Connecting to Minecraft server via TCP trhough Traefik

Hi all,

I'm trying to connect to my minecraft-server container via TCP as shown bellow:

Here is my traefik docker-compose

traefik:
  container_name: traefik
  restart: unless-stopped
  image: traefik:rocamadour
  command:
    - --log.level=INFO
  ports: #Liste les ports a exposer
    - 80:80
    - 443:443
    - 2565:25565/tcp

  volumes: #On décrit les volumes a monter dans le container
    - /var/run/docker.sock:/var/run/docker.sock
    - /home/louison/turbonas/traefik/acme.json:/acme.json
    - /home/louison/turbonas/traefik/.htpasswd:/.htpasswd
    - /home/louison/turbonas/traefik/traefik.yaml:/traefik.yaml
    - /home/louison/turbonas/traefik/traefik_dynamic.yaml:/traefik_dynamic.yaml

  environment:
    - TZ=Europe/Paris

And here is entryPoint configured:

entryPoints:
  minecraft:
    address: ':25565/tcp'

And finally here is my container:

vanilla:
  container_name: vanilla
  restart: unless-stopped
  image: itzg/minecraft-server
  volumes:
  - /home/louison/turbonas/minecraft/vanilla/data:/data
  environment:
    EULA: "true"
    DEBUG: "true"
  labels:
  - traefik.tcp.routers.vanilla.rule=HostSNI(`my.domain.fr`)
  - traefik.tcp.routers.vanilla.entrypoints=minecraft

When I try to access my container I can see using sudo tcpdump -i any -vv tcp port 25565 that some packets are incorrects:

I think that Traefik is reading or alter packets while sending them to my container.

Is there a way to configure Traefik not to read or not to alter packets?

Thanks all

P.S.: Sorry if it's not really clear, I'm a French network newbie.

As far as I know, Minecraft doesn't use TLS, so you can't use HostSNI as a rule since there is no SNI header.

Oh thanks, ok I can see my mistake now!
So since Minecraft doesn't need TLS I cannot use any rule like my.domain.fr or is it possible to configure a specific rule?

Thank you

No, you'll have to go port based. Each entrypoint = 1 route to a minecraft server. To attach a hostname to it, you want to look into SRV records (DNS); SRV records can have pointers that if you visit my.domain.fr it will look up not just the IP, but also the port for Minecraft.

That's why if you want to host multiple minecraft servers you don't really need Traefik at all, just need SRV records in DNS and that'll do the trick.

Thanks, it's much more clear.
I think I will go without Traefik for Minecraft for now.

Have a nice day !

You seem to have a typo on the docker-compose file

And you don't have to use TLS for TCP routing with Traefik.
You can use the HostSNI(`*`) matcher special case for this.

Here's how I would do it
version: '3.9'

services:
  traefik:
    image: traefik:v2.7
    command:
      - --providers.docker
      - --entrypoints.minecraft.address=:25565
    ports:
      - 25565:25565/tcp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  vanilla:
    container_name: vanilla
    restart: unless-stopped
    image: itzg/minecraft-server
    volumes:
      - ./data:/data
    environment:
      EULA: "true"
      DEBUG: "true"
    labels:
      - traefik.tcp.routers.vanilla.rule=HostSNI(`*`)
      - traefik.tcp.routers.vanilla.entrypoints=minecraft