This BungeeCord (and now Spigot and Velocity) plugin enables proxied and direct connections both at the same time. More infomation about HAProxy and its uses can be found here.
Allowing both direct and proxied connections has significant security implications — a malicious player can access the server through their own HAProxy instance, thus tricking the server into believing the connection is coming from a fake IP.
To counter this, this plugin implements IP whitelisting. By default, only proxied connections from localhost
will be
allowed (direct connections aren't affected). You can add the IP/domain of your trusted HAProxy instance by
editing whitelist.conf
, which can be found under the plugin data folder.
Details of the whitelist format
# List of allowed proxy IPs
#
# An empty whitelist will disallow all proxies.
# Each entry must be an valid IP address, domain name or CIDR.
# Domain names will be resolved only once at startup.
# Each domain can have multiple A/AAAA records, all of them will be allowed.
# CIDR prefixes are not allowed in domain names.
127.0.0.0/8
::1/128
If you want to disable the whitelist (which you should never do), you can do so by putting this line verbatim, before any other entries:
YesIReallyWantToDisableWhitelistItsExtremelyDangerousButIKnowWhatIAmDoing!!!
proxy_protocol
needs to be enabled in BC config.yml
for this plugin to work. (Not to be confused with the similar option in paper.yml
)
Older versions of BC can in theory use BungeeProxy in parallel with this plugin, but it hasn't been tested yet. Feedback is welcomed.
ProtocolLib is a required dependency. This plugin was developed using ProtocolLib v4.8.0; please try that version first if there are any errors. Check out issue #3 for experimental support for ProtocolLib 5.0.
New versions of Paper have built-in HAProxy support (proxied connection only). It's not compatible with this plugin, so please disable the proxy-protocol
option in paper.yml
.
haproxy-protocol
needs to be enabled in Velocity config for this plugin to work.
Versions older than 3.0 are not supported.
If errors like NoClassDefFoundError: sun.misc.Unsafe
, InaccessibleObjectException
and such are encountered,
please add --add-opens java.base/java.lang.invoke=ALL-UNNAMED
to JVM arguments.
If errors like IllegalAccessException: static final field has no write access
are encountered,
please upgrade the plugin to at least v3.0.2.
If you cannot upgrade for whatever reason, a temporary workaround would be to add
-Djdk.reflect.useDirectMethodHandle=false
to JVM arguments.
Note that this argument will be removed in future Java releases.
This plugin uses bStats for metrics. It collects some basic information, like how many people
use this plugin and the total player count. You can opt out at any time by editing the config file under
plugins/bStats/
.