This guide will work for any game server, not just Minecraft. All it does is proxy traffic on a specific port. You just have to change Minecraft’s port 25565 to whichever port your game server runs on.
How Does This Work?
Let’s say you want to host a Minecraft server and have it open to the internet. It’s not that hard to run one. They’re easy to install, only use one processing thread, and even the heavily modded servers don’t take more than 2 to 3 GB of RAM with a few players online. You could easily run a server on an old laptop or in the background on your desktop computer rather than paying someone else to host it for you.
But for people to connect to it, you have to give out your IP address. This presents a few problems. It’s a major security risk, especially if your router still has the default admin password. It also leaves you open to distributed denial-of-service (DDOS) attacks, which would not only stop your Minecraft server but could shut off your internet, as well, until the attack subsides.
Say someone wants to connect to your server, so she types the IP address of your AWS proxy into her Minecraft client. A packet is sent to the proxy on port 25565 (Minecraft’s default port). The proxy is configured to match port 25565 traffic and forward it to your home router. This happens behind the scenes—the person connecting doesn’t even know.
Your home router must then be port-forwarded to forward the connection further to your actual PC. Your PC runs the server and responds to the client’s packet. It forwards it back to the proxy, and then the proxy rewrites the packet to make it look like the proxy is the one responding. The client has no idea this is happening and simply thinks the proxy is the system running the server.
To handle the proxying, you use a utility called sslh. It’s intended for protocol multiplexing; if you wanted to run SSH (usually port 22) and HTTPS (port 443) on the same port, you’d run into issues. sslh sits in front and redirects ports to the intended applications, solving this problem. But it does this at the transport layer level, just like a router. This means we can match Minecraft traffic and forward it to your home server. sslh is, by default, nontransparent, which means it rewrites packets to hide your home IP address. This makes it impossible for anyone to sniff it out with something like Wireshark.
Create and Connect to a New VPS
To get started, you have set up the proxy server. This is definitely easier to do if you have some Linux experience, but it isn’t required.
AWS does charge a bit for bandwidth. You get 1 GB free, but you’re taxed $0.09 per GB for anything over that. Realistically, you probably won’t go over this, but keep an eye on it if you see a 20-cent charge on your bill.
After you create your account, search for “EC2.” This is AWS’s virtual server platform. You might have to wait a bit for AWS to enable EC2 for your new account.
From the “Instances” tab, select “Launch Instance” to bring up the launch wizard.
Select “Review and Launch.” On the next page, select “Launch,” and you see the dialog box below. Click “Create a New Key Pair,” and then click “Download Key Pair.” This is your access key to the instance, so don’t lose it—place it in your Documents folder for safekeeping. After it downloads, click “Launch Instances.”
You’re brought back to the instances page. Look for your instance’s IPv4 Public IP, which is the address of the server. If you’d like, you can set up an AWS Elastic IP (which won’t change across reboots), or even a free domain name with dot.tk, if you don’t want to keep coming back to this page to find the address.
Save the address for later. First, you need to edit the instance’s firewall to open port 25565. From the Security Groups tab, select the group your instance is using (probably launch-wizard-1), and then click “Edit.”
Add a new Custom TCP rule and set the port range to 25565. The source should be set to “Anywhere,” or 0.0.0.0/0.
Save the changes, and the firewall updates.
We’re now going to SSH into the server to set up the proxy; if you’re on macOS/Linux, you can open up your terminal. If you’re on Windows, you have to use an SSH client, like PuTTY or install the Windows Subsystem for Linux. We recommend the latter, as it’s more consistent.
The first thing you should do is cd to your documents folder where the keyfile is:
If you’re using Windows Subsystem for Linux, your C drive is located at /mnt/c/, and you have to cd down to your documents folder:
Use the -i flag to tell SSH you want to use the keyfile to connect. The file has a .pem extension signifying that it is a PEM file, so you should include that:
Replace “0.0.0.0” with your IP address. If you made an Ubuntu server rather than AWS Linux, connect as user “ubuntu.”
You should be granted access and see your command prompt change to the server’s prompt.
RELATED: What Is a PEM File and How Do You Use It?
Configure SSLH
You want to install sslh from the package manager. For AWS Linux, that would be yum, for Ubuntu, you use apt-get. You might have to add the EPEL repository on AWS Linux:
Once it’s installed, open the config file with nano:
Change the RUN= parameter to “yes”:
Below the final DAEMON line, type the following:
Replace “your_ip_address” with your home IP address. If you don’t know your IP, search “what is my IP address?” on Google—yes, seriously.
This configuration makes the sslh proxy listen on all network devices on port 25565. Replace this with a different port number if your Minecraft client uses something different, or you play a different game. Usually, with sslh, you match different protocols and route them to different places. For our purposes, though, we simply want to match all possible traffic and forward it to your_ip_address:25565.
Press Control+X, and then Y to save the file. Type the following to enable sslh:
If systemctl isn’t available on your system, you might have to use the service command instead.
sslh should now be running. Make sure your home router is port forwarding and sending 25565 traffic to your computer. You might want to give your computer a static IP address so this doesn’t change.
To see if people can access your server, type the proxy’s IP address into an online status checker. You can also type your proxy’s IP into your Minecraft client and try to join. If it doesn’t work, make sure the ports are open in your instance’s Security Groups.
