What I can't figure out is how to link the two Public Services. But if I do that, then you are able to connect to the server regardless of whether you authenticated. I am able to connect to the Minecraft server from outside the network if I change the above public service to have Default Backend Pool = Minecraft. Unfortunately, the above does not seem to work. Rule: Minecraft (this is basically just equal to IF Auth_User) I think the solution must involving setting up a second frontend: That is, you can't depend on hostname = to trigger the rule.Īs a result, I have changed the rule Minecraft to equal IF Auth_User (i.e., the user successfully authenticates). I am guessing something is wrong with my "Public Server" settings, but am not sure what.Īfter some searching, it seems that because Minecraft does not use HTTP, you cannot use Host_Minecraft condition. So what am I doing wrong? I am able to get the user authentication working, but HAProxy is not correctly passing traffic to my Minecraft server. I thought this would work because I thought this would satisfy the Host_Minecraft condition. I just want to satisfy the Auth_User condition.Ģ) I open Minecraft and add the server, and I try to connect, but it does not work. After login, the browser shows an error message because there is no webserver at that location. The connection is properly secured using the Let's Encrypt certificate. On the WAN, I allow IPv4 TCP/UDP protocol to pass at port 12345.ġ) Using my browser, I am able to go to, it gets a user/password prompt, and I able to "login" using my test user credentials. Type: HTTP / HTTPS (SSL offloading) Ĭertificates: wildcard certificate from Let's Encryptĭefault certificate: wildcard certificate from Let's Encrypt Listen Addresses: 0.0.0.0:12345 I don't know if 0.0.0.0 is the right address to use here Selected conditions: Auth_User AND Host_MinecraftĮxecute function: Use specified Backend Pool I added this single user to a test group.Ĭondition type: HTTP Basic Auth: username/password from client matches selected user/group Stick-table persistence table type: Source-IP Persistence Type: Stick-table persistence Mode: TCP (Layer 4) -> my understanding is that this should be set to TCP because Minecraft is not a webserverīalancing Algorithm: Source-IP Hash In the Let's Encrypt plugin, I do NOT check "HAProxy Integration" because I understand that is only needed if I use HTTP-01 validation and I don't use that method.Ģ) I use Dynamic DNS to set domain.xyz and to equal my WAN IP address. I purchased my own domain (domain.xyz) and have successfully issued a wildcard certificate for domain.xyz and *.domain.xyz. I understand Minecraft uses port 25565.ġ) I installed the Let's Encrypt plugin. If people do not first go to the URL to authenticate, they should not be able to connect via Minecraft. After that, they are able to connect to my server by connecting to inside Minecraft. Any guidance would be greatly appreciated!Įnd Goal: I want people to go to some web address (e.g., ) and authenticate using a user / password that I give them. I thought HAProxy would work for this, but have not gotten it to work. I want an in between solution where people can access the Minecraft server after HTTPS user / password authentication. For security reasons, I don't want to just port forward and allow public access to the Minecraft server, nor do I want these people access to my network via VPN. They want to allow cousins / school friends to play on our server. I have a personal Minecraft server on the LAN that I run for my kids.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |