To prefix why I am doing this, I want to host a minecraft server for my little brother without giving my IP address out to his friends.
So my idea is, setup a VPS with OPENVPN on it, connect my local unraid server to the VPS server and then figure out a way to port forward.
At the moment I am stuck on the part of trying to port foward the minecraft server, I am able to access the minecarft server if I VPN into the network but I want to be able to access the minecraft server without having to vpn in.
Does anyone know a solution to this problem or a better one?
You will need to enable ipv4 forwarding on the VPS, setup iptables for forwarding it, and setup snat on the local unraid server. Oh, and I assume you already have a VPN tunnel setup. Source/Example
The other option is a (reverse) proxy software.
Unfortunately, this is not something that Nginx or Haproxy is going to be able to help with. Fortunately, there is a specific proxy software for Minecraft available, namely Velocity.
or you can do ddns( dynamic dns) which removes the ip and replaces with a name.ddns.net, further the VPN / firewall server you will be running won’t be doing anything except using your money. as you can run a firewall on the Minecraft server also with just the ddns and no need for a vpn
Sorry, but this is incorrect. It just makes the IP not blaringly obvious but does not “remove” the IP address. You can get the IP with a simple ping command, or really just about anything else.
IP forward by doing this command sysctl -w net.ipv4.ip_forward=1
Setup NAT to port forward
port should be the one I am using for minecraft?
Is the -d and --to-dest my ip address for my unraid server ie my houses IP iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --dport 25565 -j DNAT --to-dest y.y.y.100:25565
Depending on how the OS is configured on the VPS you may also need to configure firewall ACCEPT rules. Run iptables -L -vn and see if the chains are set to default ACCEPT or DROP/DENY.
Or if you’re running a Fedora/RHEL/CentOS system you might want to learn how to use firewall-cmd to manage firewalld because if that is running, you really don’t want to get into a fight with it by trying to use custom rules.
Edit theWorkingDirectory and ExecStart as needed. Call the file velocity.service, put in /etc/systemd/system/, although there other places that will work.
and you should be in business with a systemd managed proxy. It will then autostart with the system, and is easy to restart(sudo systemctl restart velocity)
I also have a simple update script for it, although I don’t really trust it (yet), as I just wrote it like two weeks ago. It works if you are using the stable version. Also you need to make a version.txt in your velocity directory. Something like echo 1.0.7 > version.txt
#!/bin/bash
set -euo pipefail
cd /path/to/velocity/directory
UPDATE_PAGE=$(curl -s https://www.velocitypowered.com/downloads)
UPDATE_URL=$(echo $UPDATE_PAGE | grep -oi 'https://ci.velocitypowered.com/.*jar')
UPDATE_VERSION=$(echo $UPDATE_URL | grep -io 'proxy-.*jar' | grep -ioP '\d.*\d')
CURRENT_VERSION=$(cat version.txt)
if [ $CURRENT_VERSION == $UPDATE_VERSION ]
then
echo Velocity up to date: version $CURRENT_VERSION
else
echo New Velocity update available: version $UPDATE_VERSION
systemctl stop velocity.service
mv velocity-proxy.jar velocity-proxy.jar.old
curl -o velocity-proxy.jar $UPDATE_URL
systemctl start velocity.service
echo $UPDATE_VERSION > version.txt
rm velocity-proxy.jar.old
fi