Recent Discussions
"X-Forwarded-For" equivalent?
Unanswered
Asian black bear posted this in #questions
32 messages
0 views
Asian black bearOP
Currently proxying from a VPS to my homelab server over tailnet using nginx, but now I'm realizing that when all connections come through one machine Minecraft only ever sees that one IP. In the HTTP world you just add an X-Forwarded-For or X-Real-IP header and the downstream webserver figures it out, is there anything like that for Minecraft?
https://github.com/sebastianrasor/nix-config/blob/main/modules/nixos/minecraft-public-proxy.nix
https://github.com/sebastianrasor/nix-config/blob/main/modules/nixos/minecraft-public-proxy.nix
Philippine Crocodile
I do vps -> velocity proxy, although I'm using haproxy and just enable haproxy protocol in velocity config
Polish
There are two ways you typically achieve this, one is by using a Minecraft-specific proxy to forward your traffic, or by using l3 proxy which supports proxy protocol v2 and server software which supports reading proxy protocol.
Asian black bearOP
minecraft specific proxy is probably my best bet. i'll look into velocity but are there any alternatives that are looking better? i'm gonna be rolling a pretty unique implementation regardless so it's not really gonna make a difference how well supported one is over another
Polish
Velocity is pretty much the standard / most recommended option
Asian black bearOP
Does velocity allow for multiple proxies?
I've got the actual server running inside my homelab rack on my home network
VPS will proxy connections from the public internet through tailscale to the primary server
Right now when I'm connecting through tailscale on my laptop, I don't need to connect to the VPS at all since I'm just going straight through tailscale.
The issue then is that with the primary server being set to offline mode, if I join directly that's going to cause some issues
I've got the actual server running inside my homelab rack on my home network
VPS will proxy connections from the public internet through tailscale to the primary server
Right now when I'm connecting through tailscale on my laptop, I don't need to connect to the VPS at all since I'm just going straight through tailscale.
The issue then is that with the primary server being set to offline mode, if I join directly that's going to cause some issues
First workaround I thought of is running Velocity on the VPS for public connections, then again on my homelab server for internal connections
@Asian black bear Does velocity allow for multiple proxies?
I've got the actual server running inside my homelab rack on my home network
VPS will proxy connections from the public internet through tailscale to the primary server
Right now when I'm connecting through tailscale on my laptop, I don't need to connect to the VPS at all since I'm just going straight through tailscale.
The issue then is that with the primary server being set to offline mode, if I join directly that's going to cause some issues
I've got the actual server running inside my homelab rack on my home network
VPS will proxy connections from the public internet through tailscale to the primary server
Right now when I'm connecting through tailscale on my laptop, I don't need to connect to the VPS at all since I'm just going straight through tailscale.
The issue then is that with the primary server being set to offline mode, if I join directly that's going to cause some issues
Polish
Multiple proxies to one backend server, sure. chained proxies? no.
https://docs.papermc.io/velocity/server-compatibility/#proxy-behind-proxy-bungeecord-velocity
https://docs.papermc.io/velocity/server-compatibility/#proxy-behind-proxy-bungeecord-velocity
Polish
For this setup, you'd either need to use two proxies, one internal, one external, both pointed at the backend directly; or a proxy which supports proxy behind proxy (unsure which do, I've never needed this setup).
Philippine Crocodile
proxy behind proxy is generally unheard of, havent seen any proxy that does that
Polish
In theory, you can do it with something like this with Nginx streams, e.g.
stream {
server {
listen 25565 proxy_protocol;
proxy_pass 192.168.10.10:25565;
proxy_protocol on;
}
}But I've not tested it for proxy-behind-proxy
Though I do use nginx streams for my MC server
Asian black bear
What you should do (if I were in your shoes) is:
- setup Velocity on your VPS
- Velocity can use tailscale to proxy traffic to/from your homelab servers
- connect to your server only via Velocity, not directly
- setup Velocity on your VPS
- Velocity can use tailscale to proxy traffic to/from your homelab servers
- connect to your server only via Velocity, not directly
really uncomplicated
Polish
They don't want to go via their VPS when connecting to the server when it's on their LAN
Asian black bear
I read that and my 3rd point addressed it
(as in- forget connecting directly if you’re proxying traffic)
Polish
If they're fine adding the round trip, then yeah, the setup is simple
Even two proxies with the same secrets isn't that bad, would just involve static DNS entries on your local DNS server to direct local traffic to the local proxy
@Asian black bear What you should do (if I were in your shoes) is:
- setup Velocity on your VPS
- Velocity can use tailscale to proxy traffic to/from your homelab servers
- connect to your server only via Velocity, not directly
- setup Velocity on your VPS
- Velocity can use tailscale to proxy traffic to/from your homelab servers
- connect to your server only via Velocity, not directly
Asian black bearOP
Yeah this is what I'm planning based on this conversation, my last question was in regards to connections to the server made from within the tailnet
I don't want a proxy chain, VPS will always be talking directly to the actual Minecraft server through tailnet
but if my laptop is also on the tailnet and it tries to speak to the server directly that's not a great situation due to offline mode. So it sounds like I'll just need to have another proxy for internal connections, which is fine
Loading...
Loading...