Skip to content
/ valheim-server Public

A secure, non-root container running a Valheim dedicated server

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hkiang01/valheim-server

BranchesTags

Repository files navigation

Valheim Server

A secure, non-root container running a Valheim dedicated server

Motive

Built with security in mind:

  • non-root user by default
  • minimal packges installed on valheim image
  • separate image for installation and update that runs for a short period of time
    • steamcmd requires a lot of packages containing vulnerabilities

Compared with lloesche/valheim-server

The default user for lloesche/valheim-server is root.

docker run -it --rm --entrypoint="" lloesche/valheim-server id
uid=0(root) gid=0(root) groups=0(root)

See Processes In Containers Should Not Run As Root.

While you can set PGID and PUID when building the container, we're still left with an image with many vulnerabilities. The valheim image in the valheim docker compose service has significantly fewer vulnerabilities. Note the trivy image results below:

From trivy image lloesche/valheim-server:

lloesche/valheim-server (debian 11.9)
=====================================
Total: 1007 (UNKNOWN: 5, LOW: 276, MEDIUM: 590, HIGH: 127, CRITICAL: 9)

From trivy image valheim:

valheim (ubuntu 24.04)

Total: 12 (UNKNOWN: 0, LOW: 10, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

Getting started

Docker Compose

If you're using the Public Test Branch, be sure to set the PUBLIC_TEST environment variable in the installupdate service to true.

  1. Spin up the service. Make sure you have Docker installed.

    docker compose up --build --detach

  2. (Optional) If you have an existing save, copy it into the valheim service's worlds_local directory.

    docker compose cp <my_server.db> /home/steam/.config/unity3d/IronGate/Valheim/worlds_local/
docker compose cp <my_server.fwl> /home/steam/.config/unity3d/IronGate/Valheim/worlds_local/
docker compose restart

Kubernetes

These images are able to run under the Restricted Pod Security Standard. See kubernetes.yaml as an example.

  1. Update the server config as desired (env vars in kubernetes.yaml, start_server.bash, etc.)
  2. Build the images and push them to your choice of registry
  3. Change the images in kubernetes.yaml to align with your image registry
  4. kubectl apply -f ./kubernetes.yaml

Customizing server options

Edit start_server.bash as you see fit. See "List of Console Commands" at https://www.valheimgame.com/support/a-guide-to-dedicated-servers/ for more options. If needed, edit the entrypoint/cmd of the valheim service.

Known limitations

  • Does not work on Apple Silicon
    • A Segmentation fault in the steamcmd image will result.

About

A secure, non-root container running a Valheim dedicated server

Topics

docker kubernetes steam docker-compose valheim valheim-server

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages