Server Configuration
After running the setup script, you may want to fine-tune the configuration for your environment. This page covers all configurable components.
Pool Agent Configuration
The pool agent is configured via environment variables in its systemd service file or a .env file at /home/play.ren.bd/pool-agent/.env.
Key Settings
| Variable | Description | Default |
|---|---|---|
AGENT_PORT | Port the agent listens on | 9100 |
AGENT_SECRET | Shared secret for authenticating requests from the platform | (set during install) |
GAMES_DIR | Directory where game archives are cached | /srv/games |
SAVES_DIR | Directory for user save files (if using local saves) | /srv/saves |
DOCKER_IMAGE | Container image to use for game sessions | xgame9-cloud:latest |
MAX_CONTAINERS | Maximum concurrent containers allowed | 10 |
CONTAINER_TIMEOUT | Idle timeout in seconds before a container is reclaimed | 1800 |
WEBRTC_PORT_MIN | Start of the UDP port range for WebRTC | 52000 |
WEBRTC_PORT_MAX | End of the UDP port range for WebRTC | 52100 |
Applying Changes
After modifying the environment file, restart the agent:
systemctl restart xgame9-agentContainer Limits
The MAX_CONTAINERS setting controls how many simultaneous game sessions the server will accept. Set this based on your hardware:
- 4 cores / 16 GB RAM: 4-6 containers
- 8 cores / 32 GB RAM: 8-15 containers
- 16 cores / 64 GB RAM: 20-30 containers
These are guidelines. Actual capacity depends on the games being run.
Nginx Configuration
Nginx acts as a reverse proxy, terminating SSL and forwarding requests to the pool agent.
The configuration file is at /etc/nginx/sites-available/pool-agent (symlinked to sites-enabled).
Default Configuration
server {
listen 443 ssl http2;
server_name gs01.play.ren.bd;
ssl_certificate /etc/letsencrypt/live/gs01.play.ren.bd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gs01.play.ren.bd/privkey.pem;
location /api/ {
proxy_pass http://127.0.0.1:9100;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
# WebRTC signaling and container proxying
proxy_pass http://127.0.0.1:9100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}After any Nginx changes:
nginx -t # Validate configuration
systemctl reload nginxFirewall (UFW)
The setup script configures the following UFW rules:
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP (Let's Encrypt)
ufw allow 443/tcp # HTTPS (Agent API)
ufw allow 52000:52100/udp # WebRTC mediaChecking Status
ufw status verboseAdding Custom Rules
If you need additional ports (e.g., for monitoring tools):
ufw allow 9090/tcp # Example: Prometheus
ufw reloadSSL Certificates
SSL certificates are provisioned by Certbot (Let's Encrypt) and auto-renew via a systemd timer.
Checking Certificate Status
certbot certificatesManual Renewal
Certificates auto-renew, but you can force a renewal:
certbot renew --force-renewal
systemctl reload nginxCertificate Renewal Timer
Verify the auto-renewal timer is active:
systemctl status certbot.timerDocker Daemon Configuration
The Docker daemon configuration is at /etc/docker/daemon.json:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2"
}Log rotation is configured to prevent Docker logs from consuming disk space.
Next Steps
- Monitoring — Health checks, metrics, and log management.
- Installation — Revisit the setup process.