Tunnel & share your Minecraft server with friends.
DISCLAIMER: This is mostly a concept at this point. Things might change in the future but for now, don't use it yet.
mcsync
is not just a program, it rather consists of a custom client & server, a DNS and WireGuard server. It has been developed with Docker in mind. All the custom parts were built using Rust.
- Tunnel minecraft server to all participants (using WireGuard)
- Sync server files to remote server.
- This allows all other players to start the server on there own, providing 100 % uptime if needed.
- Create as many servers as you please.
- Fake "minecraft server" that shows an MOTD if no one is hosting.
- Custom DNS resolution
- Lets say you have an server called
survival1
all members can connect tosurvival1.mc
as domain.
- Lets say you have an server called
This works with all Minecraft servers and versions (Vanilla, Spigot, Forge, etc).
I initially wrote this program to sync my Minecraft server to my less powerful vServer which isn't capable of running a full instance of Minecraft. But when hosting a Minecraft server on your own machine which is not turned on all the time (unlike a server), other people will not be able to play on that server.
This tool not only puts you and your friends into a own private network, it also syncs your server.
If you rented a cheap VPS, have a decent PC and no access to port-forwarding or just want to have a super private Minecraft server you should use this program.
First, you need to install Docker on your system. These steps may be different for your platform. Optionally, but recommended, you may want to install docker-compose.
Just execute the following command:
curl https://raw.githubusercontent.com/Mondei1/mcsync/main/installer.sh | sh
This will download and execute a small installer script that will setup everything for you.
Depending on your hoster you may need to enable Docker and Tunnel support. Please educate yourself prior to the following steps.
Create a docker-compose.yml
file inside some new folder you create and paste the following content into it:
# mcsync's Docker compose file.
version: '3.3'
services:
backend:
image: YOUR_IMAGE_ID
networks:
mcsync:
ipv4_address: 192.168.11.2
environment:
- USER_SUBNET=192.168.10.0/24
- ENDPOINT=example.com:51820
volumes:
- ./config/wg0.conf:/vpn/wg0.conf
- /var/run/docker.sock:/var/run/docker.sock
- ./dns/mcsync.d/:/dns/mcsync.d/
- ./mcsync-data.json:/database.json
depends_on:
- dns
# We use wireguard-go, which is a userspace implementation of WireGuard, that does not depend on the kernel modules
# since those are not always available (especially on vServers which are guests of a kernel).
#
# If your server does support the WireGuard kernel modules, feel free to use https://github.com/linuxserver/docker-wireguard instead.
wireguard:
image: masipcat/wireguard-go:latest
networks:
mcsync:
ipv4_address: 192.168.11.3
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.ip_forward=1
volumes:
- /dev/net/tun:/dev/net/tun
- ./config:/etc/wireguard
environment:
- PUID=1000
- PGID=1000
- WG_COLOR_MODE=always
- LOG_LEVEL=debug
ports:
- 51820:51820/udp
privileged: true
restart: always
dns:
image: mvance/unbound
networks:
mcsync:
ipv4_address: 192.168.11.5
volumes:
- ./dns:/opt/unbound/etc/unbound/
networks:
mcsync:
external: true
Now you'll need to create the mcsync
network (see Network structure down below for more information):
docker network create --subnet 192.168.11.0/29 mcsync
DO NOT change the network name. Otherwise mcsync will not be able to find any container. The reason is that mcsync locates container based on those rules:
- Does the container name contain
mcsync
? - Does the container name contain
dns
?
That means that mcsync-dns-1
will match but customname-dns-1
will not.
more coming soon
So, you got mcsync up and running on your server and your client works as well.
Your server is working and now you want some players on your server.
You need to somehow get your WireGuard public key to the server owner. To do this, run the following command:
mcsync client_info > joe_doe.mcsc # .MCSync Client = mcsc
joe_doe.mcsc
(example)
{
"version": 1,
"wireguard_pub": "VZBslaLy/AXCqk0rXq8Ip/+p7a/RyrG+H/WQ9ZeV8x8=",
"ssh_pub": "AAAAC3NzaC1lZDI1NTE5AAAAIAzLg1ogXeY4VBch6uEcgNso26HowdmKpSNWwINSHQJd"
}
Send this to the sever owner and wait for the server's information.
[Server ownser see down below]
Now import the server's file:
mcsync import [SERVER_NAME] /path/to/server_info.mcss # MCSync Server = mcss
mcsync import friends ~/Download/friends_server.mcss # Example
SERVER_NAME
can be any name you want. This name should make it easy to distinguish between multiple servers.
Wait for a client to send you their client info.
To import and accept the request, run the following:
# The name `mcsync-server-1` depends on how you named your container. This is the default.
docker exec -i mcsync-server-1 /bin/mcsync-server accept [CUSTOM_NAME] < /path/to/joe_doe.mcsc > server_info.mcss
# Example
docker exec -i mcsync-server-1 /bin/mcsync-server accept "Joe Doe" < /path/to/joe_doe.mcsc > server_info.mcss
CUSTOM_NAME
can be any name you wish. Its sole purpose is to distinguish between multiple clients.
server_info.mcss
(example):
{
"version": 1,
"endpoint": "example.com:51820",
"public_key": "VZBslaLy/AXCqk0rXq8Ip/+p7a/RyrG+H/WQ9ZeV8x8=",
"psk": "Hx4EUfnSED/J409OEKw3jiZQUHK3KsfR2VfgQHYaJqs=",
"user_subnet": "192.168.10.0/24",
"ipv4_address": "192.168.10.3",
"dns": "192.168.11.5"
}
This will add the public key to your WireGuard configuration.
WARNING: mcsync
will automatically restart the WireGuard server. This means there is a small interruption of service.
mcsync connect [SERVER_NAME]
mcsync connect friends # Example
This server is now your current server. All future operations (like adding a new Minecraft server) will affect this server.
mcsync disconnect
There is a server of a friend you would like to host? No problem, just type this:
$ cd /path/to/your/local/server/folder
$ mcsync host
Resolve delta ...
Delta summary: 4 new, 23 modified and 7 files were deleted since last sync.
==============
( 0 %) ↑ world/region/r.-1.-1.mca (1.14 MB)
[...]
( 14 %) ↑ world/playerdata/[...]9a-a3a4b8481aab.dat (4 KB)
mcsync will now download all server files if they don't exist yet.
You might have to download a fresh copy of a server that you don't yet have. Just execute the same command with the server name:
$ cd /path/to/your/server/collection
$ mcsync host survival2
Clone `survival2` into /path/to/your/server/collection/survival2 ...
( 0 %) ↓ minecraft_server.jar (14 MB)
( 1 %) ↓ server.properties (425 Bytes)
[...]
Done. You can now run "mcsync host" within the new server.
mcsync will create a new folder within your current working directory.
$ mcsync status
Connected with `friends`
=========================
Available servers:
* survival1 -> 2 / 20 players online - 1.19 Vanilla
* creative -> 0 / 8 players online - 1.18.2 Vanilla
- survival2
- pvp
Clients:
* Elliot Alderson (online)
* Mr. Robot (online)
- Morty Smith (last seen 2 hours ago)
- Joe Doe (last seen 3 days ago)
- Deon Wilson (last seen 2 weeks ago)
$ docker exec -it mcsync-server-1 /bin/mcsync-server status
Running mcsync v1.0-DEV
=========================
Available servers:
* survival1 -> 2 / 8 players online - 1.19 Vanilla
* creative -> 0 / 8 players online - 1.18.2 Vanilla
- survival2
- pvp
Clients:
* Elliot Alderson (online)
* Mr. Robot (online)
- Morty Smith (last seen 2 hours ago)
- Joe Doe (last seen 3 days ago)
- Deon Wilson (last seen 2 weeks ago)
You need to connect to a server before you can use this command.
mcsync init [NAME] --start-file [PATH]
mcsync init survival1 --start-script startServer.sh # Example 1
mcsync init survival1 --start-script vanilla-1.19.jar # Example 2
This will generate a new file called .sync
inside your minecraft server containing the following information:
{
"server": "server_name", // Name of server.
"first_sync": 1656612770, // Timestamp of first the sync. (no use but you can see your server getting older)
"last_sync": 1656643855, // Timestamp of last sync of your local copy.
"version": 1 // Version of mcsync that performed the last sync.
}
When --start-file points to a script, make sure you have a Windows (.bat) and a Unix (.sh) version. In the example 1 above, there must be a startServer.sh and startServer.bat. In example 2 there only has to be the jar file.
If it points to a .jar
file, it will be executed with java -Xms256M -Xmx2G %jar% nogui
by default.
After executing that command, the entirety of this folder will be synced to your remote.
You can run this command everywhere on your computer.
mcsync start [NAME]
mcsync start survival1 # Example
This will start the Minecraft server and it will tell the backend that its ready. Once the Minecraft server finished starting, other members can join it.
Network mask | Usage | # Hosts |
---|---|---|
192.168.10.0/24 |
Reserved for all participants. | 254 |
192.168.11.0/29 |
Reserved for all services. | 6 |
If those subnets are colliding with any of your subnets, change them. The second subnet needs to have at least 3 hosts. Just make sure you'll NEVER change you mask later. At the time of writing mcsync
does not support changing IP-address once they have been assgined.
In case you need more space for your users consider the following example.
Network mask | Usage | # Hosts |
---|---|---|
192.168.0.0/18 |
Reserved for all participants. | 16,382 |
192.168.64.0/29 |
Reserved for all services. | 6 |
You may remember the tool Hamachi. Back in the days, we used to use this program. We didn't knew how it worked, it was some kind of magic, but it allowed us to play Minecraft together. But this was years ago and now I know we achived this with using our own VPN. Yet, there was just one person who had the server. So when we wanted to play we had to wait for the hoster to be ready.
This tool's aim is to elimate this drawback. Unlike Hamachi, it isn't limited to just 5 users. (technically there is a limit of 254)
WireGuard is directly integrated into the Linux kernel or available as a kernel module, which is generally the way to go. Unfortunately, these modules are not available on most cheap vServers, which is why the official WireGuard server cannot be started. vServers run as a guest on a massive host system and use a shared kernel, like Docker containers. Guest systems are not able to modify the shared kernel. For this reason, you cannot install the required module even if you have root access to the guest.
wireguard-go
is another official implementation of the WireGuard server which is slower than the kernel modules but it works everywhere. I plan to use the wireguard-rs
implementation as soon as it's available on Windows.
OpenVPN is ...
- a mess: It would require a lot more effort to automatically setup the server and to keep an eye over the configuration.
- slow: OpenVPN is way slower than WireGuard. Both in terms of bandwitdh and latency. Take a look here.
- bloated: It supports far more ciphers than you actually need, which increases complexity and image size.
I hope that covers it up. Yet, if there is any wish to implement OpenVPN too, then open an issue.
As you may have noticed, there will soon be an update for Minecraft Java Edition that introduces a chat reporting feature to Minecraft.
This change upsets many players and switching the server to offline mode is so far the only known way to turn off this system. This brings many disadvantages, such as username forgery and missing skin support.
What does mcsync
have to do with this? Well, since a whitelist system doesn't do anything useful (since UUID don't really exist in offline mode) you can use mcsync
to protect your server from untrusted people. Only people who have joined your VPN tunnel can see & use your server. This is only practical for smaller servers.
It won't protect you from bad friends, as they can still fake usernames! But it can drastically reduce the number of potential bad actors.
To restore skins, use SkinRestorer by SRTeam or something else.
While this project is still growing and at its beginning there are some things I'll like to add in the future:
- Central server which is hosted by me.
- Easier to join other peoples private networks
- Cheaper sync of your Minecraft worlds (E2E encrypted, 50 MB free maybe)
- Client with GUI (using egui)
- Dashboard
- Permission groups within mcsync
more coming soon