SparkyGears

joined 1 year ago
 

My nephews really enjoy Minecraft and so for Christmas, I want to give them a server for us all to play on (of course, self-hosted). The issue is that I've only got a vague idea about how one can safely self-host it, any ideas are greatly appreciated.

The more safe way that I'd personally do something like this would be to VPN into my homelab (Wireguard + DuckDNS) and access the server that way. For practical reasons that's not going to fly... I'd like to connect to the game server from anywhere, with any account, and without a VPN. This will make it accessible to the kids.

When one adds a server in Minecraft, it seems like they specify a FQDN:Port (MySite.com:25565). I could punch port forwards in my firewall and call it a day, but this seems insecure. Going forward I'm not going to forward any ports without some layer of encryption or authentication on the other side (seems like the latest best practice).

Cloudflare Zero Trust sounded like the ideal solution, notably because it's free, but also that it has intrinsic protection against DoS attacks. This isn't self-hosted though, and to properly utilize this, I would need to purchase my own domain name (not opposed to that, just an extra cost).

How do you guys architect your services to be secure while also being broadly accessible on the Internet? I imagine it's a similar tale for self-hosting a website, just in this case it's a Minecraft server. Thanks much.

 

How would you guys approach managing a bunch of devices for your family? I'm the designated "IT Guy" (not in IT) so I get asked to fix issues with everyone's PCs, phones, and so on. For some family members, the most they can figure out how to do is turn on the computer... so having access without them going through any hoops is ideal.

My inclination is to use MeshCentral (MeshCommander?) and install that on everything. On a local network I've seen this work well and the multi-platform access is very appealing.

However these family members live in four different houses all over the US - so whatever connectivity gets established between me and them needs to happen remotely (I have a homelab that I can point everything to if that helps). While I could install an appliance on each of their networks, the simpler the better.

Also I've heard of headscale to create a mesh VPN between clients, although it would ideally be something where again they don't have to manually enable anything.