How to reverse proxy a Minecraft Bedrock server?

I am very new to Traefik but got a bunch of stuff that I want internet facing working over the past few days. I have all the https redirects, and whitelists and it's working great for website based programs (Emby, Nextcloud, Portainer, Traefik web interface, etc).

I spent most of the day trying to put a Minecraft Bedrock server behind the proxy though and am not having much luck. I am to the point that the server shows up as available within my LAN and I can connect that way from the "friends list" in the game but I am unable to use any sort of web address with it to make the connection. The documentation all says the server uses UDP 19132 but the LAN server doesn't show up in the game unless I have a TCP and UDP entry point on that port:

traefik.yml:

entryPoints:
http:
address: ":80"
https:
address: ":443"
tcpminecraft:
address: ":19132"
udpminecraft:
address: ":19132/udp"

I do not have to expose tcp port 19132 in the traefik docker-compose though:

ports:

  • 80
  • 443:443
    \ # - 19132:19132
  • "19132:19132/udp"`

This is where I have gotten to with my Minecraft docker-compose: version: '3'services: minecraft: image: toasterlint/minecraft_bedroc - Pastebin.com

I see that the verified cert is being pulled for the domain in acme.json but I have no idea if that is necessary for this app. I don't know if "traefik.http.routers.minecraft.rule=Host(example.duckdns.org)" is correct for that line as I am not making an HTTP connection but without it the server doesn't show up as available in the LAN.

"traefik.http.routers.minecraft.entrypoints=udpminecraft" throws some errors about not being a valid entry point and I have tried it as a udp and tcp.router with no success either.

Anyway, I know I am not understanding all the in/outs of the the program yet and I figured that after 8 hours or so of plugging away at this I should turn to the experts.

This is some other useful info from the traefik compose:

image: traefik:chevrotin
networks:
  - proxy

Thanks!

Hi,

I guess the simplest way to serve a bedrock server via Traefik is not to fiddle with HTTP routers or any TCP things. The Bedrock server works purely over UDP and configuring a UDP router and service is sufficient. My configuration looks like follows:

traefik.yml

providers:
  docker: {}

entryPoints:
  bedrock:
    address: ":19132/udp"

docker-compose.yml

services:
  traefik:
    image: traefik:2.2
    container_name: traefik
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    ports:
      - 19132:19132/udp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.yml:/traefik.yml

  bedrock:
    image: itzg/minecraft-bedrock-server
    container_name: bedrock
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    stdin_open: true
    tty: true
    environment:
      - EULA=true
      - VERSION=1.16
      - SERVER_NAME=Bedrock Server
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - bedrock:/data
    labels:
      - "traefik.udp.routers.bedrock.entrypoints=bedrock"
      - "traefik.udp.routers.bedrock.service=bedrock"
      - "traefik.udp.services.bedrock.loadbalancer.server.port=19132"

volumes:
  bedrock: {}

I hope this helps you. Feel free to ask questions about the configuration if you like.

1 Like

Okay, there seems to be more to this. My described configuration from above seems to work, but after connecting to the server it behaves strangely.

Block breaking animation is missing. Broken blocks are not dropped for collection. And some other weird stuff.

It seems there are some data packets missing in the connection...

Thanks for following up. when I get some time over the next few weeks, I will mess around with the things you posted and see if I get the same issues or not.

1 Like

One thing I was just thinking of, that although the docs state Bedrock uses ONLY UDP, I get issues with outside connections if I don't have both UDP and TCP punched through my router's firewall on port 19132. I have spoken with others that need to do the same so I wonder if that issue is in play here.

I have configured my iptables for only allowing 19132/udp. So there should be no TCP traffic on that port. I'm running my Bedrock server without Traefik for a while now without any problems using the below configuration:

services:
  bedrock:
    image: itzg/minecraft-bedrock-server
    container_name: bedrock
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    stdin_open: true
    tty: true
    ports:
      - 19132:19132/udp
    environment:
      - EULA=true
      - VERSION=1.16
      - SERVER_NAME=Bedrock Server
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - bedrock:/data
    labels:
      - "traefik.enable=false"

volumes:
  bedrock: {}

As of right now, I'm actually playing with this configuration.

Yours looks similar-ish to mine with no reverse proxy in front at the moment:

minecraftbe:
    image: toasterlint/minecraft_bedrock:latest
    container_name: minecraftbe
    stdin_open: true
    tty: true
    volumes:
      - "$USERDIR/docker/minecraftbe:/bedrock-server/config"
      - "$USERDIR/docker/minecraftbe/worlds:/bedrock-server/worlds"
      - "$USERDIR/docker/minecraftbe/valid_known_packs.json:/bedrock-server/valid_known_packs.json"
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    network_mode: host
    restart: unless-stopped

It also works fine just connecting to the DNS name and the port after it but I thought it would be cool to be able to direct any traffic to minecraft.<domain>.com to the correct server on UDP port 19132 without needing to specify the port or have it open on the firewall.

I reconfigured my Traefik to proxy both protocols TCP and UDP to the service and checked my firewall settings. Still no luck. I'm having the same problems as described above. Here's the configuration:

services:
  traefik:
    image: traefik:2.2
    command: >
      --providers.docker=true
      --entryPoints.bedrock-tcp.address=:19132/tcp
      --entryPoints.bedrock-udp.address=:19132/udp
    container_name: traefik
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    ports:
      - 19132:19132/tcp
      - 19132:19132/udp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  bedrock:
    image: itzg/minecraft-bedrock-server
    container_name: bedrock
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    stdin_open: true
    tty: true
    environment:
      - EULA=true
      - VERSION=1.16
      - SERVER_NAME=Bedrock Server
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - bedrock:/data
    labels:
      - "traefik.udp.routers.bedrock.entrypoints=bedrock-udp"
      - "traefik.udp.routers.bedrock.service=bedrock"
      - "traefik.udp.services.bedrock.loadbalancer.server.port=19132"
      - "traefik.tcp.routers.bedrock.entrypoints=bedrock-tcp"
      - "traefik.tcp.routers.bedrock.service=bedrock"
      - "traefik.tcp.services.bedrock.loadbalancer.server.port=19132"
      - "traefik.tcp.routers.bedrock.rule=HostSNI(`*`)"

volumes:
  bedrock: {}

I've tried again with Traefik 2.3.0-rc4. It's now finally working. I attached the configuration below.

version: '3'

services:
  traefik:
    image: traefik:2.3
    command: >
      --providers.docker=true
      --entryPoints.bedrock.address=:19132/udp
    container_name: traefik
    restart: always
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    ports:
      - 19132:19132/udp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  bedrock:
    image: itzg/minecraft-bedrock-server
    container_name: bedrock
    restart: always
    stdin_open: true
    tty: true
    logging:
      options:
        max-size: "8m"
        max-file: "10"
    stdin_open: true
    tty: true
    environment:
      - EULA=true
      - VERSION=LATEST
      - SERVER_NAME=Bedrock Server
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - bedrock:/data
    labels:
      - "traefik.udp.routers.bedrock.entrypoints=bedrock"
      - "traefik.udp.routers.bedrock.service=bedrock"
      - "traefik.udp.services.bedrock.loadbalancer.server.port=19132"

volumes:
  bedrock: {}

Please enjoy!

Hi there. Thanks for the follow-up. I think I got it working after following your lead here but I am not really understanding the benefit to it in practice as it is just routing anything bound for the minecraft server (defined by port 19132) to Traefik and then passing it on to the minecraft server. Traefik is just acting as a middleman but it's still required to hit any domain that points to the public IP and specify port 19132, right?

It's a cool feature but I am not sure if I am understanding any benefit to it in this particular case. I still need to have 19132 open on my firewall as far as I know.

Hi,

My whole idea is, to only have Traefik facing the outside world of the internet. Therefore I try to put all my services behind it.

At first this gives me a reliable configuration and second I can view the status of all services in Treafik‘s dashboard.