Linode protect home minecraft server ip? {solved}

You also have an added benefit here. If you don’t tie the server to a URL and you just tie it to an IP like you’re doing…

If someone tries to DDOS you just turn down the lanode request a new IP turn the linode back on

Update your friends on the new IP done

Additionally if you do tie it to a URL. You can hand that out to people you trust and then keep the IP public. So when you change the IP you can change a DNS record and assuming your attacker doesn’t know your URL then your friends will automatically receive the updated IP and you don’t need to talk to them about it and you can just change the IP publicly posted :wink:

That’s not 100% foolproof but it’s pretty good

there are other methods such as rate limiting and engine x but you got to keep in mind that that comes with its own fair share of headaches

I hope that this gives you an appreciation for the level of automation that these hosting services do in order to host your Minecraft server not only on a URL but also to provide a rudimentary amounts of DDoS protection

P.S change the ssh port so you stop bots trying to brute force it
P.S disable root login, make a user
P.S disable cockpit web socket if it exists on the linode :wink:
P.S use public key auth for your ssh. Passwords are so 2020


I think we’re adding unnecessary complexity here. Everyone who suggested running a little Wireguard tunnel on a Linode VPS is providing sound technical advice, however I think you should focus on the underlying problem – who are you trying to keep out of your network?

If you still wanted to stand up an NGINX or HAproxy node in front of your server to act as a reverse proxy, that may be fine, but you should invest more time in securing your Minecraft server or whatever is open to the web. Only open the ports you absolutely need (19132?). Try securing your server with a robust firewall and Fail2ban:

Cloudflare offers free tier service that can also assist in protecting and securing your server, but it’s no replacement for investing the time to lock down your environment. YMMV, good luck with your project, sir.

1 Like

If you want it public facing so any friend can access it you could use Bungeecord, then use Wireguard to tunnel between local and the VPS, or open the port and add a plugin on the mc server to only allow users from the VPS static IP and local network to connect.

What i did was the nginx reverse proxy approach anyone can connect now. The plan is to have it a public server.

1 Like

solutions finished m8. Should have marked it as resolved I guess lol. We gotta start doing that with threads around here. He ran an NGINX reverse proxy node which is a pretty good way of obscufating his home IP. Which ultimate seemed his goal. It added an advantage. He wont be caught violating terms of service with his HOME internet connection (non business its a violation of TOS on literally all providers).

Cloudflare is a single point of failure tbch and theres a lot of us with anti cloudflare sentiments but I think he did a good job of handling his environment. You lock down the external. Internal locking down can be rather disadvantageous and not really pragmatic. Ive found that out on my own setups.

The thing about cloudflare is. It just shifts the ddos to another centralized service. Someone takes down cloudflare they can take down half the internet. Also funneling all the traffic through one company. God no. The internet practically has gate keepers now and thats very worrisome

God I hate this fuck off cloudflare

Everytime because I have this


(my own recurssive (Top down) DOT+DOH pihole+unbound DNS server)

This is a good reason to detest their protections alone. I should be able to avoid ads and tracking anywhere I want to be and not be forced into a rate limit. To the hell with cloudflare. Happens on this forum too

1 Like

Sorry to chime in on an old, dead/dying thread. Reddit has really gone down the tubes, this community seems to be thriving and people still discuss a wide array of (on topic) technicals, from hardware to software to theory and beyond. My point being, please forgive me as I get accustomed to these wonderful new surroundings.

I have a few NGINX instances running, but I really should invest the time to stand up a proper reverse proxy. My network management server runs its own little reverse proxy within the Docker stack that it got deployed with, plus I have an actual NGINX Debian VM running my web server (went Apache2 > NGINX somewhat recently) as well as a third instance running in the cloud for my UniFi Controller. Ultimately I believe I will turn the pure Debian web server into a dual role, also assuming reverse proxy duties. Any security related issues with having these on the same virtual machine? NGINX has been super simple to stand up, but a lot of moving pieces trying to get all my internal services working properly with their own security certificates. Not sure how much effort is reasonable for my little “lab” environments.

Talk to me a little more about your Pi-hole setup. I’m also running Pi-hole, Unbound + Wireguard on both my DNS servers (for redundancy, one VM + one RPi - only one survives in the event of a power outage). My router captures and invisible redirects (over 5335) any queries on the network from devices with hard-coded DNS settings, but I’m only utilizing DNSSEC (not DoH or DoT, let alone both) on Unbound, which reaches out to TLD via root.hints

It’s not perfect, but disabling Pi-hole’s DNSSEC has sped things up significantly. I’m happy to trade off the slower uncached queries for nearly instant (<1ms) response times on any cached hits, although I only run about ~half as many domains in my blocklists.

I understand (and agree with most all) the incredibly relevant points you made, especially regarding CF (or any other major technology gatekeeper), but I suspect they (as an organization) are MUCH more robust and capable of fending off a variety of attacks (especially DDoS) than your average user running NGINX in shared compute backed up by 40Gbps pipe, or whatever most VPS commonly offer.

Only semi-related example; I don’t love that Google’s browser dominates the landscape, but I’m not going to gimp my day to day experience running inferior software. Thank the maker projects such as Brave & Vivaldi exist. Edge Chromium is fantastic for the normies, but we demand more. FF is barely competitive these days, capturing what, 6% of the market? That being said, FF Focus goes on every mobile device I use…

but even Richard doesn’t go FULL Stallman all the time. I guess I’m trying to say it’s a fine line between being “too” principled and having a usable workspace at your fingertips, ready to roll or react with a literal press of a button.

Hope it’s alright that I took some liberties rambling, got a bit off topic, but you did say the original issue was now resolved. Now I know who to pester when the time comes to work out syntax errors in my future NGINX block(s). :stuck_out_tongue_winking_eye:

Stay safe, sir. Thanks for the detailed response above. So much to learn.

1 Like

ill reply on my blog


My god, please forgive me – my initial reaction was, “who is this pretentious fuck?”

Replying to my question on your blog, what the hell? Until I started reading through your initial post / overview… and it was glorious. Again, PLEASE forgive me. Often times I want to try and nitpick and/or justify in my head why certain software or technology choices or preferences might be different for my own use-case(s) however you went right down the line and justified all your choices, backing them up with incredibly sound rationale. Thanks for sharing, can’t wait to go dig into this and continue further. I’d also love to pick your brain someday regarding various wireless/WiFi technologies, Ubiquiti has been a real disappointment. If you’re serious I will totally at you, sir.

Be safe, look forward to consuming more of your content.

EDIT: when I got to the bottom of your post and you said you were running a P3XL with LineageOS, oh my. You’re my soulmate. I’m swooning over your technology choices. I know some really brilliant government contractors (north of the border) who are all Mac / all Ubuntu all the time and I don’t always respect that approach. Anyway, typed to you from my Pixel but I’m still running Android 11.

We often get that reaction to PLL.

However, I think that’s how he likes to come off sometimes.

I had a similar reaction when I saw the post, more like “oh come on dude, just quote the guy and call it a day” but this was glorious and totally worth.

Rootz, never change.


lol. heim is like this sometimes.


He also tends to change his username too often lol

yea i have been around since 2013ish and i never knew him by rootz. i think that was a razetheworld name. I guess somewhere else i know him by rootz.

He was rootz during tekxit, iirc…

But we be way off topic now.


Sheeit, I was JUST trying to recall the name of the first group I caught Mr. WWbtc with, TekSyndicate or something, eh? Not to dredge up any old/bad blood or wade into territory I know nothing of and may have no business inquiring about, but is there someplace I can read or enlighten myself on what went down to lead into Tekxit ? I assume a power struggle of sorts? I was only vaguely familiar with the scene back then, 2015-2016 – but we got L1 rising liek a phoenix from the ashes, hurray.

Not trying to make an issue or shine light or dig up any negativity that has been long buried, but if anyone privy to the broad strokes could perhaps @ me some links. I’m not inquiring about personal details or anything gory, however my failing memory and mild curiosity appears to be getting the best of me here. Thanks in advance. Don’t hate me.

Rootz, Heim, PLL, et al – YOU, sir are a gentleman and a scholar. I thank you immensely for pointing me towards that blog. Super excited to sit down and go through that.

All the time.

Long and short of it is that the cofounders of tek syndicate had disagreements, some extremely bad optics, and wound up going splitsies. Level1 is what came from it, and I daresay it’s fairly good. (But I am biased lol)

But yes, there was some drama, however it’s long over now and we don’t like bringing it up because a lot of the older users tend to get nam flashbacks, for lack of a better term.



Oh dear. I went and watched the “Wendell blinking SOS” video – couldn’t help myself. Sorry to dredge up old nonsense, but I was just getting introduced to /r/homelab throughout summer of 2016 after devouring every quasi-interesting technology related videos on YT from 2015 and beyond, so i was aware of it happening at the time, but my memory was foggy because I barely understood who the players were, let alone the bad drama and nonsense that was none of my business anyway – unfortunate it went down in a public manner. Wendell was clearly the star, seems the community is better off for the split. Hope everyone has learned, grown, healed and maybe even moved on to bigger and better things.

This community is obviously thriving – ole Reddit has kind of gone to shit over the past couple/few years, i can barely tolerate it. Posts of retail boxes of average kit get hundreds of upvotes while legitimate tech questions and discussion gets buried in the “OOH look! Shiny things” normie crowd. Hope you don’t mind if i pull up a chair and start making myself at home. Took me a while to really mine this place for the genuine greatness contained within these virtual walls, but i think I’ve at least got an inkling where to start poking around now. Thanks for the gentle intro, fellas.

1 Like

You were saying how bad it is to have so much stuff under one roof, namely Cloudflare, oof. Right you are, my good sir. So very right you are: Tesla (TSLA), Cloudfare (NET) Breached in Verkada Security Camera Hack - Bloomberg

LOL I try to come off this way on purpose sometimes. See how people react. Who has the thick skin.

I mean people told me to back up my decisions for a while so I finally did it. thanks man. IDK I want people to all kind of do that. I wrote some guides for some it. I just got fed up with the way things were needed a change. Wanted more control over stuff

I mean when have I ever :wink:

Kink shamer :wink:

I mean way too late I guess?

That was such a mess. As much as I say it was glorious it sucked in someways man.

Im kind of nostalgic about it honestly but its more the older internet I was nostalgic about. The iconoclasticity. Now its well thats a topic for discord tbch

Its not so much about being right as its realizing oh guys holy shit This is a single point of failure that sought out to protect against single points of failure… We just made the problem bigger and keep abstracting further and further. Full stop lets question the route we are on. (But power is power and so on and so forth)