Help with hosting multiple sites

[GameWarrior]

Hey, I am trying to host a minecraft server for which the control panel is on port - 8443, analytics panel is on 8804 and the server map is on 8123, what I want to is use subdomains as follows - 
                          crafty.riftcraftmc.com   - publicip:8443
                     analytics.riftcraftmc.com   - publicip:8804
                             map.riftcraftmc.com   - publicip:8123

 

Domain Service - Google Domains

 

I have - done port forwarding using UPNP

           - Ubuntu LTS Installed

           - 500Mbps Internet Connection

           - tried Nginx but it showed some errors and I didn't touch nginx since

 

I would like someone to guide me on how to do it with either Nginx or any simpler alternative, it would be very helpful.

Thanks in advance!

[Eigenvektor]

30 minutes ago, GameWarrior said:

           - tried Nginx but it showed some errors and I didn't touch nginx since

Define "some errors".

 

1. Is the domain on Google Domains a wildcard domain —or— do you have entries for the subdomains on there so that they actually resolve to your public IP?
2. Is your public IP static?

Note that host names resolve to IP addresses only, they do not resolve to IP + port. So your users will still need to enter the port manually. The port is only optional if it is the default port for whatever protocol you're using.

 

For example if you go to https://linustechtips.com, this works, because the default port for HTTPS is 443, so there's no need to write https://linustechtips.com:443 in the address bar.

 

If you have subdomains then technically you don't need different ports (for the same protocol) and if you have different ports, there's no real need for subdomains. nginx is generally used as a reverse proxy for HTTP, which Minecraft doesn't talk. Nor is there any real need for a reverse proxy in your scenario.

 

The easiest option would likely be:

Add three DNS entries on Google domains, so that crafty, analytics and map all resolve to your public IP

Add port forwarding for the ports 8443, 8804 and 8123 on your router, so all three ports are forwarded to the Ubuntu machine

 

Since ports are not part of DNS, technically your users will be able to connect to any service using any host name, by appending the appropriate port

 

If you want to host multiple HTTP services, then generally for nginx, you'd configure it like this:

 

server {
    listen 0.0.0.0:80 default;
    listen [::]:80;
    server_name crafty.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name analytics.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name map.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

Note that only one of them is "default". If you want HTTPS then you need some additional entries (and you'll also need SSL certificates, ideally valid ones)

 

With this setup you can connect using http://<hostname> for all of them, no need to specify ports anywhere, since the all use the default HTTP port (80)

[AnonymousGuy]

Don't believe this is possible.  Not an expert and I only read about this in the last 15 minutes but Nginx only can handle subdomains for http/s.  It can do non-http traffic for other ports but it has no awareness what the subdomain request was that got it there in the first place, because DNS record just dumped the traffic to the WAN IP where the subdomain was lost.  And the traffic itself is an arbitrary protocol that doesn't embed the subdomain like http does.

 

So if your strategy is "I want users to be able to enter subdomains instead of port numbers"...doesn't seem like it's possible: https://serverfault.com/questions/96469/is-there-a-way-to-forward-a-port-based-on-subdomain

 

If all of this is indeed http pages (like control panel and analytics) then there's a load of examples on configuring that: https://stackoverflow.com/questions/7942372/can-i-configure-a-subdomain-to-point-to-a-specific-port-on-my-server

 

Or just say fuck it and make a webpage with an embedded frame for your pages: 

 

[GameWarrior]

45 minutes ago, Eigenvektor said:

Define "some errors".

 

1. Is the domain on Google Domains a wildcard domain —or— do you have entries for the subdomains on there so that they actually resolve to your public IP?
2. Is your public IP static?

Note that host names resolve to IP addresses only, they do not resolve to IP + port. So your users will still need to enter the port manually. The port is only optional if it is the default port for whatever protocol you're using.

 

For example if you go to https://linustechtips.com, this works, because the default port for HTTPS is 443, so there's no need to write https://linustechtips.com:443 in the address bar.

 

If you have subdomains then technically you don't need different ports (for the same protocol) and if you have different ports, there's no real need for subdomains. nginx is generally used as a reverse proxy for HTTP, which Minecraft doesn't talk. Nor is there any real need for a reverse proxy in your scenario.

 

The easiest option would likely be:

Add three DNS entries on Google domains, so that crafty, analytics and map all resolve to your public IP

Add port forwarding for the ports 8443, 8804 and 8123 on your router, so all three ports are forwarded to the Ubuntu machine

 

Since ports are not part of DNS, technically your users will be able to connect to any service using any host name, by appending the appropriate port

 

If you want to host multiple HTTP services, then generally for nginx, you'd configure it like this:

 

server {
    listen 0.0.0.0:80 default;
    listen [::]:80;
    server_name crafty.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name analytics.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name map.riftcraftmc.com;
    
    // rest of configuration for that domain here
}

Note that only one of them is "default". If you want HTTPS then you need some additional entries (and you'll also need SSL certificates, ideally valid ones)

 

With this setup you can connect using http://<hostname> for all of them, no need to specify ports anywhere, since the all use the default HTTP port (80)

1. I have entries for the subdomains

2. nope, it changes and I need to update the entries manually everytime

[Eigenvektor]

42 minutes ago, GameWarrior said:

1. I have entries for the subdomains

2. nope, it changes and I need to update the entries manually everytime

That's certainly not ideal. That means from your user's view your host is "offline" until you get around to updating the DNS entries and the DNS entries are propagated around the world. Until then the host name will resolve to the old IP and your host is effectively unreachable.

 

If crafty, analytics and map are all http based, then I would just use the default port 80 for all of them. This will allow users to connect simply using http://crafty.riftcraftmc.com rather than having to specify a port each time (e.g. http://crafty.riftcraftmc.com:8443). As I said a DNS entry resolves to an IP only, you cannot specify a port there.

 

If these services include user authentication, then ideally you also want to use HTTPS for security. You can get a valid SSL-certificate through Let's Encrypt.

[AnonymousGuy]

3 hours ago, GameWarrior said:

1. I have entries for the subdomains

2. nope, it changes and I need to update the entries manually everytime

Dynamic DNS man.  There's a ton of providers and even consumer routers have a shot at supporting them natively.  They handshake to tell the DDNS what your new IP is if it changes.  No-IP is what I use and I know they have a client app you can install on Linux to work with them as well if your router doesn't have native support.

 

 

Edit: this whole thing then sent me down a hole of looking into migrating everything to Google Domains because I'm already using them for the domain hosting and pairing it with no-ip and then having a separate ssl certificate.  Seems like in the 6 years since I set things up it can probably be possible to move everything to Google Domains + Let's Encrypt cert.

[GameWarrior]

15 hours ago, AnonymousGuy said:

 

 

17 hours ago, Eigenvektor said:

That's certainly not ideal. That means from your user's view your host is "offline" until you get around to updating the DNS entries and the DNS entries are propagated around the world. Until then the host name will resolve to the old IP and your host is effectively unreachable.

 

If crafty, analytics and map are all http based, then I would just use the default port 80 for all of them. This will allow users to connect simply using http://crafty.riftcraftmc.com rather than having to specify a port each time (e.g. http://crafty.riftcraftmc.com:8443). As I said a DNS entry resolves to an IP only, you cannot specify a port there.

 

If these services include user authentication, then ideally you also want to use HTTPS for security. You can get a valid SSL-certificate through Let's Encrypt.

The thing is the IP of Crafty, Analytics and Map are hardlocked to 8443, 8804 and 8123 respectively so changing them to port 80 isn't possible 

[Eigenvektor]

3 hours ago, GameWarrior said:

The thing is the IP of Crafty, Analytics and Map are hardlocked to 8443, 8804 and 8123 respectively so changing them to port 80 isn't possible 

The services running on the same machine will need to use different ports, true. That doesn't mean they need to be reachable through these ports from the outside world. That's one of the reasons for using a reverse proxy.

 

You configure nginx to be reachable on 80 (and possibly 443) and forward incoming connections, based on the subdomain, to the respective service on its internal port. The approximate configuration would look something like this:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name crafty.riftcraftmc.com
    server_tokens off; ## Don't show the nginx version number, a security best practice

    location / {
        proxy_cache cache;
        proxy_cache_key $host$uri;
        proxy_cache_revalidate on;
        proxy_cache_lock on;
        proxy_cache_lock_age 60s;
        proxy_cache_lock_timeout 60s;

        proxy_pass http://127.0.0.1:8443;
    }
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;

    server_name analytics.riftcraftmc.com
    server_tokens off; ## Don't show the nginx version number, a security best practice

    location / {
        proxy_cache cache;
        proxy_cache_key $host$uri;
        proxy_cache_revalidate on;
        proxy_cache_lock on;
        proxy_cache_lock_age 60s;
        proxy_cache_lock_timeout 60s;

        proxy_pass http://127.0.0.1:8804;
    }
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;

    server_name map.riftcraftmc.com
    server_tokens off; ## Don't show the nginx version number, a security best practice

    location / {
        proxy_cache cache;
        proxy_cache_key $host$uri;
        proxy_cache_revalidate on;
        proxy_cache_lock on;
        proxy_cache_lock_age 60s;
        proxy_cache_lock_timeout 60s;

        proxy_pass http://127.0.0.1:8123;
    }
}

 

Ideally you put these into separate files, e.g. /etc/nginx/conf.d/{crafty.conf, analytics.conf, map.conf}. And, as I said, if these services include login, you should also consider enabling HTTPS.