Valheim Server

A secure, non-root container running a Valheim dedicated server

• Valheim Server
  • Motive
    • Compared with lloesche/valheim-server
  • Getting started
    • Docker Compose
    • Kubernetes
  • Customizing server options
  • Known limitations

Motive

Built with security in mind:

• non-root user by default
• minimal packges installed on valheim image
• separate image for installation and update that runs for a short period of time
  • steamcmd requires a lot of packages containing vulnerabilities

Compared with lloesche/valheim-server

The default user for lloesche/valheim-server is root.

docker run -it --rm --entrypoint="" lloesche/valheim-server id
uid=0(root) gid=0(root) groups=0(root)

See Processes In Containers Should Not Run As Root.

While you can set PGID and PUID when building the container, we're still left with an image with many vulnerabilities. The valheim image in the valheim docker compose service has significantly fewer vulnerabilities. Note the trivy image results below:

From trivy image lloesche/valheim-server:

lloesche/valheim-server (debian 11.9)
=====================================
Total: 1007 (UNKNOWN: 5, LOW: 276, MEDIUM: 590, HIGH: 127, CRITICAL: 9)

From trivy image valheim:

valheim (ubuntu 24.04)

Total: 12 (UNKNOWN: 0, LOW: 10, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

Getting started

Docker Compose

If you're using the Public Test Branch, be sure to set the PUBLIC_TEST environment variable in the installupdate service to true.

1. Spin up the service. Make sure you have Docker installed.

   docker compose up --build --detach

2. (Optional) If you have an existing save, copy it into the valheim service's worlds_local directory.

   docker compose cp <my_server.db> /home/steam/.config/unity3d/IronGate/Valheim/worlds_local/
   docker compose cp <my_server.fwl> /home/steam/.config/unity3d/IronGate/Valheim/worlds_local/
   docker compose restart

Kubernetes

These images are able to run under the Restricted Pod Security Standard. See kubernetes.yaml as an example.

1. Update the server config as desired (env vars in kubernetes.yaml, start_server.bash, etc.)
2. Build the images and push them to your choice of registry
3. Change the images in kubernetes.yaml to align with your image registry
4. kubectl apply -f ./kubernetes.yaml

Customizing server options

Edit start_server.bash as you see fit. See "List of Console Commands" at https://www.valheimgame.com/support/a-guide-to-dedicated-servers/ for more options. If needed, edit the entrypoint/cmd of the valheim service.

Known limitations

• Does not work on Apple Silicon
  • A Segmentation fault in the steamcmd image will result.