Minecraft Server Soft
Barton Ostby
I've heard about the dangers of port forwarding to let people play on a minecraft server hosted on your computer. But I was wondering, could having a VPN on the computer with the server possibly avoid the danger or make it safer?
To answer your question bluntly, "No, it would not make you more secure." However, your question shows that you are relatively new to networking and security, so I would like to expand my answer a bit, to give you some context for it.
The internet works based on IP addresses. A typical IPv4 address will look something like 173.194.222.139. This address represents one computer1 somewhere on the internet. In order to communicate with a specific application on that computer (e.g. a Minecraft server), that application listens to a specific port, such as 25565.
A packet sent to a computer has to contain it's address, but also the port which corresponds to the application that is supposed to handle the packet. This is done so that a computer can have many different applications running at the same time, with each listening to different port. That means your computer could be running a Minecraft server on port 25565, an Unreal Tournament 2004 server on port 7777 and a web server on port 80 and 443.
If you are at home and have multiple devices at hand, you can search for your external IP address and you will see that all of them likely have the same address. How is this possible, if above I said each address corresponds to one computer?
The answer is NAT. I won't go into detail, but think of it like a hotel lobby. The hotel has one address, but many rooms internally. Mails sent from the hotel go to the lobby, which then send the mail out. The sender is the hotel, and the recipient sees that it comes from the hotel. The recipient will write a reply to the hotel, and the hotel lobby will give the mail to the person who initially sent the mail.
The disadvantage is that this only works if the person in the hotel writes first. If someone would like to send a mail to someone living in this hotel, the hotel wouldn't know what to do and just throws the letter away.
This is where port forwarding comes into play. It essentially means "If traffic comes to this port, I will forward it to this internal machine on that port". In terms of our mail analogy, it's akin to writing "To: Awesome Hotel, Room 1337". The lobby will know where to forward that to.
Concretely, if we set up the gateway computer (the hotel lobby in our analogy) to forward all traffic to port 25565 to your internal computer running the Minecraft server on port 25565, then people connecting to your external IP on that port will actually be forwarded to your internal computer on that port.
It's a necessary evil. By forwarding one port to your internal computer, it means everybody on the internet can attempt to connect to that port. This is necessary, as otherwise nobody could play Minecraft on your server.
The problem is that if the server has any security vulnerabilities, be it in the base software, a mod you installed, etc, then this directly affects your computer. It's a risk in theory, but in practice, I would not worry too much about it.
The only scenario in which a VPN would help you is if you ran a VPN gateway in your network and have the Minecraft server accessible only to those with access to your VPN. The problem is, that this is way more difficult to set up, and even more difficult to set up in a secure manner. Just forwarding a port to your Minecraft server is way less likely to get you into any troubles.
The danger of port-forwarding is that it lets computers on the internet communicate with any program on your computer that is listening on that port. If you instead host your server through a VPN, you'll still need to allow traffic to the port somehow; the content of the traffic isn't fundamentally changed by it coming through a VPN to your computer. If you're only running a Minecraft server on that port, and you do actually want people to connect to it, then there's no danger to forwarding the port.
Most VPNs don't let you forward ports (which wouldn't be usable for hosting a Minecraft server), or they expose all ports (which would be like forwarding all ports to your computer), so a VPN might even be worse on this measure.
There are other dangers that hosting through a VPN could address though. If you wanted to obscure what city you lived in, or you were worried that someone might DDOS you and slow down your home's whole internet access, then hosting through a VPN would help with these.
If you just install a client, it does not change anything. Anyone can connect to your computer, no matter if the VPN is connected or not. Your outgoing connections will go thru VPN, but incoming connections don't.
On the other hand, if you install a VPN server, and make Minecraft listen only to the interface the VPN created, nobody outside can connect, except those coming from the VPN itself. You create a port forward for the VPN server, send login/password for your friends, and you are safe.
VPN does not help. If you are running a server and want to allow outsiders to connect to the server, you need to give the outsiders an internet-routable IP address, protocol (usually tcp) and port number to connect to.
This tutorial takes you through the steps of setting up your own Java Edition server using the default server software that Mojang Studios distributes free of charge. The software may be installed on most operating systems, including Windows, macOS, GNU/Linux and BSD.
Java is a programming language designed to create programs for the Java Virtual Machine (JVM). The JVM supports many different platforms. By doing this, developers write code for the JVM and any platform supported by the JVM can run the program. Further reading.(Remote shell port)
OpenJDK and OracleJDK are very similar. OpenJDK is the official open source reference implementation of Java. OpenJDK is an open source codebase that almost all other JDKs are built on. Excluding packaging, cosmetic and license differences OpenJDK is the same as OracleJDK.
Do note that OracleJDK (Oracle's "OTN") builds require a paid subscription for commercial and production purposes. This likely includes running a Minecraft server even if it is non-profit. Oracle does provide its own OpenJDK builds, but they are not packed into an installer format for easy use.
A headless Java installation is a trimmed down version of Java. It does not have a GUI or mouse/keyboard support. Headless Java is frequently used in Servers or other environments where a GUI is not needed.
The general gist of running a Minecraft server is that you will need to install java, run the server, accept the EULA, and run it again. Once you have installed java and opened up a command line, everything is basically the same.
At this point you should have a basic server running. See Configuring the environment for more information about configuring your server. One of the things you definitely want to do is writing a script to launch the server so you don't have to remember the command line.
To sum up, a reasonable flag combination can be as simple as -Xmx4G -Xms1G -XX:SoftMaxHeapSize=3G -XX:+UnlockExperimentalVMOptions -XX:+UseZGC. That is it. There are bits that you can squeeze from complicated flags, but you would get much more from modified server software. In fact, all serious discussions (e.g. Aikar and brucethemoose) of server performance assume some degree of modding.
Options for the server JAR go after the -jar minecraft_server.jar part. Run with --help to see all available arguments that can be passed to the server. Below is a list of available commandline options for the server.
The Minecraft server requires the Java Runtime Environment (also called JRE or simply Java). For your security, you should only use the most recent version of Java. To verify that you have the latest version, do one of the following:
Linux comes in many different varieties called distributions (distros). Some of these distros are designed or better suited for running a server. If you are setting up a dedicated server it is recommended to use one of these distros.
Note: You might need to install the package "software-properties-common" by running sudo apt-get install software-properties-common and/or "python-software-properties" by running sudo apt-get install python-software-properties to use the apt-add-repository command.
Alternatively, you can visit Java's website directly to download the Java package for Linux. Most distros work with this (either 32 or 64-bit). Instructions for the installation of those different packages are given on the site.
Before installing this JRE, you have to install the linux binary compatibility on FreeBSD, you can follow this documentation.
Jave requires some information about the proc. You have to mount linprocfs, type:
Create a folder and copy the Minecraft server jar in it.
In the actual version you will get this exception syscall epoll_create not implemented if you run the server in the usual way, so we add this line to the command to fix that -Djava.nio.channels.spi.SelectorProvider=sun.nio.ch.PollSelectorProvider.
The command to launch is like:
Place Holders have been used in this example shell script including PATH_TO_YOUR_JRE.deb and PATH_TO_SERVER_JAR.jar replace them with /INSERTACCOUNTREGISTERNAME/.../INSERTJRENAME.deb and /INSERTACCOUNTREGISTERNAME/.../INSERTJARNAME.jar
Hostman is an application hosting provider to host apps in the cloud. Minecraft is available as a one-click app package on Hostman. Installation takes about 2 minutes, there's an instruction on how to configure the server and start playing. You can have multiple Minecraft services on one server. Try a free demo here.
Cloudron is a platform to self-host apps on your server. Minecraft is available as a one click app on Cloudron. It comes with a web interface to manage Minecraft from the browser. You can also have multiple installations of Minecraft on the same server. You can try a demo here (username: cloudron password: cloudron)
c80f0f1006