file, the default is `config.yml` .
-+ `--password [PASSWD]` :Authentication when the user connects to the syncplay server, not enabled by default.
++ `--port [PORT]` : Listening port of Syncplay service, the default is `8999` .
-+ `--motd [MESSAGE]` :The welcome text after the user enters the room, not enabled by default.
++ `--password [PASSWD]` : Authentication when connecting to the server, not enabled by default.
-+ `--salt [TEXT]` :A string used to secure passwords (e.g. Rainbow-tables), defaults to empty.
++ `--motd [MESSAGE]` : The welcome text after the user enters the room, not enabled by default.
-+ `--random-salt` :Use a randomly generated salt value, valid when `--salt` is not specified, not enabled by default.
++ `--salt [TEXT]` : Specify a random string as the [salt value](https://en.wikipedia.org/wiki/Salt_(cryptography)) used to secure password, defaults to empty.
-+ `--isolate-rooms` :Room isolation enabled, users will not be able to see information from anyone other than their own room, not enabled by default.
++ `--random-salt` : Using randomly generated salt value, valid when `--salt` is not specified, not enabled by default.
-+ `--disable-chat` :Disables the chat feature, not enabled by default.
++ `--isolate-rooms` : Enable room isolation, users cannot see information from anyone outside their room, not enabled by default.
-+ `--disable-ready` :Disables the readiness indicator feature, not enabled by default.
++ `--disable-chat` : Disable the chat feature, not enabled by default.
-+ `--enable-stats` :Enable the server statistics feature, the data will be saved in the `stats.db` file, not enabled by default.
++ `--disable-ready` : Disable the readiness indicator feature, not enabled by default.
-+ `--enable-tls` :Enable TLS support, the certificate file needs to be mounted in the `/certs/` directory, including `cert.pem` , `chain.pem` and `privkey.pem` , not enabled by default.
++ `--enable-stats` : Enable the server statistics feature, the data will be saved in the `stats.db` file, not enabled by default.
-+ `--persistent` :Enable room data persistence, the information will be saved to the `rooms.db` file, only valid when `--isolate-rooms` is not specified, not enabled by default.
++ `--enable-tls` : Enable TLS support, the files need to be mounted in the `/certs/` directory, including `cert.pem` , `chain.pem` and `privkey.pem` , not enabled by default.
-+ `--max-username [NUM]` :Maximum length of usernames, default is `150` .
++ `--persistent` : Enable room data persistence, the information will be saved to the `rooms.db` file, only valid when `--isolate-rooms` is not specified, not enabled by default.
-+ `--max-chat-message [NUM]` :Maximum length of chat messages, default is `150` .
++ `--max-username [NUM]` : Maximum length of usernames, default is `16` .
-+ `--permanent-rooms [ROOM ...]` :Specifies a list of rooms that will still be listed even if their playlist is empty, only valid when `--persistent` is specified, defaults to empty.
++ `--max-chat-message [NUM]` : Maximum length of chat messages, default is `150` .
-+ `--listen-ipv4 [ADDR]` :Customize the listening address of the Syncplay service on the IPv4 network, not enabled by default.
++ `--permanent-rooms [ROOM ...]` : Specifies a list of rooms that will still be listed even if their playlist is empty, only valid when `--persistent` is specified, defaults to empty.
-+ `--listen-ipv6 [ADDR]` :Customize the listening address of the Syncplay service on the IPv6 network, not enabled by default.
++ `--listen-ipv4 [ADDR]` : Listening address of Syncplay service on IPv4 network, not enabled by default.
-> Only when you specify `--listen-ipv4`, Syncplay will not listen on IPv6 and vice versa. When both are specified, Syncplay will work under dual-stack networking.
++ `--listen-ipv6 [ADDR]` : Listening address of Syncplay service on IPv6 network, not enabled by default.
+
+> When you specify only `--listen-ipv4` , Syncplay will not listen on IPv6 and vice versa. When both are specified, Syncplay will work under dual-stack networking.
+
+Add `--version` option to print Syncplay and Python versions, as well as CPU architecture.
+
+```bash
+$ docker run --rm dnomd343/syncplay --version
+Syncplay Docker Bootstrap v1.7.4 (Yoitsu 115) [CPython 3.12.11 aarch64]
+```
You can also use the following command to output help information.
+
+
+Help message of command-line
+
+
+
```bash
-> docker run --rm syncplay --help
-usage: syncplay [-h] [-p PORT] [--password PASSWD] [--motd MESSAGE]
+$ docker run --rm dnomd343/syncplay --help
+usage: syncplay [-h] [-v] [-c FILE] [-p PORT] [-k PASSWD] [-m MESSAGE]
[--salt TEXT] [--random-salt] [--isolate-rooms]
[--disable-chat] [--disable-ready] [--enable-stats]
[--enable-tls] [--persistent] [--max-username NUM]
[--max-chat-message NUM] [--permanent-rooms [ROOM ...]]
- [--listen-ipv4 INTERFACE] [--listen-ipv6 INTERFACE]
+ [--listen-ipv4 ADDR] [--listen-ipv6 ADDR]
Syncplay Docker Bootstrap
options:
- -h, --help show this help message and exit
- -p PORT, --port PORT listen port of syncplay server
- --password PASSWD authentication of syncplay server
- --motd MESSAGE welcome text after the user enters the room
- --salt TEXT string used to secure passwords
- --random-salt use a randomly generated salt value
- --isolate-rooms room isolation enabled
- --disable-chat disables the chat feature
- --disable-ready disables the readiness indicator feature
- --enable-stats enable syncplay server statistics
- --enable-tls enable tls support of syncplay server
- --persistent enables room persistence
- --max-username NUM maximum length of usernames
+ -h, --help Show this help message and exit.
+ -v, --version Show version information and exit.
+ -c FILE, --config FILE
+ Specify the configuration file path, the default is
+ `config.yml`.
+ -p PORT, --port PORT Listening port of Syncplay service, the default is
+ 8999.
+ -k PASSWD, --password PASSWD
+ Authentication when connecting to the server.
+ -m MESSAGE, --motd MESSAGE
+ The welcome text after the user enters the room.
+ --salt TEXT A string used to secure passwords, defaults to empty.
+ --random-salt Use a randomly generated salt value, valid when
+ `--salt` is not specified.
+ --isolate-rooms Enable room isolation, users cannot see information
+ from anyone outside their room.
+ --disable-chat Disables the chat feature.
+ --disable-ready Disables the readiness indicator feature.
+ --enable-stats Enable the server statistics feature, the data will be
+ saved in the `stats.db` file.
+ --enable-tls Enable TLS support, the private key and certificate
+ needs to be mounted in the `/certs/` directory.
+ --persistent Enable room data persistence, the information will be
+ saved to the `rooms.db` file, only valid when
+ `--isolate-rooms` is not specified.
+ --max-username NUM Maximum length of usernames, default is 16.
--max-chat-message NUM
- maximum length of chat messages
+ Maximum length of chat messages, default is 150.
--permanent-rooms [ROOM ...]
- permanent rooms of syncplay server
- --listen-ipv4 INTERFACE
- listening address of ipv4
- --listen-ipv6 INTERFACE
- listening address of ipv6
+ Specifies a list of rooms that will still be listed
+ even if their playlist is empty, only valid when
+ `--persistent` is specified, defaults to empty.
+ --listen-ipv4 ADDR Listening address of Syncplay service on IPv4.
+ --listen-ipv6 ADDR Listening address of Syncplay service on IPv6.
```
+
+
## Configure File
-If you configure a lot of options, it will be quite troublesome and error-prone to enter a large number of command line arguments every time you start. At this time, you can write them into the configuration file. Create a `config.yml` file in the working directory. It uses YAML format and supports all arguments in the command line. Syncplay will automatically read and load it when starting, but it should be noted that if the same arguments are specified on the command line, will override the configuration file's options.
+If you configure a lot of options, it will be quite troublesome and error-prone to enter a large number of command line arguments every time you start. At this time, you can write them into the configuration file.
+
+Creating `config.yml` file in the working directory, it uses YAML format and supports all arguments in the command line. Syncplay will automatically read and load it when starting, but it should be noted that if the same arguments are specified on the command line, will override the configuration file's options.
```yaml
port: 7999
@@ -188,25 +234,28 @@ motd: |
More information...
```
+You can also use JSON or TOML formats, relying on the suffix to identify them. The default file name `config.yml` can be obtained by adding the `--config` parameter or passing the `CONFIG` environment variable.
+
## Environment Variables
The Syncplay container also supports configuration through environment variables. It supports three types of fields: numbers, strings, and boolean, this means that `permanent-rooms` is not supported. Environment variables are named in uppercase letters, and `-` is replaced by `_` , boolean values are represented by `ON` or `TRUE`. The following is an example of using environment variables.
```bash
-docker run -d --net=host --restart=always --name=syncplay \
- --env PORT=7999 --env MOTD=Hello --env DISABLE_READY=ON \
- dnomd343/syncplay
+$ docker run -d --net=host \
+ --env PORT=7999 \
+ --env MOTD=Hello \
+ --env DISABLE_CHAT=ON \
+ --restart=always --name=syncplay dnomd343/syncplay
```
You may have noticed that we support three configuration methods: command line arguments, configuration file and environment variables. Their priority is from high to low, that is, the command line arguments will override the options of the configuration file, and the configuration file will override the environment variables. You can use them together.
## Docker Compose
-Using `docker-compose` to deploy Syncplay is a more elegant way. You need to create a `docker-compose.yml` configuration file and write the following example.
+Using `docker compose` to deploy Syncplay is a more elegant way. You need to create a `docker-compose.yml` configuration file and write the following example.
```yaml
# /etc/syncplay/docker-compose.yml
-version: '3'
services:
syncplay:
container_name: syncplay
@@ -220,69 +269,128 @@ services:
We save this file in the `/etc/syncplay/` directory. Since a relative path is used, it is also in the working directory. Execute the command in this directory to start the Syncplay service.
```bash
-> docker-compose up
-Recreating syncplay ... done
-Attaching to syncplay
-syncplay | Welcome to Syncplay server, ver. 1.7.1
+$ docker compose up -d
+[+] Running 1/1
+✔ Container syncplay Started
```
> Adding the `-d` option allows the service to run in the background.
Similarly, you can map the certificate directory to enable TLS functionality, and edit the `config.yml` file to configure more options.
+## Security
+
+In the above commands, we use `--net=host` to expose external services, which means that the container can directly access the host network. From a security perspective, it is recommended to use the bridge network to map the `tcp/8999` port, although it may result in a slight performance loss.
+
+```bash
+$ docker run -d -p 8999:8999 \
+ --restart=always --name=syncplay dnomd343/syncplay
+```
+
+By default, Docker runs containers as the root user, which can pose a security risk. The images built by this project complies with the OCI standard, so [Podman](https://podman.io/) can be used completely instead of Docker, which runs in non-root mode by default.
+
+```bash
+$ podman run -d -p 8999:8999 \
+ --restart=always --name=syncplay dnomd343/syncplay
+```
+
+Of course, we can also use Docker [rootless mode](https://docs.docker.com/engine/security/rootless/), but it is quite cumbersome to configure. If you only want to use Docker, you can specify the `UID` and `GID` when building the image, and the container will not have root permissions.
+
+```bash
+# You can view the current non-root UID and GID value.
+$ id
+uid=1000(dnomd343) gid=1000(dnomd343) ...
+
+# Use the obtained UID and GID values as build arguments.
+$ docker build -t my-syncplay \
+ --build-arg USER_UID=1000 \
+ --build-arg USER_GID=1000 \
+ https://github.com/dnomd343/syncplay-docker.git
+
+$ docker run -d -p 8999:8999 \
+ --restart=always --name=syncplay my-syncplay
+```
+
+## Registry
+
+The images released by this project comply with the [OCI Image Format Specification](https://github.com/opencontainers/image-spec) and can be distributed on any registry that complies with the [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec). In the current workflow, Github Action will be automatically distribute the same images to the following registries:
+
+- Docker Hub: `dnomd343/syncplay`
+- Github Package: `ghcr.io/dnomd343/syncplay`
+- Tencent Cloud: `ccr.ccs.tencentyun.com/dnomd343/syncplay`
+
+There are four CPU architectures supported, namely `amd64` , `arm64` , `i386` and `arm/v7` . When pulling the image, the container tool will automatically select the appropriate image based on the host architecture.
+
+You can pull the original OCI image and store it as tar file, which can be used offline. It is recommended to use the [skopeo](https://github.com/containers/skopeo) tool to achieve this.
+
+> You can use the `docker save` command to export, but only supports a single architecture.
+
+```bash
+$ skopeo copy --all \
+ docker://docker.io/dnomd343/syncplay:v1.7.4 \
+ oci-archive:syncplay-v1.7.4.tar
+
+$ skopeo copy --override-os=linux --override-arch=arm64 \
+ docker://docker.io/dnomd343/syncplay:v1.7.4 \
+ oci-archive:syncplay-v1.7.4-arm64.tar
+
+$ docker load < syncplay-v1.7.4.tar
+```
+
## Troubleshooting
If you encounter any errors, please first use the `docker logs syncplay` command to print the process output. It may contain useful error information. You can also output more detailed logs by specifying the environment variable `DEBUG=ON` .
```bash
-> docker run --rm --env DEBUG=ON dnomd343/syncplay
-Bootstrap options -> [('port', , False), ('password', , False), ('motd', , False), ('salt', , False), ('random_salt', , False), ('isolate_rooms', , False), ('disable_chat', , False), ('disable_ready', , False), ('enable_stats', , False), ('enable_tls', , False), ('persistent', , False), ('max_username', , False), ('max_chat_message', , False), ('permanent_rooms', , True), ('listen_ipv4', , False), ('listen_ipv6', , False)]
-Environment variables -> environ({'PATH': '/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'HOSTNAME': '0a28a2e2ea50', 'DEBUG': 'ON', 'LANG': 'C.UTF-8', 'GPG_KEY': 'A035C8C19219BA821ECEA86B64E628F8D684696D', 'PYTHON_VERSION': '3.10.13', 'PYTHON_PIP_VERSION': '23.0.1', 'PYTHON_SETUPTOOLS_VERSION': '65.5.1', 'PYTHON_GET_PIP_URL': 'https://github.com/pypa/get-pip/raw/4cfa4081d27285bda1220a62a5ebf5b4bd749cdb/public/get-pip.py', 'PYTHON_GET_PIP_SHA256': '9cc01665956d22b3bf057ae8287b035827bfd895da235bcea200ab3b811790b6', 'PYTHONUNBUFFERED': '1', 'HOME': '/root'})
-Environment options -> {}
-Configure file -> {}
-Configure file options -> {}
-Command line arguments -> Namespace(port=None, password=None, motd=None, salt=None, random_salt=False, isolate_rooms=False, disable_chat=False, disable_ready=False, enable_stats=False, enable_tls=False, persistent=False, max_username=None, max_chat_message=None, permanent_rooms=None, listen_ipv4=None, listen_ipv6=None)
-Command line options -> {}
+$ docker run --rm --env DEBUG=ON dnomd343/syncplay
+ENV_OPTS -> ...
+CFG_OPTS -> ...
+ARG_OPTS -> ...
+Environment variables -> ...
+Configure content -> ...
+Environment options -> ...
+Command line options -> ...
+Configure file options -> ...
Bootstrap final options -> {}
-Syncplay startup arguments -> ['--port', '8999', '--salt', '']
-Welcome to Syncplay server, ver. 1.7.1
+Syncplay startup arguments -> ['syncplay', '--port', '8999', '--salt', '']
+Welcome to Syncplay server, ver. 1.7.4
```
## Advanced
For some reason, you may need to change the path of the configuration files or working directory. This is possible in the Syncplay container, which requires you to specify it using environment variables.
-+ `TEMP_DIR` :Temporary directory, it does not need to be persisted, defaults to `/tmp/`
++ `TEMP_DIR` :Temporary directory, it does not need to be persisted, defaults to `/tmp/` .
-+ `WORK_DIR` :The working directory, which stores data related to Syncplay, defaults to `/data/`
++ `WORK_DIR` :The working directory, which stores data related to Syncplay, defaults to `/data/` .
-+ `CERT_DIR` :Certificate directory, which is used to store TLS certificates and private key files, defaults to `/certs/`
-
-+ `CONFIG` :Configuration file, which defines the YAML configuration read by the bootstrap script, defaults to `config.yml`
++ `CERT_DIR` :Certificate directory, which is used to store TLS certificates and private key files, defaults to `/certs/` .
## Build Image
+> This project uses several [BuildKit](https://github.com/moby/buildkit) features (bundled after Docker 23.0), and other builders may have compatibility issues.
+
You can build an image directly from the source code using the following command.
```bash
-docker build -t syncplay https://github.com/dnomd343/syncplay-docker.git
+$ docker build -t syncplay https://github.com/dnomd343/syncplay-docker.git
```
You can also change the source code to implement your own customizations.
```bash
-> git clone https://github.com/dnomd343/syncplay-docker.git
-> cd syncplay-docker/
+$ git clone https://github.com/dnomd343/syncplay-docker.git
+$ cd syncplay-docker/
# some edit...
-> docker build -t syncplay .
+$ docker build -t syncplay .
```
If you need images for multiple architectures, please use the `buildx` command to build.
```bash
-docker buildx build -t dnomd343/syncplay \
- --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7 \
- https://github.com/dnomd343/syncplay-docker.git --push
+$ docker buildx build -t dnomd343/syncplay \
+ --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7 \
+ https://github.com/dnomd343/syncplay-docker.git --push
```
## License