I've been playing Minecraft with the family, and running a local PaperMC server for a while now, and last year set up an online server with the Oracle free tier. I've had a load of failed login attempts recently, and the server crashed. I don't know if they were related, but it made me realise that I've missed a few steps during the setup.
I have a domain that points to the server through Cloudflare, so it's easier to share, and I've got a whitelist / allowlist of Minecraft users to keep it private. My thinking is that this is what I want:
Domain name through Cloudflare to stop things like DDoS attacks, and to have https certificates (might need LetsEncrypt too?).
PaperMC server running on an Ubuntu server on Oracle's free tier. 2 cores and 10GB RAM should be enough for less than a dozen players.
Pterodactyl control panel to manage the server through a GUI from anywhere.
Firewall / block to stop connections from outside the UK. Hopefully that should restrict bots and malicious login attempts.
I've got a handful of plugins that I use, like Geyser / Floodgate and ViaVersion so the kids can log in from any client, and Dynmap so I can view the map and help them out if needs be. I've got CoreProtect and ServerBackup too. I've got OpenAudioMC so that the kids can speak to each other without putting them on something open like Discord, as they're too young for that.
I'm looking into AutoPlug at the moment to keep the plugins up to date, but I don't know if it runs with Pterodactyl or not.
Am I missing anything obvious? I'm happy with the gameplay side of things for now, but I could do with some advice on keeping everything secure.
Geyser had some issues lately.
I run geyser standalone on a vps on the web, the server itself is in my home.
The geyser server would sit at 100% CPU all the time.
From what i understand: they had an issue recently that would hackers use geyser to run DDoS attacks. It was fixed but the hackers still try to connect. All the time.
I don't know if it is released yet (check their Discord) but they quickly released a patched version that would rate limit connection attempts (block the IP after X attempts).
This fixed the issue for me.
That sucks, thanks for letting me know. I updapted Geyser yesterday, but I didn't check the update details. I'll have a look now and see if it does fix the issue.
I'm in the process of backing up the server so that I can wipe and rebuild it using Ubuntu instead of Oracle Linux, as apparently that will give me more options for using things like Pterodactyl, and hopefully some security software :)
I always just use Simple Voice Chat, but it's really smart for you to use a browser-based one to support Geyser. I never considered that before, it's super clever (though it is still a lot less convenient when you're on java)
I'm the tech geek of the family, and the kids are all under 10, so I need to keep things as simple as possible. They're all playing on different devices too, which really doesn't help. I'm trying to find a way to get one kid with a Switch on the voice chat, assuming I can get them in the game in the first place.
I'm not too worried about risking my kid's Nintendo account, but when it's someone else, it's a different story.