SS14.Watchdog is SS14's server-hosting wrapper thing, similar to TGS for BYOND (but much simpler for the time being). It handles auto updates, monitoring, automatic restarts, and administration. We recommend you use this for proper deployments.
For detailed setup instructions, see the official SS14 documentation.
This repository includes a complete Docker setup with Traefik reverse proxy support.
- Docker and Docker Compose
- A domain name pointed to your server
- Traefik reverse proxy (optional but recommended)
- PostgreSQL database (recommended for production)
-
Clone the repository:
git clone https://github.com/space-wizards/SS14.Watchdog.git cd SS14.Watchdog -
Configure environment:
cp .env.example .env cp appsettings.yml.example appsettings.yml
-
Edit
.envfile:- Set your domain names
- Configure volume paths
- Update Traefik settings
-
Edit
appsettings.ymlfile:- Configure database connection
- Set secure API tokens
- Configure your SS14 server instances
-
Build and run:
docker-compose up -d --build
# Application Settings
ASPNETCORE_ENVIRONMENT=Production
# Use 0.0.0.0 to allow Traefik to connect from external networks
ASPNETCORE_URLS=http://0.0.0.0:8080
# Port Configuration
PORT=8080 # Watchdog web interface port
API_PORT=1212 # SS14 game server API port
# Volume Paths (Host Machine)
WATCHDOG_INSTANCES_PATH=/path/to/your/instances
WATCHDOG_APPSETTINGS_PATH=/path/to/your/appsettings.yml
# Traefik Configuration
TRAEFIK_DOMAIN=watchdog.yourdomain.com # Watchdog web interface
GAME_DOMAIN=server.yourdomain.com # Game server status endpointKey settings for Docker deployment:
# Process Management
Process:
PersistServers: true
Mode: "Basic" # Use Basic mode in Docker (systemd won't work)
# Server Instance
Servers:
InstanceRoot: "instances/"
Instances:
your-server:
Name: "Your SS14 Server"
ApiToken: "generate-secure-random-token" # Use: openssl rand -hex 32
ApiPort: 1212
UpdateType: "Manifest"
Updates:
ManifestUrl: "https://your-cdn.com/manifest"
EnvironmentVariables:
# Database (use public hostname for Docker)
ROBUST_CVAR_database__engine: "postgres"
ROBUST_CVAR_database__pg_host: "your-database-host.com"
# Status endpoint (use your actual domain)
ROBUST_CVAR_status__connectaddress: "udp://server.yourdomain.com:1212"
ROBUST_CVAR_hub__server_url: "ss14s://server.yourdomain.com"Internet → Traefik → SS14 Watchdog Container
↓
Port 8080: Watchdog Web Interface
Port 1212: SS14 Game Server (TCP/UDP)
- Watchdog Web Interface:
https://watchdog.yourdomain.com(via Traefik) - Game Server Status:
https://server.yourdomain.com/status(via Traefik) - Game Server Direct:
server.yourdomain.com:1212(TCP/UDP)
Problem: Failed to connect to 10.x.x.x:5432 (private IP)
Solution: Use the public database hostname, not the private one:
ROBUST_CVAR_database__pg_host: "your-database-public-host.com"Problem: Traefik can't connect to the watchdog service
Solution: Ensure ASPNETCORE_URLS=http://0.0.0.0:8080 (not localhost):
# ❌ Wrong - Traefik can't connect
ASPNETCORE_URLS=http://localhost:8080
# ✅ Correct - Traefik can connect
ASPNETCORE_URLS=http://0.0.0.0:8080Problem: SS14 server can't ping watchdog internally
Solution: This should be resolved automatically with the 0.0.0.0 binding above.
Problem: External hubs can't reach server status Solution:
- Ensure port 1212 (TCP/UDP) is open in your firewall
- Verify your domain points to the correct IP
- Test status endpoint:
curl https://server.yourdomain.com/status
The setup exposes these ports:
- 1212/tcp: SS14 server API communication
- 1212/udp: SS14 game client connections
Port 8080 is not exposed externally - Traefik handles external access.
- Generate secure API tokens:
openssl rand -hex 32 - Use HTTPS: Configure Traefik with proper SSL certificates
- Database credentials: Store securely, consider using environment variables
- Firewall: Only expose necessary ports (1212 for game traffic)
The container expects these volume mounts:
/app/instances: SS14 server instance data (persistent)/app/appsettings.yml: Configuration file (read-only)
Ensure the host directories exist and have proper permissions:
mkdir -p /path/to/instances
chmod 755 /path/to/instancesVerify your setup is working:
# Test watchdog web interface
curl -I https://watchdog.yourdomain.com/watchdog/padlock
# Test game status endpoint
curl https://server.yourdomain.com/status
# Test API endpoint (should return 405 Method Not Allowed)
curl -I https://watchdog.yourdomain.com/instances/your-server/restartFor development without Traefik, you can expose port 8080 directly:
ports:
- "8080:8080" # Add this line to docker-compose.yml
- "1212:1212/tcp"
- "1212:1212/udp"Then access the watchdog at http://localhost:8080.
Please ensure any Docker-related changes are tested with the provided docker-compose setup.
See LICENSE.txt for details.