Yes, and Minecraft is TCP not http
Anything.
Personally I use Debian. But Docker doesn’t care. I chose Debian because it is very stable and simple
Nope
Wikipedia is only 110GB… https://library.kiwix.org
Thanks for the help. This is enough to get me started
With Crafty you can bind a specific port.
I use tailscale for public access, and have set it up so tailscale users can access the domain.
I guess what I’m asking for is NPM but for tcp.
No I’m not.
I have tailscale setup for external access. (I have dns records already in my domain provider pointing to a tailscale ip, so a device on my tailnet can access my domain. ie an authorized tailscale device can access nginx.example.com)
I want to know what I have to do to get minecraft.example.com to resolve interenally.
Oh fascinating. I’ll have to look into that
Cool okay.
What about the CNAME one?
For 4 II, its CNAME Name: @ Target: ???
What is the target supposed to be?
Edit: putting “@” for name on the A record, once saved, it changes to my domain instead of @, in your screenshot
A good dashboard helps with not remembering port numbers also. And can look slick
Holy crap thank you so much. I was literally thinking of figuring out how to do exactly this EARLIER TODAY!
Thank you again for this write up. I have almost all of what you wrote already done (cloudflare, NPM and tailscale setup) but haven’t hooked Tailscale and NPM together yet.
I have gluetun+socks5 containea running, then in an app, I put in localip:port
into a proxy field. Then that app will use that connection for internet.
Browsers on desktop also support proxies. So if you want a specific browser to always use the VPN, this is a very simple way to do that.
https://source.android.com/docs/security/features/private-space
Its not bad using the official wireguard app. Its definitely noticable. On the android battery screen it’ll show around 5% after a full day of use and it on always
For an external VPN like mullvad, I run my own proxy. Again it’s only available from my VPN or inside my network.
It uses socks5 and gluetun docket containers and in apps that support proxies, I can add my proxy to it and it’ll route that traffic through the paid VPN.
Or, a work profile (see shelter) or androids new private spaces. If you have private spaces, it uses a seperate network. So if you have a VPN installed outside the private space, it won’t work on apps inside the space. So, what you could do is have a paid VPN inside private spaces, and use it and a web browser or whatever there, and use your server’s VPN outside the private space.
Lmk if you want any of my docker composes
I keep it running always. Partly to access stuff at home, and party to get the ad-blocking from pihole.
Do not expose stuff unless you fully understand the security risks
Correct. But also public access should be considered advanced
I have setup the same thing as a temp measure, but i believe that something like Authelia or Keycloak should replace and be better than Cloudflare’s email OTP.
True. I would like to add another authentication.
I guess my question is how trustworthy is built-in authentication? I’m not really talking about vulnerabilities, but that’s a part of this, but how much trust can I put into a small projects login page being secure?
Oops you are right.
A quick search said mc uses tcp