What are Game Server best practices?

[Spoonikle]

I have been curious about the game server dockers available in the Community apps plug-in.

I was wondering what kind of steps should I take to harden UnRaid sufficiently and securely expose a docker container to the internet?

[itimpi]

11 hours ago, Spoonikle said:

I have been curious about the game server dockers available in the Community apps plug-in.

I was wondering what kind of steps should I take to harden UnRaid sufficiently and securely expose a docker container to the internet?

That is the wrong question   It is the container that will be exposed so you need to determine from the container developer how hardened the container is.   To some extent you will be protected if you only give the container limited access to your server in the path mapping.

[Spoonikle]

Then mapping the container to a second interface and putting it in a VLAN should be sufficent, as long as the container is secure - Uraid is safe behind it?

[dubbly]

What are the benefits of doing this and how do you do that?

Edited April 17, 2020 by dubbly

[bonienl]

On 1/27/2020 at 6:53 PM, Spoonikle said:

Then mapping the container to a second interface and putting it in a VLAN should be sufficent, as long as the container is secure - Uraid is safe behind it?

When you assign a docker container to a custom (macvlan) network, it will not be able to talk to the host. In other words it has already network isolation.

 

You may put containers in a dedicated network, but from a security point of view this doesn't make much difference other than additional control you get with your router to set specific rules for the container communication.