Caution
This is a technical guide and not for the faint of heart. You WILL run into issues while setting the system up. It is more of a proof of concept than a viable solution for the average user
Make dynmap available on exaroton
-
a cheapo vps that can run 24/7 with an open ip address
-
optional but good to have: a domain
-
basic webserver/linux/shell knowledge
# dynmap-tunnel-user can be whatever you want
sudo adduser --disabled-password --shell /usr/sbin/nologin dynmap-tunnel-user
...
Changing the user information for dynmap-tunnel-user
Enter the new value, or press ENTER for the default
Full Name []: Dynmap Tunnel
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] YSet up .ssh
sudo mkdir -p /home/dynmap-tunnel-user/.ssh
sudo touch /home/dynmap-tunnel-user/.ssh/authorized_keys
sudo chown -R dynmap-tunnel-user:dynmap-tunnel-user /home/dynmap-tunnel-user/.ssh
sudo chmod 700 /home/dynmap-tunnel-user/.ssh
sudo chmod 600 /home/dynmap-tunnel-user/.ssh/authorized_keysGenerate key pair (you can do this on your computer as well)
# to conveniently store files
sudo -u dynmap-tunnel-user ssh-keygen -N ""
# or just
ssh-keygen -N ""Put publickey in authorized_keys
cat id_rsa.pub >> authorized_keysPrepare private key by saving it onto your computer
Disable the tunnel user from doing anything else (security measure)
#/etc/ssh/sshd_config
# Put this at the end of the file
Match User dynmap-tunnel-user
ForceCommand /bin/false
AllowTcpForwarding yes
PermitOpen localhost:8123
Reload sshd config
Test if the configuration works by running this command
ssh -v USERNAME@HOST -i PRIVATEKEYFILEFirst, check if authentication works by checking for these lines
Authenticated to example.com ([host ip]:22) using "publickey".
/usr/sbin/nologin: No such file or directory
These means that ssh tunnel can be made but cannot use shell.
There are more security measures that prevents damages when host machine is compromised (e.g. dns attack) but I won't cover that in this guide
Either of these work (install only one)
https://github.com/MCSunnySide/PortForwarding
I rewrote the top plugin (credits to MCSunnySide) to support multiple hosts
https://github.com/nopeless/mc-reverse-proxy/
Configure it like so (follow the readmes in the repositories or just read config.yml in resources directory):
ssh-host: 1.1.1.1
ssh-usr: root
ssh-pwd: 12345 #"" for disable
ssh-port: 22
private-key: /path #"" for disable
passphrase: somepassword #For private key, "" for disable
rules:
- "8123:8123"# mc-reverse-proxy
remotes:
somehost:
host: sh.example.com
user: dynmap-tunnel-user
private-key: id_rsa
local-port: 8123
remote-port: 8123Make sure these tunnels are up and running
Install dynamp normally. Nothing else needs to be done
After install, check if 8123 is properly tunneled
curl http://localhost:8123
It should give you some html output if it works
configure ufw
# Opens port 8123
sudo ufw allow 8123[!NOTE] Depending on your configuration (cloudflare, nginx, apache etc) you may need to configure more things, obviously
If you made it this far, congrats! Here are some extra things to consider
- Exaroton has rather small storage, and dynmap can take up a lot of space. Make sure to tweak configs and stuff
- You can offload the database and website to the vps, but this takes more configuration. Depending on your situation, maybe look into it