[Support] ich777 - Gameserver Dockers

[andrew444]

A bit confused setting up the palworld image. I stopped the docker image, set the port to 111 for the udp1 port for the image and in my router's ip forward setting. Made sure the PalWorldSettings.ini in the docker image has the same port and ip as my router rule. Network type is bridged. I can ping the ip address for the server but can't connect. Is there a network setting I'm missing?

[ich777]

3 hours ago, andrew444 said:

Is there a network setting I'm missing?

Please look at this post:

 

3 hours ago, andrew444 said:

set the port to 111 for the udp1 port for the image

EDIT: You mean you deleted the old port entry and created a new one correct?

[ich777]

6 hours ago, CaphalorAlb said:

but i'd like to be able to directly access it

Not possible with my container, it was never designed to be accessible directly, you can either connect to it through RCON (maybe with my plugin) or directly through the game itself.

[Nirin]

I'm curious... what is the point of this? 

From my (completely uneducated) understanding, this runs a steamCMD dedicated server for X game on your local hardware. Which is fine... but why bother, when you can just play on the steam servers (which would likely be a better experience, unless your home setup is $$$$$) ...

I'm sure I'm missing some killer feature, I'm just not seeing it (and so am hoping to get educated!)

[ich777]

22 minutes ago, Nirin said:

I'm curious... what is the point of this? 

Dedicated game servers in general?

 

22 minutes ago, Nirin said:

Which is fine... but why bother, when you can just play on the steam servers

This is true for most games but not for all because not every developer provides their own dedicated public servers <- so to speak no official servers provided by the developers (don't quote me on that but games that came into mind are Astroneer & Valheim).

 

Sure you can host it locally yourself on your PC and invite friends but what if your friends want to play when you got no time to start your PC because real life... that's where such a dedicated server come into play. Your friends can basically join whenever they want.

 

There is also the risk, if we are talking about a survival game, if the server owner wipes the save without you knowing and probably ruined hours/days/weeks of gameplay.

 

22 minutes ago, Nirin said:

which would likely be a better experience, unless your home setup is $$$$$

This also depends in my opinion, sure for Palworld you need plenty of RAM and a good CPU since it seems like the game is not really optimized but for something like Astroneer or CounterStrike2 you don't need that much hardware and the experience can be better or on par on a server that you have at home since most hosting providers also run consumer hardware or even share resources for your game server with other people.

Of course you can customize it how you like it. It's basically yours and you can do whatever you want with it without any fees (besides that what you pay for electricity, Internet,... to run your server).

 

22 minutes ago, Nirin said:

I'm sure I'm missing some killer feature

Depends, for some people it's a feature to own their data and that they know the are in control, for some people it's a feature to run multiple dedicated game servers on their server because it is cheaper than running multiple game servers on a hosting provider, setting up clusters for ARK for example where you can travel between worlds and so on, run mods that need their on specific extra port to view the map in real time and so on...

 

Of course not for everyone everything listed is a feature, it always depends and if you don't want to run a game server that's also fine.

[zan335]

Hello! I am back again, thank you again previously @ich777 for helping me solve my dilemma with palworld and terraria. I have a new question to ask, which is sadly more ambiguous due to the nature of the question as there isn't to much I can get specific with (unless you of course know anything else that I could provide, I gladly would as I am still not knowledgeable into dockers yet). Could your dockers for example like terraria or palworld, essentially your game server dockers in general, be used with a "vpn/vps" so that the public ip I give is the one provided said "vpn/vps" like 876.543.21 then my "actual public ip" like 123.456.78

[zan335]

3 minutes ago, zan335 said:

Hello! I am back again, thank you again previously @ich777 for helping me solve my dilemma with palworld and terraria. I have a new question to ask, which is sadly more ambiguous due to the nature of the question as there isn't to much I can get specific with (unless you of course know anything else that I could provide, I gladly would as I am still not knowledgeable into dockers yet). Could your dockers for example like terraria or palworld, essentially your game server dockers in general, be used with a "vpn/vps" so that the public ip I give is the one provided said "vpn/vps" like 876.543.21 then my "actual public ip" like 123.456.78

The reason I am doing this is because while I do have the servers up and running, they are of course using my public ip which again, makes sense cause how else would you host right? (atleast to my knowledge). However, one of my friends would like to invite his friends to the server, and while I perfectly trust my friend, I don't really know his friends, which is why I would like to essentially mask my public ip for something else, hence why the question of using a vpn/vps service came into mind, but I don't know of other dockers or commands that would allow me to this with your docker, or even if your docker would allow for such tampering in the first place. 

[ich777]

36 minutes ago, zan335 said:

Could your dockers for example like terraria or palworld, essentially your game server dockers in general, be used with a "vpn/vps" so that the public ip I give is the one provided said "vpn/vps" like 876.543.21 then my "actual public ip" like 123.456.78

Yes why not?

 

31 minutes ago, zan335 said:

which is why I would like to essentially mask my public ip for something else, hence why the question of using a vpn/vps service came into mind, but I don't know of other dockers or commands that would allow me to this with your docker, or even if your docker would allow for such tampering in the first place. 

Sure there are multiple ways to do that but this is out of scope for this thread, but here are a few examples:

• VPN: VPN provider that provides you a (semi-)static public IP and that allows ports to be opened, I think there are providers out there which support that but I'm not too sure about that.
  Then you have to set up a VPN container which is basically the gateway for all the containers that you want to "protect" and that you have to route through that VPN container (you can look for example into my OpenVPN container, it should be even possible through Wireguard).
• VPS: You can do this in two different ways:
  - The first more complicated way is to set up a revers SSH tunnel that you tunnel through the TCP and UDP ports <- the latter can be quite complicated
  - The second more easy way is to run the container directly on the VPS.

Don't focus too much on game servers when doing your research, there are a few posts already in the forums for http and https traffic and how to route counter traffic through a VPN.

 

I assume there are also other ways to do that but these are the ones that I can think of.

 

BTW if you are not comfortable sharing your IP, I'm not really sure if it wouldn't be better to not host game servers on your server, you know that there are third party server browsers for available games out there (even if you specified to not list them eg Palworld) that would list your server too even with your public IP.

Try to search your servername there, I'm sure you'll find it including your public IP.

Please keep in mind, as you start to host something (not only limited to game servers), your public IP will be public available somewhere, be it on Google through their search engine or whatever.

[Nirin]

47 minutes ago, ich777 said:

Dedicated game servers in general?

 

Ahh yeh sorry, ambiguously worded I guess. I meant self-hosted game servers. Or, more specifically, self-hosting a server when there are free dedicated servers available on steam (I know several games that no longer have public servers, so having the ability to spin up a private server for those is of course very important). 

 

 

47 minutes ago, ich777 said:

 

This is true for most games but not for all because not every developer provides their own dedicated public servers <- so to speak no official servers provided by the developers (don't quote me on that but games that came into mind are Astroneer & Valheim).

 

Sure you can host it locally yourself on your PC and invite friends but what if your friends want to play when you got no time to start your PC because real life... that's where such a dedicated server come into play. Your friends can basically join whenever they want.

 

Good point. I personal have run a Minecraft server, so that people could log in even when I wasn't around. I just didn't think a lot of the listed games had that kind of persistence (however I am only familiar with a handful!). 

I also thought that the games with persistence (like Valheim, I believe?) saved your progress locally... but I may be totally wrong on that!

 

47 minutes ago, ich777 said:

There is also the risk, if we are talking about a survival game, if the server owner wipes the save without you knowing and probably ruined hours/days/weeks of gameplay.

 

This also depends in my opinion, sure for Palworld you need plenty of RAM and a good CPU since it seems like the game is not really optimized but for something like Astroneer or CounterStrike2 you don't need that much hardware and the experience can be better or on par on a server that you have at home since most hosting providers also run consumer hardware or even share resources for your game server with other people.

Of course you can customize it how you like it. It's basically yours and you can do whatever you want with it without any fees (besides that what you pay for electricity, Internet,... to run your server).

 

Depends, for some people it's a feature to own their data and that they know the are in control, for some people it's a feature to run multiple dedicated game servers on their server because it is cheaper than running multiple game servers on a hosting provider, setting up clusters for ARK for example where you can travel between worlds and so on, run mods that need their on specific extra port to view the map in real time and so on...

 

Of course not for everyone everything listed is a feature, it always depends and if you don't want to run a game server that's also fine.

 

Thanks, I'll be keeping an eye on this list and seeing what games might take my game-groups fancy. Thanks again for the reply!

[i ii]

On 2/12/2024 at 4:58 AM, ich777 said:

This is your issue.

 

1. Stop the container
2. Edit the configuration file
3. Start the container

 

If you are editing the file when the container is running and simply restart the container then you changes will be discarded.

Many thanks, the issue has been resolved!

 

Would you mind me to ask that, is there any thoughts on the Scum container release?

[ich777]

7 minutes ago, Nirin said:

I also thought that the games with persistence (like Valheim, I believe?) saved your progress locally...

I'm not 100% sure, they changed that didn't they? Even if they didn't change that, the world state and everything in the chests and everything that you've built is saved on the server. But Valheim is a exception, usually player data is also stored on the server and not the client <- for security measurements like cheating and so on.

 

8 minutes ago, Nirin said:

but I may be totally wrong on that!

Not at all, there might be games that are saved locally but most save the states from the players on the server like: Palworld, Minecraft, Sons of the Forest, The Forest,... (these are the ones that came first into mind).

 

10 minutes ago, Nirin said:

Thanks, I'll be keeping an eye on this list and seeing what games might take my game-groups fancy.

Usually Minecraft is pretty easy to run, you only need a good single core performance CPU since it is not very good with using multiple threads and if the world needs to be generated it can be a quite large performance hit since this is quite heavy on the CPU however if players only building like you would do it normally in Minecraft the performance hit will be negligible, of course always depens on how many players are on the server if really complicated Redstone circuits are set up and so on...

 

You can always try and see how it goes, but expect some game servers to need quite some RAM.

 

Hope that helps.

[ich777]

5 minutes ago, i ii said:

Would you mind me to ask that, is there any thoughts on the Scum container release?

Sorry but I don't accept any container requests anymore since I have now almost 200 applications in the CA App and I can't maintain more, however there are other community developers out there which continue my work with game server like @Nodiaque & @Jamxx maybe one of them can help.

[i ii]

6 minutes ago, ich777 said:

Sorry but I don't accept any container requests anymore since I have now almost 200 applications in the CA App and I can't maintain more, however there are other community developers out there which continue my work with game server like @Nodiaque & @Jamxx maybe one of them can help.

You've done more than enough already.

Many thanks for palworld container release!

Many thanks for the happiness that your effort takes to my friends and I!

[dlchamp]

7 hours ago, zan335 said:

 while I perfectly trust my friend, I don't really know his friends, which is why I would like to essentially mask my public ip

honestly, this is kinda.. pointless.

Your public IP isn't some secret identifier.  Every website you visit logs it.  Every botnet in the world is scanning random IPs and ports constantly and yours is one of them.   As long as you don't have unnecessary ports open and are not hosting some severely out of date or insecure service on those ports, you're fine 99.99% of the time.

Could someone identify your ISP?  Sure.
Could they identify where in the world you might be?  Also, yep.
Can they pinpoint the city, address, or any identifying information about you?  Not a chance.

best they could do is figure out within maybe 50-100 miles of where you might be, and that varies greatly by which DC you're connected to and how close to it you are.

 

[Spectral Force]

26 minutes ago, dlchamp said:

Could someone identify your ISP?  Sure.
Could they identify where in the world you might be?  Also, yep.
Can they pinpoint the city, address, or any identifying information about you?  Not a chance.

 

But they do this on the tv.... 🤣🤣

[JonathanM]

26 minutes ago, dlchamp said:

Can they pinpoint the city, address, or any identifying information about you?  Not a chance.

Depends if "they" includes law enforcement or a civil court with subpoena powers.

[ich777]

2 minutes ago, JonathanM said:

Depends if "they" includes law enforcement or a civil court with subpoena powers.

I also beleive Google geolocation service can do that too if they really want to they cpuld map the public IP that your WIFI is on and the location data from your phone.

If course these are all assumptions. 😂

[Beryllium]

Hey 

Has anyone managed to get the Palworld server running via reverse proxy? 

Or seen any weird access through the palworld port? 
I am not sure if there is any security implication by exposing my Port to the public? 

Thanks for any help or suggestions. 

[ich777]

20 minutes ago, Beryllium said:

Has anyone managed to get the Palworld server running via reverse proxy? 

This was discussed a few times. Why would you do that? This will complicate your setup very much since you have to use streaming ports, it will maybe work but I can't guarantee it and it is not worth the effort/time in my opinion and you have to expose a port anyways, even if you do it through a reverse proxy.

 

Please keep in mind that game servers most of the times use their own protocol and are not answering to http and https requests as like a reverse proxy is intended to do.

 

If you simply try to reverse proxy the dedicated server (like Plex or some other web application) the client can't understand what the Server is trying to say because these are completely different protocols.

Imagine it that way that you have two people that are trying to talk to each other (one is the server and one the client), both of them speak English natively and you now introduce a third person as a translator (the reverse proxy) that speaks German to translate between those two native English speaking people, I hope this makes it a bit more clear what a reverse proxy does for a game server (at least most of the game servers).

 

20 minutes ago, Beryllium said:

Or seen any weird access through the palworld port? 

What do you mean with that?

 

20 minutes ago, Beryllium said:

I am not sure if there is any security implication by exposing my Port to the public? 

My containers all run the dedicated servers inside with lower privileges and it should not be a security implication.

 

As a final word, I would not recommend even trying to reverse proxy a game server with streaming ports since this over complicates the setup and you will most likely run into trouble, just forward the port that is specified in the template and you are good to go.

[Beryllium]

46 minutes ago, ich777 said:

This was discussed a few times. Why would you do that? This will complicate your setup very much since you have to use streaming ports, it will maybe work but I can't guarantee it and it is not worth the effort/time in my opinion and you have to expose a port anyways, even if you do it through a reverse proxy.

 

Please keep in mind that game servers most of the times use their own protocol and are not answering to http and https requests as like a reverse proxy is intended to do.

 

If you simply try to reverse proxy the dedicated server (like Plex or some other web application) the client can't understand what the Server is trying to say because these are completely different protocols.

Imagine it that way that you have two people that are trying to talk to each other (one is the server and one the client), both of them speak English natively and you now introduce a third person as a translator (the reverse proxy) that speaks German to translate between those two native English speaking people, I hope this makes it a bit more clear what a reverse proxy does for a game server (at least most of the game servers).

 

What do you mean with that?

 

My containers all run the dedicated servers inside with lower privileges and it should not be a security implication.

 

As a final word, I would not recommend even trying to reverse proxy a game server with streaming ports since this over complicates the setup and you will most likely run into trouble, just forward the port that is specified in the template and you are good to go.

Thanks a lot! 

I was just recently hacked and wanted to minimize the attack vector. Instead of giving the IP out, I will add a CNAME in Cloudflare with DNS only and then the can manually add the port at the end of the URL. I just wanted to check with someone

The docker does not have privileged permissions. 

I initially tried it with the cloudflare tunnel service, since it would still just connect normally, but it seems Palworld can't resolve URLs without a port. 

[Mainfrezzer]

6 minutes ago, Beryllium said:

Instead of giving the IP out, I will add a CNAME in Cloudflare with DNS only and then the can manually add the port at the end of the URL.

Youre still handing an IP out, lol.

[Kilrah]

10 minutes ago, Beryllium said:

Instead of giving the IP out, I will add a CNAME in Cloudflare with DNS only and then the can manually add the port at the end of the URL

It's entirely useless since the domain is the IP and just "ping domainname" will give it.

Edited February 15 by Kilrah

[ich777]

16 minutes ago, Beryllium said:

The docker does not have privileged permissions. 

Non of my containers are running privileged (at least that I can think of) because it's most of the times not needed anyways.

 

16 minutes ago, Beryllium said:

I was just recently hacked

Really, how did that happen? Do you know through what service/container/whatever you where hacked? Social Engineering,...?

 

16 minutes ago, Beryllium said:

Instead of giving the IP out, I will add a CNAME in Cloudflare with DNS only and then the can manually add the port at the end of the URL. I just wanted to check with someone

Yes, but as @Mainfrezzer & @Kilrah already pointed out DNS resolution will return you public IP.

 

16 minutes ago, Beryllium said:

I initially tried it with the cloudflare tunnel service, since it would still just connect normally, but it seems Palworld can't resolve URLs without a port. 

I think Couldflare has also a paid tier where you can entirely hide your IP and tunnel it through their servers so only the IP from Cloudflare is shown but you then have to forward the ports in the Cloudflare Admin Panel and as said, that's a paid option AFAIK and I don't think that's cheap.

[Beryllium]

hahahaha 
yeah very true. Just a bit paranoid. I mean I am aware that the URL just resolves the IP, but maybe I could bypass the most basic script kiddies hahaha  Thanks @Mainfrezzer @Kilrah @ich777

I think its more malware on my personal machine. It seems like a cookie session hijack. since the accounts that were hacked had to common email or password. 

Alright, then I will just do it normally and keep an eye on it. Since its only dedicated friends I wanted to whitelist their IPs, but theirs rotate every 24 hours. 

Thanks for all the help! 
 

4 minutes ago, ich777 said:

Non of my containers are running privileged (at least that I can think of) because it's most of the times not needed anyways.

 

Really, how did that happen? Do you know through what service/container/whatever you where hacked? Social Engineering,...?

 

Yes, but as @Mainfrezzer & @Kilrah already pointed out DNS resolution will return you public IP.

 

I think Couldflare has also a paid tier where you can entirely hide your IP and tunnel it though their servers and so only the IP from Cloudflare is shown but you then have to forward the ports in the Cloudflare Admin Panel and as said, that's a paid option AFAIK.

 

Will need to look into this. If its not too expensive this may sound like a good option. 

[Mainfrezzer]

2 minutes ago, Beryllium said:

 

Will need to look into this. If its not too expensive this may sound like a good option. 

Alternatively and given that you do know how to do it, you can just rent any cheap vps and put a wireguard server on it and tunnel your gameservers through that. Only real usefulness would be the static ip. 

If you really wanna be paranoid level secure, tailscale would be an option to connect you and your friends with your gameserver.