Hello everyone :D

I’m looking to host some gaming servers to play with my friends (minecraft, enshrouded, and others), and some apps (paperless-ng, jellyfin, seafile, etc.). Each game server must be accessible from the Internet, but only certain applications will be accessible (jellyfin, etc.)

I don’t want to open any ports on my router or share my public IP. I already have a domain name, and I’m thinking of using some VPS to host a reverse proxy with tailscale or netbird.

For the VPS, I’m thinking of using OVH with unlimited bandwidth. I already have the domain name here, and I live in France where the servers are.

A few questions :

  • Is this a good idea ? Any better solution is welcome.
  • I don’t really know how I’m going to redirect subdomains to use the correct reverse proxy. Local DNS on the VPS ?
  • Tailscale or Netbird ? (I actually don’t have any idea)
  • Won’t using Tailscale or Netbird like this cause performance losses on game servers ?

Reverse proxy :

  • nginx for application
  • infrared or gate for minecraft server
  • Others for different game servers if needed.
  • Big P@feddit.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    As far as I’m aware you don’t need a seperate VPS if you’re using tailscale, or you don’t need tailscale of you use a reverse proxy via a vps. You can just host it in the same place you’re hosting the games and apps.

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      If I use the same server to host games and apps, how am I going to redirect URLs to the correct reverse proxy ? I think I need a little more research, but I agree that putting the reverse proxy in the same place as what I’m hosting is a better idea.

      On the other hand, if I just use tailscale, how can people connect to the game servers without having to install anything ? Or I just don’t understand how it works.

      • Big P@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        You still need a reverse proxy just doesn’t need to be on a seperate server. If you want to do it without people having to install something, you may be able to use cf tunnels for the web pages but game servers definitely don’t work through that and you’d have to have some sort of external forwarding. Keep in mind though that will introduce possibly an unacceptable amount of lag to the server.

        • Dragnansia@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          I’m going to try the first approach of @Limonene.
          I hope the amount of lag is not that high, and thank you for reminding me.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    9 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    IP Internet Protocol
    TCP Transmission Control Protocol, most often over IP
    UDP User Datagram Protocol, for real-time communications
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    nginx Popular HTTP server

    7 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

    [Thread #564 for this sub, first seen 2nd Mar 2024, 14:55] [FAQ] [Full list] [Contact] [Source code]

  • Limonene@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.

    My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.

    My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.

    • ArtikBanana@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      Just chiming in about Tailscale.
      The initial connection uses their server just to reach / connect to the other peer. After that, the peers are connected directly and all communication is direct.

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      I’m going to try your first approach, which seems to be what I want.
      The second one looks tempting, but the first one seems to be more secure, I think.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    cloudflare tunnel?

    Stick the cloudflare container in a docker network with other services you wish to expose for access.

    • alive_posted115@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Just so everyone is aware, Cloudlfared tunnels allow Cloudflare to see all of your server’s traffic

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      This can be a solution, but only for game servers, and I’m just going to use Tailscale or Netbird for apps.

      From what I can see, it’s possible to use this for playing Minecraft with this mod, modflared. Not the best solution, but a working one (I hope).

      • PeachMan@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        but only for game servers

        Why? I use tunnels for everything, all sorts of apps included. They’re easy to set up, and reliable.

        Tailscale is a good solution, though. I use that as well.

        • Dragnansia@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I don’t know if this is paranoia, but I don’t read good things on Cloudflare for privacy.
          And after some thinking, using OVH VPS is not the best thing to do for privacy…

          You got me 😂

          • PeachMan@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            They’ve had some security breaches, like most companies. If you’re feeling paranoid, do some reading on nginx vulnerabilities.

            Exposing your home servers to the Internet is always risky. There is no 100% safe way to do it.

  • ArtikBanana@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    Tailscale funnel lets you expose services to the internet without opening any ports.

    There’s also the option of inviting your friends to your Tailscale network and limiting them to specific services. But they’ll have to install it on their devices.

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    ZeroTier is also an option in the same vein as TailScale.

    You will share your IP with something like TailScale or ZeroTier.

    Reverse proxies can be good but with gaming … there’s only so much you can do because of the custom protocols. Most of that stuff isn’t going to care about the DNS. You’re also introducing additional latency if you use a VPS as a “middle man.”

    I think you need to consider who you’re going to be giving access to and what threats you’re trying to protect against.

    My advice would be to set up ZeroTier on all the machines that are going to play together and set it up so it only allows connections between clients and the server (there’s a guide for this in their documentation). Then give the gaming machine a ZeroTier IP you put in your DNS.

    Most games use different ports so there really isn’t a need for lots of DNS names. However, you could assign multiple ZeroTier IPs to the same machine and give each game server its own DNS and its own IP.