Skip to content

Project Infrastructure

What's to improve

  1. Encourage Tow to transfer VCMI.eu to GANDI so it's can be also renewed without access.
  2. Centralized way to post news about game updates to all social media.
  3. Verify VCMI.eu domain name expiration date with Tow
  4. Verify VCMI.download domain name expiration date with SXX
  5. Verify Google Apps (G Suite) status with Tow
  6. Restore firewall which for some reason is disabled on DO
  7. Migrate remaining services from vcmi-second droplet

Services and accounts

Infrastructure

Service Details Owner Administrators Notes
GitHub Code hosting, bug tracker, pull requests, website hosting - Tow, AVS, Ivan, Warmonger, SXX -
VCMI.eu domain name Main domain for services Tow - Renewal date unknown
VCMI.download domain name Secondary domain name for downloads SXX - Paid until November 2026. Registered on GANDI; can be renewed by anyone without account access
DigitalOcean Hosting sponsor for all our self-hosted services - SXX, Warmonger, Ivan, AVS, Tow -
CloudFlare DNS & CDN for our web services - SXX, Ivan All our web services are behind CloudFlare and use Cloudflare SSL certificates
Weblate Game translations - Ivan Hosts translations for VCMI itself (not including mods & website). Uses free "Gratis" plan
Google Play Console VCMI Android App SXX Warmonger, AVS, Ivan, Fay -
Google Apps (G Suite) Email for vcmi.eu domain - Tow, SXX Limited to 5 users; 500 emails/day limit per account. Includes: admin email (service registration), "noreply" (Wiki/Bug Tracker), "forum" (Forums authentication). Likely dead. Verify with Tow
Launchpad PPA Ubuntu package repository Mantas Kriaučiūnas Ivan, SXX, AVS Contains daily builds and latest releases PPA's for Ubuntu
Sonar Cloud Code analysis - Shares credentials with Github Integrated into Github pull requests
Discord Team Discord app holder Ivan Laserlicht, dydzio, Warmonger Holds ownership of Discord VCMI app that is used to display rich presence when people are playing VCMI
Snapcraft Dashboard Snap package distribution - SXX Abandoned in favor of Flatpaks and PPA
Coverity Scan Code analysis - SXX, Warmonger, AVS Abandoned in favor of Sonar Cloud
OpenHub Code statistics - Tow -
Docker Hub Container registry - SXX Abandoned and never used?
GitLab Code repository - SXX Reserve account, not used
BitBucket Code repository - SXX Reserve account, not used

Note: "Owner" refers to services that require one (and only one) account to have special superuser-like status, potentially - with legal and/or biling information. If service has no such requirement, this field is left blanc.

When possible at least two of active core developers must have access to them in case of emergency.

Communities with page managed by VCMI Team

Service Name Owner Administrators Notes
Discord dydzio SXX, Warmonger, Ivan... Main communication platform
Facebook page SXX, Warmonger Active
Reddit SXX Abandoned in favor of general H3 subreddits
Twitter account SXX Abandoned, User access via TweetDeck
VK / VKontakte page SXX AVS Abandoned
Steam group SXX Dydzio Abandoned
ModDB entry SXX Abandoned
Slack team vmarkovtsev SXX, Warmonger, AVS... Abandoned in favor of Discord
Trello team SXX Abandoned

Heroes 3 communities with VCMI Team presence

Service Name Active team members Notes
VCMI thread on Heroes Community Warmonger, Ivan, dydzio... Very low player activity
Heroes 3 subreddit Ivan, dydzio... VCMI-related questions are rather common
HoMM subreddit Ivan, dydzio... Way less active than Heroes 3 subreddit, but sometimes posts about VCMI do appear

Project Servers Configuration

This section dedicated to explain specific configurations of our servers for anyone who might need to improve it in future.

Droplet configuration

All droplets can only be accessed using ssh login with public key. Currently access to all droplets is granted to:

  • Ivan Savenko
  • Alexvins
  • Warmonger
  • Tow
  • SXX
  • kambala (vcmi-artifactory droplet)
Droplet Specifications Services
vcmi-artifactory 4 Gb / 2 CPU / 80 Gb / $24 Conan Artifactory server (WIP)
vcmi-forum 2 Gb / 1 CPU / 25 Gb / $12 (+20%) Discourse forum
vcmi-second 1 Gb / 1 CPU / 20 Gb / $6 Multiplayer lobby (lobby.vcmi.eu or beholder.vcmi.eu - deprecated). Floating IP: 67.207.75.182
vcmi-web 512 Mb / 1 CPU / 10 Gb + 100 Gb / $4 (+20%) + $10 Builds uploading from Github, Build download page, Legacy download page. Also contains nginx server for redirecting old bug tracker, old wiki, and old slack invite page

Notes:

  • Droplets with deployed services have backups enabled (+20% costs)
  • In addition to droplets, we have separate 100 Gb volume for builds ($10 / month), currently attached to vcmi-web
  • There is snapshot for old vcmi-main droplet, preserved in case if we need to retrieve some data from it - old bugtracker, forum, and wiki ($1.5 / month)

Rules to stick to

  • SSH authentication by public key only.
  • Incoming connections to all ports except SSH (22) must be blocked.
  • Exception for HTTP(S) connection on ports 80 / 443 from CloudFlare IP Ranges.
  • No one except core developers should ever know real server IPs.
  • Droplet hostname should never be valid host. Otherwise it's exposed in reverse DNS.
  • If some non-web service need to listen for external connections then read below.

Our publicly-facing server

We only expose reserve IP that can be detached from droplet in case of emergency using DO control panel. This also allow us to easily move public services to dedicated droplet in future.

  • Address: beholder.vcmi.eu (67.207.75.182)
  • Port 22 serve SFTP for file uploads as well as CI artifacts uploads.

If new services added firewall rules can be adjusted in DO control panel.

Domain names

Domain Content Hosted on Notes
vcmi.eu Main page redirect CNAME No content, redirects to real main page
download.vcmi.eu Public downloads & daily builds vcmi-web -
upload.vcmi.eu Domain name for uploading daily builds from Github vcmi-web No http services
beholder.vcmi.eu Multiplayer lobby vcmi-second No http services. Used for VCMI 1.7.3 lobby and older. Deprecated in favor of lobby
lobby.vcmi.eu Multiplayer lobby vcmi-second No http services
forum.vcmi.eu Discourse forum vcmi-forum -
bugs.vcmi.eu Bug tracker vcmi-web Redirects to Github Issues
slack.vcmi.eu Slack invite page vcmi-web Redirects to main page
wiki.vcmi.eu Wiki vcmi-web Redirects to main page
vcmi.download Main page redirect CNAME No content, redirects to main page
builds.vcmi.download Public downloads vcmi-second Redirects to download.vcmi.eu

Self-hosted services

Currenly we have following services deployed:

Potential addition for the future:

  • Conan Artifactory
  • Self-hosted Weblate, to bypass Libre tier restrictions on our Weblate hosted by upstream team and allow translation of Heroes 3, mods, and VCMI website
  • Crash reporter tool, such as GlitchTip
  • (long-term) Expanded multiplayer lobby with cheat-proof game hosting

Web Hosting

For all web services we use Nginx, including websites that run on standalone servers. This allows to easily migrate more services onto another server that already has some services, and use nginx reverse proxy to host all such services on same 443 port.

For certificates all services use Cloudflare Origin certificates. These certificates are issued for free in Cloudflare web UI, have expiration period of 10 years (oldest VCMI certificate will expire in 2032), but can only be used by services that are located behind Cloudflare, which all VCMI services do. Client-facing certificates are managed and automatically updated by Cloudflare.

Configuration files

See scripts directory that contains most of customized configuration files used on our servers. For obvious reasons, sensitive parts that include password and other non-public data are excluded for it