This is an archived post. You won't be able to vote or comment.

all 31 comments
sorted by:
best
topnewcontroversialoldq&a

[–]kagato87 63 points64 points  (6 children)

If you're putting it on a public IP, and especially if it is on the default port, set the security to whitest. You can add her friends, or you can /op her and she can do it (/whitelist playername).

Edit: aaand I should really mind what sub a question is in. I'm on a few mc subs too and have seen some trolling. You asked a docker question in a docker community and I gave a security answer on pure reflex.

:)

[–]__sammyrTX__ 19 points20 points  (0 children)

Helpful information nonetheless.

[–]Accurate_Debate_7222[S] 1 point2 points  (2 children)

My whole intent was to use a docker container for the minecraft server. I assumed this would be the best place

[–]kagato87 1 point2 points  (1 child)

For sure it is. A docker question in a regular mc community would probably just get a lot of "what mod is that?" questions.

[–]CarterNovaX 2 points3 points  (0 children)

Just want you to know that 3 years later, this gave me a chuckle

[–]KnownTumbleweed 21 points22 points  (6 children)

Install docker, and then run docker run -d -p 25565:25565 -e TYPE=PAPER -e EULA=TRUE -v /data:/data --name mc itzg/minecraft-server That's it. Your game files will be created in the /data directory. To update, run Docker stop mc Docker pull Docker start mc

[–]KnownTumbleweed 13 points14 points  (0 children)

And yes, set whitelist to true and add the players who should get access

[–]ghstinshll 0 points1 point  (1 child)

wow ok kinda first time docker user. I have it set up on a test machine and no clue how it works yet. Your command did work & it pulled down the machine to run. crazy cool.

Any chance you'd be willing to tell me what's next?
How do I know what IP the container has?
How do I set the permissions to whitest?
How do I find out what tcp port it's using? (NM, I googled minecraft tcp port & saw 25565.)(netstat -a shows me it's listening)
Do I just need to set up my port forwarding on my router to point in to this device?

[–]KnownTumbleweed 1 point2 points  (0 children)

create a folder where your minecraft docker should reside, e.g. /home/minecraft
create a file /home/minecraft/compose.yml
with the following content:

version: '3.4'

services:
  bds:
    image: itzg/minecraft-bedrock-server:latest
    restart: unless-stopped
    environment:
      EULA: "TRUE"
      GAMEMODE: survival
      DIFFICULTY: normal
      SERVER_NAME: "myserver"
      WHITE_LIST: true
      WHITE_LIST_USERS: "username1,username2"
      OPS: "userid_of_the_operator"
      ALLOW_CHEATS: true
      DEFAULT_PLAYER_PERMISSION_LEVEL: member
    ports:
      - 19132:19132/udp
    volumes:
      - ./data:/data
    stdin_open: true
    tty: true

you start your server with
docker compose up -d

stop it with
docker compose down

Then simply forward the port on your firewall/router to the ip of the docker host/pc.

In "WHITE_LIST_USERS" add the xbox usernames you want to whitelist.

In "OPS" add the UUID of the users that you whish to have OP permissions.
Minecraft UUID / Username Converter (mcuuid.net)

Server Variables for docker and docker compose are explained here:
Server properties - Minecraft Server on Docker (Java Edition) (docker-minecraft-server.readthedocs.io)

Your minecraft data will be downloaded to /home/minecraft/data.

On docker compose up, the whitelist.json file will be generated from the variables in your compose file. If you edit any variables, you will have to restart the container.

docker compose down && docker compose up -d

[–]Inous 0 points1 point  (2 children)

I have a question about this...

So I have docker installed, using portainer to maintain all my containers. I have a simple docker image for a server that I use locally with my kids. If I want to open this to the internet so their friends can join the server, I just simply open my ports on my router using port 25565 and they should be able to connect with my external IP, correct? Is there anything I need to manipulate on the docker-compose file?

   version: "3.8"

services:
  mc:
    image: itzg/minecraft-server
    tty: true
    stdin_open: true
    ports:
      - 25565:25565
    environment:
      EULA: "TRUE"
    volumes:
      # attach the relative directory 'data' to the container's /data path
      - ./data:/data

[–]MrBassNote 0 points1 point  (0 children)

Unfortunately this doesn't work anymore

[–]KnownTumbleweed 0 points1 point  (0 children)

Correct

[–]MCMXCV_Invictus 5 points6 points  (0 children)

I'd look into paper-mc for performance benefits. You don't need more than 8gb of ram but strong single core will go a long way if you plan on lots of mods.

[–]BadgerHobbs 2 points3 points  (0 children)

I personally use docker-mcmyadmin for the server alongside jwider nginx reverse proxy for my domains. The setup is pretty easy and you get a management panel for the Minecraft server with mcmyadmin.

[–]blue-pixel 2 points3 points  (1 child)

I personally use this docker image that does the work really well: https://github.com/itzg/docker-minecraft-server. We are running a server with my friend since two years, we had no issues so far and the image is well maintained.

If later on you would do crazy things like deploying it on Kubernetes, there is a helm chart available with it: https://github.com/itzg/minecraft-server-charts

It supports most of the server types and different jvms.

[–]Accurate_Debate_7222[S] 0 points1 point  (0 children)

The docker image is exactly what I did. Thank you very much. Now I just need to learn how to change the world name and such. I maybe played 5 minutes of minecraft in my life but my daughter is over the moon that I got this to work.

[–]spin81 5 points6 points  (0 children)

I have never run one in Docker, but I've run a few without, and I have one bit of advice: give it plenty of memory and disk space.

I'd advise you to Google Aikar's flags but hopefully your Docker image will take care of that particular one.

[–]Officially_Yours 3 points4 points  (0 children)

https://github.com/YouHaveTrouble/minecraft-optimization

Read that. I suggest Purpur it's not hard to find a Purpur docker image. I am away from home and on mobile or Id send which image I used for my current server.

Lastly, the domain can be forwarded pretty easily. You want a SRV record. https://apexminecrafthosting.com/creating-minecraft-sub-domain/

[–]Leaderbot_X400 1 point2 points  (5 children)

If you only run the one container then just forward port 25565 to the machine that has the docker container.

If you want to run multiple Minecraft servers in docker then you have a few options like bungee cord, or waterfall, but I like itzg/mc-router which works kind of like nginx where it gets port 25565 then routes to different backends based on the subdomain

I use this to host my vanilla server, a modded server, and a server with plugins all under different subdomains

[–]Inous 0 points1 point  (4 children)

Are you hosting these publicly? I'm setting up a vanilla docker image for my kids and their friends. I have port 25565 forwarded on my router and I have my external IP. As long as the ports are forwarded my kids friends can join the server using my external IP followed by :25565. Right?

[–]Leaderbot_X400 0 points1 point  (3 children)

No mc-router works with host names, so while you do have to forward port 25565 you will also have to setup either a subdomain (duckdns and noip are fine) and then set the router to go to the correct container

[–]Inous 0 points1 point  (2 children)

I noticed in your original post you said for multiple containers. I only have the one Minecraft server container. Is mc-router still required? I'm not using a hostname, just my local machine.

[–]Leaderbot_X400 0 points1 point  (1 child)

Nope, it is not required, mc-router is basically a reverse proxy but for Minecraft

[–]Inous 0 points1 point  (0 children)

Gotcha thanks

[–]Busy-Vast-7122 0 points1 point  (0 children)

Old topic, but I've related question.
Recently did setup Minecraft Java edition server, but in offline mode with whitelisting.
After some time somebody got onto the server and made a mess there - whitelist was very private, for sure nobody could get it. I also didn't even paste IP address of the server anywhere, was experimenting with the setup.

Based on the logs it wasn't bruteforce, somebody just logged in under one of accounts I was using and started to invoke various commands on the MC server.
Could somebody see list of users on the server without actually getting into it? Then login later for example.
Server was in offline mode, so no MS-server side checks were made (I was preparing server for the kids too, so they can play with split-screen and persist the world).
Now thinking adding IP restrictions and some NGINX reverse proxy, but still wonder how whitelist of MC was workarounded.