Securing Velocity Proxy
As the titles say, any recommendations on having the best possible secure velocity proxy?
77 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by cobrawalker#0
Following these steps (https://docs.papermc.io/velocity/security) is essential, then add a whitelist plugin and you are good to go. In all honestly, just make sure your backends are not reachable at all by outsiders and your 99% there.
Securing Your Servers | PaperMC Documentation
It is vital that you secure your backend servers. As part of setting up Velocity, you will put your
Also if your running 1.13+ use modern forwarding.
SpigotMC - High Performance Minecraft
LibertyBans
my velocity uses 25565
then other serves like lobby for example
25566
Yeah, just configure in your firewall to only have 25565 open to the outside and the rest closed
if i try to connect to other servers directly
this showing up would be correct right?
Are you using velocity or bungeecord?
velocity
Then why is there a bungeecord message?
thats if im just trying to directly join servers without going thru proxy
but other than that looks like i did everything ok
Right, but it says bungeecord config. Are you sure you are running velocity? Maybe send logs of the server using mclo.gs
!logs
Please check your server log for errors from your plugins.
If you need further help understanding the errors, please send us the whole log file.
Where can I find the server log?
Logs are stored in
<server_directory>/logs/. Search for a file explorer in your server's management interface and navigate to that directory. Once you've opened that up, search for the latest.log file. Some providers have a separate page for logs and may hide the "logs" folder.
On Aternos:
• Go to https://aternos.org/log/.
On Minehut and server.pro:
• Go to the "files" tab in the left menu.
• Navigate to the root directory of your server.
• From there navigate to /logs/latest.log.
What should I do with the log?
• First of all, read it! I mean, that's what you do all the time when you run a server, isn't it? Try to locate any errors that have anything to do with the issue you are facing.
• If you got the latest.log file or created a .txt file with the necessary errors you can upload these directly to the channel, but we prefer if you upload them to https://mclo.gs/.
• If you have trouble downloading the log file, copy/paste the text to a paste service (like mclogs). Copy the link that it gives you and send it to us. (Don't worry, McLogs hides your users' IPs.)Admincraft Canned Responses
Do you know how a firewall works? (Totally fine if you don't, no shame, will just explain it)
Oh ok good. What server software is the backend running?
paper
would it be because of this?
Do you want to use modern forwarding? It is a second layer.
If your server only supports Minecraft 1.13 and above, Velocity's modern forwarding can forward player information to your servers and provide a second layer of protection against someone trying to impersonate as your proxy.this is how it used to be done with bungee
but i completely stopped using it
right, now days, paper has a velocity option, so you can turn off bungecord and enable velocity in the paper config
yes
turn that off
ok its off now
follow theese steps for modern forwarding
this is my first time seeing this
a lot has changed since 2015...
Legacy forwarding is fundamently insecure. Modern forwarding is much better, if you can't see the screenshot, check here https://docs.papermc.io/velocity/player-information-forwarding#configuring-legacy-bungeecord-compatible-forwarding
Configuring player information forwarding | PaperMC Documentation
Velocity supports forwarding information about your players to your servers, such as IP addresses,
set the secret to the velocity secret on your server. do not share the secret, think of it as your proxy's password
I understand now
looks like imma have to re-learn all of this
i set key, anything to do here?
Don't worry, now days its well documented and super easy. I will get you through it all, just listen to what I'm saying
ok im listening
Turn online mode back on if you don't have cracked players. Copy what this config looks like on each server
i didn't turn it off
it was like that
Ok, turn it on if your players are legit (if they bought actual mc and aren't pirating the game)
Once you have configured each server, you are going to want to add them as a backend in velocity. Tell me when you are ready
ohhh
i see...
that's nice
got it
Nice job!
Are you ready for the next steps?
sure
Ok, go to your velocity proxy and open the velocity.toml file
im there
There you will find servers and just edit them to have the correct ports and names.
i saw
Ok, do you have it all set?
mhm only what i need rn
I kinda forgot a step sorry, go to your backend servers (lobby, ect) and in server.properties set
online-mode: falsethat's done
Ok, try to connect via velocity
Does it work?
yeah
it prevents me from directly joining other servers with their port
so i guess it works
Perfect, now just make the only port acessable from the outside be the velocity 25565 port and the rest not visible or reachable
done
yep
Nice, that should be pretty much done. Slap liberty bans plugin (https://www.spigotmc.org/resources/libertybans.81063/) and epic guard (https://modrinth.com/plugin/epicguard) and your there
SpigotMC - High Performance Minecraft
LibertyBans
is this for velocity or backend servers
Velocity
already got that epicguard plugin
Liberty bans is for whitelisting and banning throught the proxy (meaning proxy-wide whitelist and banning)
Cool beans, just config each to your liking and you are set
Also add a whitelist if its just you and your friends
If you need anything else, just ping or dm me! If I answered your question, just run /close and your question will be automatically closed.
if libertybans is on velocity how do admins use ban
cause it doesnt seem to exist on backend
i guess imma need a database?
@Penguin Terminal
No, since there is no operator on velocity, it can't tell who owns the server, thus who should have commands
LuckPerms - A permissions plugin for Minecraft servers.
LuckPerms
LuckPerms is a permissions plugin for Minecraft servers. It allows server admins to control what features players can use by creating groups and assigning permissions.
got that
Make sure to install the velocity version
oh
so remove it from backend servers
and just keep it on velocity
You can have both
The velocity one just only manages the velocity one and the paper one only manages paper, but you can config them to sync
Then just run /lpv editor and click on the link and add all permissions that are for liberty bans
how would i sync them
LuckPerms - A permissions plugin for Minecraft servers.
LuckPerms
LuckPerms is a permissions plugin for Minecraft servers. It allows server admins to control what features players can use by creating groups and assigning permissions.
They can't really sync as much as just handles the plugin checks
So it should be setup fine out of the box, mb
If you need anything else, just ping or dm me! If I answered your question, just run /close and your question will be automatically closed.
ok thanks
!close
post closed!
The post/thread has been closed!
Requested by cobrawalker#0