+--------------------------------------------------------+
         |  CCC    OOO   N   N   QQQ   U   U  EEEEE   SSSS  TTTTT |
         | C   C  O   O  NN  N  Q   Q  U   U  E      S        T   |
         | C      O   O  N N N  Q   Q  U   U  EEE     SSS     T   |
         | C   C  O   O  N  NN  Q  Q   U   U  E          S    T   |
         |  CCC    OOO   N   N   QQ Q   UUU   EEEEE  SSSS     T   |
         +--------------------------------------------------------+

   So.  You want to run a Conquest Server, eh?  Then this is the file
   to read.

   It gives you an overview of how to setup and manage one, as well as
   other things to keep in mind.  

   Before reading this file, you may want to read the README, INSTALL,
   HISTORY, and conquest.doc files so that you have an idea of
   what Conquest is, and how to play.


CONTENTS:

    ### Overview
    ### Setting up a server
         ## running a normal server
         ## notifying the metaserver
         ## firewall considerations
         ## providing telnet access to your server (optional)
	 ## Expiring users
	    # Disabling expiration of users
         ## Examples

### OVERVIEW

    With version 8.0 of Conquest, a great deal of work has gone into
    making Conquest a true client/server game playable over the
    Internet (or just your local LAN).  

    Conquest has two main parts, the server component (conquestd) and
    the client (OpenGL version: conquestgl, curses version: conquest).


    Version 8.0.1c or better includes many server performance
    improvements, including UDP support for motion data. 

    To run a server, you must run the conquestd program.

    Clients (including ones on your local machine) then connect to your
    server and the game is played.

### Setting up a server

## running a normal server

    conquestd is used to provide a Conquest game.  Even if all you
    want to do is play by yourself on your own machine, you will need
    to run conquestd in order to play.

    If all you want to do is use conquest to play on someone else's
    server, then you do not need to be reading this document. :)

    conquestd supports a variety of options outlined below:

        $ conquestd -?
        Usage: conquestd [ -d ] [ -l ] [ -p port ] [ -u user ]
                         [ -m ] [ -M metaserver ] [ -N myname ]

        -d            daemon mode
        -l            listen for local connections only
        -p port       specify port to listen on
                      default is 1701
        -m            notify the metaserver (conquest.radscan.com)
        -M metaserver specify an alternate metaserver to contact
        -N myname     explicitly specify server name 'myname' to metaserver
        -u user       run as user 'user'.

    In it's simplest (and insecure) form, you can simply run:

       $ conquestd -d

       This will start conquestd, which will fork itself into the
       background and run as your user id.

       It will listen on the default port (1701) for client
       connections, and spawn a new conquestd for each client
       connection.  It will be available to anyone who can connect to
       TCP port 1701 on your machine.  

    SECURITY NOTE: I would only run a server this way if no one else
    from the Internet will be able to connect (if you are behind a
    good firewall for example).  This is more INSECURE since conquestd
    will be running as your uid.  Read further for a more secure way
    to run the server.

    For the secure case, I would start conquestd as root, and have it
    run as user 'nobody' by passing the '-u user' option on the
    command line.  Of course you can create and use some other
    non-privileged, non-interactive user for this task as well.

    Something like the following is a good idea:

        # conquestd -d -u nobody

    This will have conquestd setuid() permanently to user 'nobody'
    before beginning operations.  On most unix systems, user 'nobody'
    has no home directory, password, or privileges, and therefore is a
    safe user id to run under.

    You must be the root user in order to use the '-u' option.

    DO NOT run conquestd as the root user itself.  Although the code
    *should* be safe, don't take my word for it.
    
## notifying the metaserver

   If you are going to run a server that will be available to the
   public via the Internet, you should pass the '-m' option to
   conquestd when you start it.

   When running with the '-m' option, conquestd will contact the
   Conquest Meta Server running at conquest.radscan.com, and announce
   your server, so that other people will know about it.

   Every 2 minutes or so, it will update the meta server with various
   particulars of your server (like how many players are currently
   connected, what flags you support, what your server name, version,
   and MOTD are, etc).

   This way, other people can find out about your server and connect
   to it to play.

   The list of currently active servers can be seen in the game by
   running your client (conquestgl or conquest)' with the '-m' flag.

   You can also point your web browser to:

      http://radscan.com/cgi-bin/conqmeta.pl

   If you want to be primitive, you can see the current list of
   servers in raw format by simply:

      telnet conquest.radscan.com 1700

   Of course, please make sure that your server is actually reachable
   from the Internet before notifying the Meta server.

## firewall considerations

   Most people that will run a server will also be using a firewall of
   some sort to protect their networks. 

   See the README file for the ports that conquest typically uses.  

   Inbound access:

     Tf you wish to allow internet access to your server, you will
     need to allow inbound TCP _and_ UDP access to the game port (1701
     by default).

   Outbound access:

     If you restrict outbound internet connections, you might want to
     allow the following outgoing ports:

      1700/tcp - if you want clients to be able to query the
      metaserver for active servers.

      1700/udp - if you want your own server to be able to announce
      it's availability to the metaserver at conquest.radscan.com.

## providing telnet access to your server (optional)

   In addition to the normal way of connecting to a Conquest server,
   some server operators also like to provide a telnet'able interface.
   I do this myself for those who do not want to download the client
   and build Conquest, or for those who are on non-unix computers and
   can't run the client even if they wanted to.

   NOTE: You still need to setup a normal server as described above in
   addition to the instructions below.

   To run a telnet'able server, you need to create an account on your
   machine that people will log into when they telnet to your machine.

   I recommend user 'conquest' with a password of 'conquest'.

   In a nutshell:

   1. Compile and install Conquest as per the BUILDING section in the
      INSTALL file.  Make sure it runs normally by starting a server,
      and typing 'conquest' and goofing off for a little while.

   2. Create the 'conquest' account on your system using whatever
      means are appropriate for your system.  On UnixWare and newer
      Linux's, I use something like 'useradd conquest'.

   3. Set the 'conquest' user's shell to be '/full/path/to/conquestsh'.
      Doing this insures that when someone logs into 'conquest' they
      are sent directly into the game's login screen.  Also, if
      Conquest should ever crash (which has never happened to my
      knowledge ;-), the user will be automatically logged out of the
      system.  There is no way I'm aware of that a Conquest player
      could ever get to a command shell if you set it up this way
      (since conquest itself is the user's shell).

      On UnixWare I can do something like 'usermod -s
      /opt/bin/conquestsh conquest' to do this. 

      NOTE: You can edit and recompile conquestsh.c on your system if
      you wish to change the default options it will pass to conquest.
      It's a very simple program.

      By default, conquestsh will exec '/full/path/to/conquest -t -s
      localhost' when run.

   4. set the password for the 'conquest' account.  I recommend that
      you either:

          A) set no password (the user goes straight in after typing
             the username at the 'login:' prompt).

          B) Set the password to empty (so a user enters [RETURN] at
             the 'password:' prompt), or

          C) set the password to 'conquest'

      In that order... After all you want to make it easy for people
      to get into the game, right?

    5. Test it out.  Try 'telnet localhost', login as 'conquest', and
       enter whatever password you defined in step 4.  You should wind
       up at the Conquest login screen.  Here you choose a username
       (if you don't have one already), give a password, and you
       should be at the Conquest main menu.  Enter the game and blow
       up some things ;-)


   NOTE: although telnet users will be able to change their options
   from the conquest Options menu, they will not be able to save them.
   Sorry.  Use a client instead.

   If you want others to know about your telnet'able server, let me
   know the particulars and I'll stick it in the 'Conquest Servers'
   section of the Conquest webpage, since the meta server has no way
   of knowing whether your server is reachable via a telnet interface.

## Expiring users

   By default, whenever a user logs into Conquest, an autoexpire is
   run to locate and 'resign' all inactive remote users.

   A user is expired: 

     A) if the user is a non OPER or non robot user - no expiration is
        ever done on these users.

     B) the user hasn't entered the game in 'user_expiredays' days,
        which is set in the system-wide conquestrc file.

     C) the user isn't currently flying a ship.

   If all of these conditions are met, the remote user is resigned
   from the game.


# Disabling expiration of users

  If you wish to disable expiration altogether, set 'user_expiredays'
  equal to 0 in the system-wide conquestrc file, or via the Options
  menu in conqoper.

### Examples

    Here are a few examples for starting the server (the '#' prompt
    implies you are running these as root):

    # conquestd -d -u nobody

      Runs a server as user nobody.

    # conquestd -d -u nobody -l

      Runs a server as user nobody.  Only local clients can connect.

    # conquestd -d -u nobody -m

      Runs a server as user nobody.  Notifies the Conquest Meta server
      about your server.

    # conquestd -d -u nobody -m -N conquest.radscan.com

      Runs a server as user nobody, notifies the Conquest Meta server
      of the game, and tells the metaserver that the address
      'conquest.radscan.com' is the real address of your server, as
      seen from the Internet.


$Id: SERVER.TXT,v 1.11 2004/07/05 20:26:08 jon Exp $