Minecraft Setup On Linux Using systemctl

With schools and the economy shut down, all the cool kids are talking about their Minecraft "server" and the "IP. Help your children be cool and get them a Minecraft server!


In this posting we will:
- set up unix group and user
- configure ssh
- install Minecraft software
- start and configure Minecraft to run as a unix service (daemon)


$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic


### Setup a user and group. In this example, the new users is "testuser" and the new group is "minec".
$ sudo addgroup minec
$ cat /etc/group | grep minec

# Create new user for the software install.
$ sudo adduser minec --ingroup minec
# At this point, you may want to log in as the user and run command "groups" to confirm the group is set up appropriately.

# Allow logon via ssh. Put user in /etc/ssh/sshd_config on the "AllowUsers" line
# Use "vi" or "vim" or similar editor to edit file /etc/ssh/sshd_config and add "testuser" to the "AllowUsers" line.
# After editing, it will look like this:
$ grep -i allowusers /etc/ssh/sshd_config
AllowUsers minec

# Have ssh  reread the configuration file. First get the process ID, then send HUP signal to that PID.
$ ps -ef | grep 'bin/sshd'$ sudo kill -hup <sshd_pid>
# Alternatively use service manager to restart ssh
$ sudo systemctl restart ssh


### If java is not installed, install java now.
$ which java
$ sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [107 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease [98.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-security InRelease [107 kB]
Fetched 312 kB in 1s (252 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
$ sudo apt install openjdk-11-jdk
...
$ which java
/usr/bin/java


### Install Minecraft.
# Good instructions are at minecraft.gamepedia.com/Tutorials/Setting_up_a_server
# After downloading the software, the directory structure will look like this.
$ pwd
/home/minec/Minecraft_Server
$ ls -l
total 35368
-rw-r-----  1 minec minec        2 Apr  4 12:56 banned-ips.json
-rw-r-----  1 minec minec        2 Apr  4 12:56 banned-players.json
-rw-r-----  1 minec minec      180 Mar 29 19:21 eula.txt
drwxr-x---  2 minec minec     4096 Apr  5 09:55 logs
-rw-r-----  1 minec minec      140 Apr  4 12:56 ops.json
-rw-r-----  1 minec minec 36175593 Mar 29 19:01 server.jar
-rw-r-----  1 minec minec      940 Apr  4 12:56 server.properties
-rwxr-x---  1 minec minec       67 Apr  4 10:01 startminecraft.sh
-rw-r-----  1 minec minec     1645 Apr  5 16:13 usercache.json
-rw-r-----  1 minec minec        2 Mar 29 19:21 whitelist.json
drwxr-x--- 11 minec minec     4096 Apr  5 17:46 world

# In preparation for starting the server unattended, the startup commands are in the executable shell file "startminecraft.sh".
This script first backs up the Minecraft configuration.
If you want to run it from the console and watch the log in the GUI, run the java command without "-nogui".
#!/bin/sh
umask 026
cd /home/minec/Minecraft_Server
/bin/tar -cvf /tmp/worldDirs.$(date +%Y%m%d.%H%M%S).tar /home/minec/Minecraft_Server/world
echo "Finished tar of worldDirs."
/usr/bin/java -jar /home/minec/Minecraft_Server/server.jar -nogui &
/bin/echo $! > /home/minec/Minecraft_Server/minecraft.service.pid

# Set up the service. Create file /etc/systemd/system/minecraft.service with these contents.
$ cd /etc/systemd/system
$ sudo vi minecraft.service
[Unit]
Description=Minecraft server
After=network.target
[Service]
User=minec
Group=minec
ExecStart=/home/minec/Minecraft_Server/startminecraft.sh
#PIDFile=/var/run/minecraft.service.pid
#ExecStop=/bin/kill -s TERM $MAINPID
KillMode=process
Restart=on-failure
Type=forking
TimeoutStartSec=120
TimeoutStopSec=30
RuntimeMaxSec=infinity
[Install]
WantedBy=multi-user.target

# Reload systemctl configurations.
$ sudo systemctl daemon-reload
# Enable the service.
$ sudo systemctl enable minecraft.service
Created symlink /etc/systemd/system/multi-user.target.wants/minecraft.service → /etc/systemd/system/minecraft.service.
# If the prior line output is not "Created symlink ..." then something is not correct.

# Start the minecraft service.
$ sudo systemctl start minecraft.service
$ sudo systemctl status minecraft.service

# Restart the machine to test if the Minecraft server starts ok.
$ sudo reboot

# After the machine restarts, look in /var/log/syslog for messages, check the status of the service, and look for the process.
$ sudo tail -44 /var/log/syslog
$ ps -ef | grep mine

$ systemctl status minecraft.service
● minecraft.service - Minecraft server
   Loaded: loaded (/etc/systemd/system/minecraft.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-04-10 21:26:31 MDT; 3min 26s ago
  Process: 7622 ExecStart=/home/minec/Minecraft_Server/startminecraft.sh (code=exited, status=0/SUCCESS)
 Main PID: 7632 (java)
    Tasks: 36 (limit: 4915)
   CGroup: /system.slice/minecraft.service
           └─7632 /usr/bin/java -jar /home/minec/Minecraft_Server/server.jar -nogui

# You can stop the service. To prohibit the service from restarting upon machine reboot, also disable the service.

$ sudo systemctl stop minecraft.service
$ sudo systemctl disable minecraft.service
Removed /etc/systemd/system/multi-user.target.wants/minecraft.service.

Disable Windows 10 Netbios and SMB

On Microsoft Windows 10, SMB 1 should already be disabled. To enhance security, you may want to also disable SMB 1 and 2 and NetBIOS.

Open PowerShell as Administrator by pressing the Start button, typing powershell, and pressing Run As Administrator:

Read the Microsoft post about how to disable SMB. 

In PowerShell, get the setting and disable it with:
Get-SmbServerConfiguration | Select EnableSMB2Protocol
Set-SmbServerConfiguration -EnableSMB2Protocol $false

Disable SMB v1 in PowerShell with:
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

If you see an error of "Access is denied", ensure you run PowerShell as Administrator.




To disable NetBIOS, in Control Panel go to Advanced TCP/IP Settings and press the radio button:

Uninstall Windows 10 Apps

Microsoft is aggressively pushing some unwanted applications during Windows 10 upgrades. Some of the applications may be uninstalled in Windows Settings --> Apps & features. Many can not be removed or uninstalled there.

It is possible to use the command line to uninstall some of these unwanted applications.

Press the Start button and type: windows powershell
Click on "Run as Administrator" to open the Power Shell.

To uninstall "Your Phone", in Power Shell type: Get-AppxPackage Microsoft.YourPhone -AllUsers | Remove-AppxPackage

To remove xbox, type: get-appxpackage -allusers *xboxapp* | Remove-AppxPackage
Three more lines to remove xbox are: get-appxprovisionedpackage –online | where-object {$_.packagename –like “*xboxapp*”} | remove-appxprovisionedpackage –online
And: get-appxpackage -allusers *xboxapp* | Remove-AppxPackage
And: get-appxprovisionedpackage –online | where-object {$_.packagename –like “*xboxapp*”} | remove-appxprovisionedpackage –online 
To remove the Xbox Game Bar application, type: get-appxpackage -allusers *xbox* | Remove-AppxPackage

To remove 3D Builder type: Get-AppxPackage *3dbuilder* | Remove-AppxPackage 
Also remove the 3D Viewer: Get-AppxPackage Microsoft.Microsoft3DViewer | Remove-AppxPackage

To remove the Camera application type: Get-AppxPackage *windowscamera* | Remove-AppxPackage

To remove Maps type: Get-AppxPackage *windowsmaps* | Remove-AppxPackage

To remove Microsoft's People app, type: Get-AppxPackage *people* | Remove-AppxPackage

If you want to re-install the applications, open the Windows Store from the Start menu and install the applications.

After the applications are removed, you may want to create a restore point. Press the Start button and type: restore point. Then Configure and Create a restore point.

Opt-Out Of Web Browser Data Collection

Update February 25 - Opt out of Full Story very invasive tracking. https://www.fullstory.com/optout



Ad Choices presents an ability to set web browser cookies which some advertisers use to indicate they will not collect data from your site visits.

To use the Ad Choices service of opting out of ad tracking, go to Ad Choices.
After the status check is complete, click CONTINUE.
Press the SELECT ALL text.

Press OPT OUT OF ALL.
You may have to press TRY AGAIN to get all of the settings saved correctly.


Go through this process for every device logon, and for every web browser for each user on the device.

Microsoft Windows Can't See Other Computers

While troubleshooting a computer which could not see other devices on the network, I found that the "network discovery" setting would not turn on. This is on Microsoft Windows 10.

Press the Start button, and then type: control panel
Open the Control Panel and go to: Control Panel\Network and Internet\Network and Sharing Center

Choose "Change advanced sharing settings"

Choose "Turn on network discovery" and then press "Save changes".

You will then be taken back to the prior window. Go back in to "Change advanced sharing settings" and confirm the network discovery is actually turned on. If it is not turned on, you should check which services are running.
Press the Start button and then type: services
In the Services application, look for "SSDP Discovery". If it is not running, right-click and start it.

Now when you start File Explorer and go to Network, you should see devices on the network. You should at least be able to see your router. If you can see the router but not other devices such as a NAS, start troubleshooting by trying to ping the device by IP address.

Brave Web Browser

The Brave web browser is built to be private and secure. It is available on desktop and smartphone.  Brave is fast, you can read the open source code, and there is a community support forum. The "private browsing" is better than any other web browser.

Give Brave a try by downloading here.

Android Smartphone Custom Email Apps

Email providers such as Gmail and Hotmail would like you to download their custom email app, in order to better track you and target advertising. As a person with multiple email accounts on multiple services, I do not want many individual apps for reading email. One centralized email "Hub" would be useful.

Microsoft is pushing their Outlook app for Hotmail. Using smartphone web browser to access Microsoft's Hotmail results in the following intercept and encouragement to use Microsoft's app:

Then log in to Hotmail (or live.com or outlook.com) and Microsoft has created an email which again encourages the user to download the Microsoft app:

My favorite integrated email reader from BlackBerry and is named "Hub". Link to download BlackBerry Hub.  Hub integrates email, text (SMS) and social media such as Twitter in to one interface in which you can prioritize messaging.

OneDrive Automatic Update and Autoruns Application

In Microsoft Windows 10 task manager, I noticed the OneDriveStandaloneUpdater task running, and was curious about it. This led me to the excellent Autoruns application by Sysinternals. Autoruns shows everything that is set to start in any way possible.

Download Autoruns. Using File Explorer, uncompress the folder. In the uncompressed folder, run "Autoruns" application.

In the Autoruns filter box, type: one

Uncheck the box on the appropriate line.

You may additionally uninstall the program (command prompt, then: %systemroot%\System32\OneDriveSetup.exe /uninstall), or rename the program at C:\Users\_username_\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Security Software on Microsoft Windows 10

These instructions should also work on Microsoft Windows 7 and 8.1.

For home use, I run the following free security products on Microsoft Windows 10:

• Clamwin Free Antivirus
• Windows Defender
• Malwarebytes Anti-Malware

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) does not work on Windows 10. Users are directed to Microsoft's Windows Defender Exploit Guard.

Dynamic DNS For Your Changing IP Address

Anyone hosting a web service on a consumer-grade internet connections knows what happens without a static IP address... the IP address eventually changes and your web service can no longer be accessed. Many of the home-monitoring devices such as video cameras and thermostats avoid the problem of changing IP addresses by having the device connect to a centralized "phone home" service to register and provide a consistent point of access to the device.

Anyone wanting to host a service from their own machines or PCs will typically use a static IP (often with a monthly cost from the internet provider) or use a service which provides a generic, consistent means of accessing the changing IP address. These services, some free, are called "dynamic DNS". Typically, a subdomain is registered with the "dyn DNS" service, and software is installed on a device within the home network to regularly update the dyn DNS information. Thus a user will be able to go to theirExampleSubdomainName.exampleDynamicDNSservice.com, which will redirect to the actual IP address.


These instructions describe how to set up dynamic DNS using DuckDNS and updating the DuckDNS with Ubuntu 17.10.

If you have a Google account, use a web browser to log in to your gmail/google account. Otherwise, use one of the other authentication methods.

Use a web browser to go to DuckDNS.org, and authenticate the log on.

At DuckDNS, create a subdomain. Write down the name of your <subdomain>.duckdns.org.

Install software on one of your network devices to regularly update the DuckDNS configuration with your current IP. The website has extensive instructions for many operating systems.

On Ubuntu 17.10, create the directory to hold the duckdns script:
$ cd /var/opt
$ sudo mkdir duckdns
$ sudo chown install:install duckdns ## Use whatever user/group you desire.
$ chmod 750 duckdns
Place the script in the directory with the proper permissions.
$ cd duckdns

To install the updating software on Ubuntu 17.10, log in as a user and check that cron and curl are available:
install:~$ ps -ef|grep -i cron
root       650     1  0 Apr08 ?        00:00:00 /usr/sbin/cron -f
install  18295 18270  0 09:45 pts/3    00:00:00 grep --color=auto -i cron
install:~$ crontab -l
no crontab for install
install:~$ curl
curl: try 'curl --help' or 'curl --manual' for more information
install:/var/opt/duckdns$ which curl
/usr/bin/curl
If cron and curl are installed, follow the instructions at DuckDNS.org to create the file (specific to your subdomain!), install the crontab entry, and test a run of ./duck.sh.

If testing ./duck.sh fails, ensure the path to curl is pointed to the proper location for your machine. Also ensure the line in duck.sh with the curl command is actually on one line and not two or three lines.

Monitor the cron entry is running correctly:
install:~$ tail /var/log/syslog

You can now access your web service by using domain <subdomain>.duckdns.org and it will continue to resolve correctly when your ISP changes your IP address.

------------------------------------------------

The prior instructions (above) for Ubuntu 17 ran okay after the system was upgraded to Ubuntu 18. The following are changes to increase readability and debugging on Ubuntu 18.


In /var/opt/duckdns/duck.sh the file contents are the following. Please use your correct domain and token.
#!/bin/sh
DOMAINFQ="YOUR_FULLYQUALIFIEDDOMAIN_HERE.duckdns.org"
curl_out=$(echo url="https://www.duckdns.org/update?domains=YOUR_DOMAIN_HERE&token=YOUR_TOKEN_HERE" | /usr/bin/curl --insecure --silent --config - )

# Whatever is running this script (cron?) may want to direct output to a file in /tmp.
/bin/echo
/bin/date
/bin/echo duckdns updated $curl_out
/bin/echo 'dig output:'
/usr/bin/dig $DOMAINFQ | /bin/grep ^$DOMAINFQ

if [ $curl_out = "OK" ]; then
    /usr/bin/logger -p daemon.info "duckdns update ok. rc=" $curl_out
else
    /usr/bin/logger -p daemon.err "duckdns update failed. rc=" $curl_out
fi

Schedule the recurring job with crontab.
$ crontab -e
*/5 * * * * /var/opt/duckdns/duck.sh >>/tmp/duckdns.log 2>&1


Monitor the output in /tmp/duckdns.log and /var/log/syslog.

Short Guide To Configure Linux X On Microsoft Windows

This post contains minimal instructions to run X programs on Microsoft Windows from a Ubuntu Linux machine.


On Windows, install PuTTY from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

On Windows, install Xming from https://sourceforge.net/projects/xming/?source=directory
or http://www.straightrunning.com/XmingNotes

On Windows, run XLaunch (was installed by Xming) and go through prompts:
Display Settings "Multiple Windows"
Session Type "Start no client"
Additional Parameters "Check Clipboard box"

On Windows run PuTTY.
Load a session profile or create a session profile for a Linux machine.
In left panel, go to Connection, SSH, X11.
Click "Enable X11 Forwarding"
X display location "localhost:0.0"
Save that connection profile in PuTTY, so the X11 configuration will be there tomorrow.

On Windows, run Xming. It will run in the background without a Windows display.
On Windows, open the configured PuTTY connection that was previously configured for X11. This should open a command-window on the Linux machine. Enter the following in the command window:
$ echo $TERM
xterm
$ echo $DISPLAY
localhost:10.0

Test X by typing "xclock". A GUI clock from the Linux machine should display on the Windows machine.
Typing "xclock&" will allow you to continue to type in the command window while the xclock GUI also runs.