Add jattach utility (#4114)

.github/workflows/verify-docs.yml

@@ -0,0 +1,35 @@
+name: Verify Docs
+
+on:
+  pull_request:
+    paths:
+      - 'docs/**'
+      - 'zensical.toml'
+      - '.github/workflows/verify-docs.yml'
+  workflow_dispatch:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build docs image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docs/Dockerfile
+          load: true
+          tags: docs-verifier:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Verify rendering
+        run: |
+          docker run --rm \
+            -v ${{ github.workspace }}:/docs \
+            docs-verifier:latest build --strict

build/alpine/install-packages.sh

@@ -33,6 +33,7 @@ apk add --no-cache -U \
     libwebp \
     libcap \
     numactl \
+    jattach \
     ${EXTRA_ALPINE_PACKAGES}
 
 # Download and install patched knockd

build/ubuntu/install-packages.sh

@@ -30,6 +30,7 @@ apt-get install -y \
   libpcap0.8 \
   libnuma1 \
   libcap2-bin \
+  jattach \
   ${EXTRA_DEB_PACKAGES}
 
 # Clean up APT when done

docs/misc/troubleshooting.md

@@ -35,4 +35,20 @@ The labels that are most interesting are:
 
 - `org.opencontainers.image.created` : the date/time the image was built
 - `org.opencontainers.image.revision` : which maps to <https://github.com/itzg/docker-minecraft-server/commit/REVISION>
-- `org.opencontainers.image.version` : image tag and variant [as described in this page](../versions/java.md)
+- `org.opencontainers.image.version` : image tag and variant [as described in this page](../versions/java.md)
+
+## jattach
+
+This image bundles the [jattach](https://github.com/jattach/jattach) utility for attaching to running Java processes. It is described as
+
+> The utility to send commands to a JVM process via Dynamic Attach mechanism.
+>
+> All-in-one jmap + jstack + jcmd + jinfo functionality in a single tiny program.
+
+When exec'ed interactively into the container, jattach can be invoked against the Minecraft server's java process by using commands similar to the following
+
+!!! example
+    
+    ```shell
+    jattach $(pgrep java) threaddump
+    ```

docs/sending-commands/ssh.md

@@ -6,7 +6,7 @@ The container can host an SSH console. It is enabled by setting `ENABLE_SSH` to
 The SSH server only supports password based authentication. The password is the same as the RCON password.
 
 !!! question
-    See [the RCON password](../configuration/server-properties.md/#rcon-password) section under configuration/server-properties for more information on how to set an RCON password.
+    See [the RCON password](../configuration/server-properties.md#rcon-password) section under configuration/server-properties for more information on how to set an RCON password.
 
 The SSH server runs on port `2222` inside the container.
 
@@ -15,7 +15,7 @@ The SSH server runs on port `2222` inside the container.
     !!! warning "Security Implications"
         By default, publishing ports in Docker binds them to all network interfaces (`0.0.0.0`), making the SSH console accessible to any device that can reach your host machine.
         
-        Since the SSH console grants **full administrative access** to your server, it is critical to use a strong [RCON password](../configuration/server-properties.md/#rcon-password). 
+        Since the SSH console grants **full administrative access** to your server, it is critical to use a strong [RCON password](../configuration/server-properties.md#rcon-password). 
         
         If you wish to restrict access to the local machine only, refer to the [Docker documentation](https://docs.docker.com/engine/network/port-publishing/#publishing-ports) on binding to specific IP addresses (e.g., `127.0.0.1:2222:2222`).
       

docs/sending-commands/websocket.md

@@ -26,9 +26,9 @@ When a connection is established, the last 50 (by default, configurable with `WE
     !!! warning "Security Implications"
         By default, publishing ports in Docker binds them to all network interfaces (`0.0.0.0`), making the WebSocket console accessible to any device that can reach your host machine.
         
-        Since the WebSocket console grants **full administrative access** to your server, it is critical to use a strong [WebSocket password](#password) or [RCON password](../configuration/server-properties.md/#rcon-password).
+        Since the WebSocket console grants **full administrative access** to your server, it is critical to use a strong [WebSocket password](#password) or [RCON password](../configuration/server-properties.md#rcon-password).
       
-        If you wish to restrict access to the local machine only, refer to the [Docker documentation](https://docs.docker.com/engine/network/port-publishing/#publishing-ports) on binding to specific IP addresses (e.g., `127.0.0.1:80:80`).
+        If you wish to restrict access to the local machine only, refer to the [Docker documentation](https://docs.docker.com/engine/network/port-publishing#publishing-ports) on binding to specific IP addresses (e.g., `127.0.0.1:80:80`).
         
         If WebSocket access is only intended for inter-container connections, consider **NOT** forwarding the port to the host machine, and putting the containers in a shared [Docker network](https://docs.docker.com/engine/network/#user-defined-networks).