Secure Web Facing Minecraft Server

I’m always looking for new home lab projects. This time I decided to look into creating a Minecraft Java server on my home lab. After doing some research I decided I would install an application called Crafty as a docker on a new Ubuntu server.

I installed my new Ubuntu server, installed Portainer, and then configured my Crafty Docker Compose file. Once I started my Docker container, I headed to the web GUI and signed in with the credentials Crafty provided in its logs. I then followed online documentation and configured my first server. I made sure to give the server a sufficient amount of RAM and once finished I launched the server. Now it was time to test it. I launched Minecraft and entered the server address and correct port, and everything worked perfectly. There was only one problem. This is a local server, so it can be used by anyone on my local network, but any of my friends outside my network can’t access it.

In order to allow my friends to join I need to expose my server to the internet. One way I can do this is through port forwarding. This would work but is generally not a great practice as it exposes my internal network to the internet and gives away my IP address. Luckily there is an application called PlayitGG. This application works as a middleman between my server and the internet. It creates an encrypted tunnel between my home server and the PlayitGG, and then allows people to connect to it and forwards that connection to my server.

While PlayitGG is much safer than port forwarding, I am still exposing my network to the internet. And for this reason I set my server up on a separate VLAN in my home lab, so if anyone was ever able to hack my server the only thing they could access would be my single Ubuntu machine.

With everything set up I invited my friends to the server and everything worked great for the first day. On the second day when I would try to join it would give me a host unreachable error. I was getting an error in the server logs. The error message was “java.net.UnknownHostException: Unable to resolve host”. I ended up restarting the server, creating a new server using a backup of the Minecraft server, but the problem still persisted. Looking at the error it seemed to be a DNS issue. With nothing else to go off of, I decided to log into the Linux command line and troubleshoot further. First I checked my resolv.conf file, which has my DNS server information. I decided to try a different DNS server to solve the issue. I added a hashtag to the existing DNS entry (making it a comment) and added a new entry for googles DNS server. I saved the file and rebooted my machine. I relaunched the Minecraft server and it worked perfectly,

With this issue resolved we were back to playing. This project was great for strengthening my Linux, Docker and DNS troubleshooting skills. It was also a great opportunity to get some more experience with configuring and deploying VLANs with cybersecurity in mind.