Securing an online-mode=false private server
hihi! I manage an AWS minecraft server and I had an admin question:
The server is private and just 5 friends as of now. A couple others want to join but use cracked clients and cannot afford the official game. I still want to play with them, but online-mode=false comes with obvious security issues.
I want to create some form of auth to allow these friends to play with us anyway, but am unsure of next steps. As far as I can see there are a few paths:
Use Paper or some similar service to use an auth plugin requiring a password for entry (This could be user specific, or the easier route of a server-wide password that I trust my friends to keep private)
The issue: As far as I'm aware Paper, Spigot etc. cause changes in game behaviour to do with with spawn rates and the like. This would be an annoyance, considering our server's reliance on farms. So ideally I'd like to avoid this. If there's some way to allow the disabling of all such changes that would be helpful.
Use the server username whitelist in conjunction with whitelisting my friends' IP addresses on AWS
The issue: We're all university students that move back and forth often. Additionally, our university housing uses a strange WiFi provider that I know has had issues with minecraft servers in the past, so I'm unsure as to how it'd react to the whitelisting. Beyond that, it just seems a pain to add this many IPs.
Is there a specific avenue from the above to pursue, or any better ones I'm yet to consider? Please help, and thanks in advance!
The server is private and just 5 friends as of now. A couple others want to join but use cracked clients and cannot afford the official game. I still want to play with them, but online-mode=false comes with obvious security issues.
I want to create some form of auth to allow these friends to play with us anyway, but am unsure of next steps. As far as I can see there are a few paths:
Use Paper or some similar service to use an auth plugin requiring a password for entry (This could be user specific, or the easier route of a server-wide password that I trust my friends to keep private)
The issue: As far as I'm aware Paper, Spigot etc. cause changes in game behaviour to do with with spawn rates and the like. This would be an annoyance, considering our server's reliance on farms. So ideally I'd like to avoid this. If there's some way to allow the disabling of all such changes that would be helpful.
Use the server username whitelist in conjunction with whitelisting my friends' IP addresses on AWS
The issue: We're all university students that move back and forth often. Additionally, our university housing uses a strange WiFi provider that I know has had issues with minecraft servers in the past, so I'm unsure as to how it'd react to the whitelisting. Beyond that, it just seems a pain to add this many IPs.
Is there a specific avenue from the above to pursue, or any better ones I'm yet to consider? Please help, and thanks in advance!
Solution
Someone on the TMC server that redirected me here mentioned using some combination of Fabric with easyauth+easywhitelist, does this seem like an avenue answering the problems I face?Yes, I would strongly recommend you just follow what they say instead
