Introduction
I am attempting to configure HAProxy on an Ubuntu server to route TCP traffic for multiple game servers. My goal is to use HAProxy to manage connections to multiple game servers through one public IP address and distribute the traffic based on subdomain access. However, despite setting everything according to typical guidelines, clients cannot connect through the HAProxy layer to the Minecraft server.
# Technical Background
Server Details:
Operating System: Ubuntu 24.04 LTS
HAProxy Version: HAProxy 2.8.5-1ubuntu3
Network Setup:
**IP Addresses: **
domain name “abands-mc.com and *.abands-mc.com” are forwarded to my local home network where the ubuntu server is running.
On home network providor, port 4000 is public forwarded to the servers ip address
HAProxy Configuration:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations (although not used for TCP, still good to define for future use)
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# SSL settings (keep these if you might configure SSL in the future)
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode tcp # Changed from http to tcp for game traffic
option tcplog # Using TCP-specific logging
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend main_front
bind *:4000
acl is_game1 hdr(host) -i game1.abands-mc.com
acl is_game2 hdr(host) -i game2.abands-mc.com
use_backend game1_backend if is_game1
use_backend game2_backend if is_game2
backend game1_backend
server game1 <server-ip-address>:25565
backend game2_backend
server game2 <server-ip-address>:25566
Problem Description
Clients are unable to connect to the (for testing) Minecraft server through the HAProxy setup. While direct connections to the Minecraft server using its local IP and port are successful, attempts to connect through the HAProxy IP and designated port fail without any specific error message on the client or server side. The expected behavior is for HAProxy to seamlessly forward the traffic to the respective game server based on the domain name provided by the client.
Here’s a list of troubleshooting actions I’ve taken so far:
Checked HAProxy syntax with:
haproxy -c -f /etc/haproxy/haproxy.cfg.
Restarted HAProxy and verified its active status.
Directly connected to the Minecraft server to ensure it’s operational.
Used network tools like ping and netcat to check connectivity and port accessibility.
Request for Help
I am seeking advice on further diagnostics I can run to pinpoint the issue. Any specific HAProxy settings or network configurations that might typically be overlooked would be immensely helpful. Additionally, if there are known issues or best practices specifically related to Minecraft and HAProxy, sharing these would be greatly appreciated.
Adriaan dk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.