So, I’ve been a system admin for a server for a while now and we’ve recently had a few DDoS attacks.
To combat this, I thought of having a few smaller servers to act as gateways to the FiveM server. This all works fine, I can get the “players.json” file and everything fine but, when I try and connect to the server with the client it fails (tries three times then gives up).
So, I was wondering if there’s something I need to do extra to get this to work. Currently I have the setup:
Proxy Server 1 -> FiveM Server (TCP 30120) - With Nginx
Proxy Server 1 -> FiveM Server (UDP 30120) - With a python script
When looking at the NGINX logs for the TCP connections, It looks like it’s working (it’s sending a POST request to /client):
I’m already with OVH and I feel like they can’t do any protection for FiveM with it being so heavy on the badwidth. So, they can’t distinguish the real traffic from the fake traffic.
With this simple Nginx config, all pass.
Ressources downloaded correctly, but when it’s time to connect, it’s impossible…
stream {
server {
listen 30120;
proxy_pass ServerIP:30120;
}
server {
listen 30120 udp;
proxy_pass ServerIP:30120;
}
}
I think it’s when you initialize the socket that it does not work.
The idea is good because it would make it possible to define complex filtering rules.
If official developers have answers to our questions, it would be cool, even if in the idea, it weighs down the process.
I’m using nginx stream module aswell to proxy my servers and its working just right, however the backend (fivem) server authenticates to nucleus it does send its real IP to the fivem server list.
When people put up the server in their favorites they connect directly to the backend server and can grab its IP in netstat.
I’m trying to find a way to circumvent that whilst still showing in server listing with the proxied IP instead.
You need nginx version 1.17+ to use the UDP solution.
On my side, I manage to set up all the proxies, but my cfx link doesn’t work anymore, and the players can’t join from the server list (HTTP error 502).
# License key for your server (https://keymaster.fivem.net)
sv_licensekey "w8kzm9m5htbgxxxxxok2sqk52"
endpoint_add_tcp "0.0.0.0:40037"
endpoint_add_udp "0.0.0.0:40037"
set sv_forceIndirectListing true
set sv_listingHostOverride "xxxx.xxxxx.xyz:40037"
set sv_listingIpOverride "fxxxx.xxxxx.xyz:40037"
set sv_proxyIPRanges "194.9.172.xxx/32 194.9.172.xxx/32 45.145.167.xxx/32 194.9.172.xxx/32 194.9.172.xxx/32"
fileserver_add ".*" "http://xxxx.xxxxx.xyz:40037/files"
When connecting from the list or CFX, I get the 502 error, which I don’t get when connecting from the domain name. The strange thing is that my server appears in the list, but I can’t join it