Deployment Guide
Deploy CubeAdmin with Docker Compose, bare metal, systemd, and behind a reverse proxy.
Docker Compose (Recommended)
The docker-compose.yml in the repo starts CubeAdmin, a Paper Minecraft server, and optionally BlueMap together.
cp .env.example .env
# Fill in required values, then:
docker compose up -d
Services started:
- cubeadmin — admin panel on port 3000
- minecraft — Paper server on port 25565
- bluemap — 3D world map on port 8100 (optional)
Bare Metal with systemd
bun install && bun run build
Create a systemd unit at /etc/systemd/system/cubeadmin.service:
[Unit] Description=CubeAdmin After=network.target [Service] Type=simple User=cubeadmin WorkingDirectory=/opt/cubeadmin ExecStart=/usr/local/bin/bun --bun run server.ts Restart=on-failure RestartSec=5 Environment=NODE_ENV=production EnvironmentFile=/opt/cubeadmin/.env [Install] WantedBy=multi-user.target
systemctl daemon-reload systemctl enable --now cubeadmin
Reverse Proxy — Caddy
Caddy handles HTTPS automatically. Add to your Caddyfile:
cubeadmin.example.com {
reverse_proxy localhost:3000
}
Reverse Proxy — Nginx
Socket.io requires WebSocket support. The Upgrade header must be forwarded.
server {
listen 80;
server_name cubeadmin.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Production checklist
- Set
NODE_ENV=production - Set a strong
BETTER_AUTH_SECRET(min 32 chars) - Set
BETTER_AUTH_URLto your public domain - Add your domain to
BETTER_AUTH_TRUSTED_ORIGINS - Use HTTPS — Better Auth session cookies are
Securein production - Never expose RCON port 25575 to the public internet
Guide de déploiement
Déployez CubeAdmin avec Docker Compose, bare metal, systemd et derrière un reverse proxy.
Docker Compose (Recommandé)
Le docker-compose.yml du dépôt démarre CubeAdmin, un serveur Minecraft Paper et optionnellement BlueMap ensemble.
cp .env.example .env
# Remplissez les valeurs requises, puis :
docker compose up -d
Services démarrés :
- cubeadmin — panneau d'administration sur le port 3000
- minecraft — serveur Paper sur le port 25565
- bluemap — carte 3D sur le port 8100 (optionnel)
Bare Metal avec systemd
bun install && bun run build
Créez un service systemd dans /etc/systemd/system/cubeadmin.service :
[Unit] Description=CubeAdmin After=network.target [Service] Type=simple User=cubeadmin WorkingDirectory=/opt/cubeadmin ExecStart=/usr/local/bin/bun --bun run server.ts Restart=on-failure RestartSec=5 Environment=NODE_ENV=production EnvironmentFile=/opt/cubeadmin/.env [Install] WantedBy=multi-user.target
systemctl daemon-reload systemctl enable --now cubeadmin
Reverse Proxy — Caddy
Caddy gère HTTPS automatiquement. Ajoutez à votre Caddyfile :
cubeadmin.example.com {
reverse_proxy localhost:3000
}
Reverse Proxy — Nginx
Socket.io nécessite le support WebSocket. L'en-tête Upgrade doit être transmis.
server {
listen 80;
server_name cubeadmin.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Checklist de production
- Définir
NODE_ENV=production - Définir un
BETTER_AUTH_SECRETfort (32 caractères minimum) - Définir
BETTER_AUTH_URLavec votre domaine public - Ajouter votre domaine dans
BETTER_AUTH_TRUSTED_ORIGINS - Utiliser HTTPS — les cookies de session Better Auth sont
Secureen production - Ne jamais exposer le port RCON 25575 sur internet