Cloudflare w/ MC server


#1

Hello,

Some people cant join my server anymore when i have the cloudflare function enabled, before that i was working fine… Idontknow what i changed but its not working for somepeople anymore.
If i disable the function there can see my dedicated ip.
Can anyone help me?


#2

MC being? Minecraft?

Minecraft does not use HTTP and hence cannot be proxied by Cloudflare. You’d need to set your Minecraft host record to :grey:.


#3

Not always strictly true… if you’re using an SRV record to specify the MC server details then because of Cloudflare’s stupid-stupid-stupid (yes, I’m on a one-man mission to reverse this) decision to alter your records for you without telling you that they do so then they’ll still be able to connect.

[ Basically if your SRV record has a hostname which resolves to a Cloudflare-proxied IP address they return a different auto-generated hostname pointing directly to your backend, along the lines of dc-<value>.example.com ]

EDIT: Please let this problem be due to Cloudflare not doing this any more…


#4

That is still “unproxying” the record and that was the whole point.


#5

But the purpose of an SRV isn’t to unproxy anything - it’s to define where a service is. There’s an RFC and everything.

I won’t go into the various discussions I’ve already had on here and with support but wrt unproxying, the issue is that it is trivial for someone to create their own additional unproxied record and specify this in the SRV if that is what they want. However, the current design precludes people being able to ever specifying a host which you do want Cloudflare to proxy.

e.g. There are various situations where the target host might need to be proxied by Cloudflare - e.g. if the service uses HTTPS as a protocol (such as WKD) and Cloudflare act as your SSL termination, or if the service is being load-balanced or proxied via Cloudflare Spectrum etc. The design as it is of substituting a direct hostname in all circumstances actively stops people being able to do this in preference of giving others the convenience of not having to bother creating an additional unproxied hostname to use in the SRV definition if they want an unproxied record.

(There’s other contradictions and bad logic in play too… such as you can specify a Cloudflare-proxied hostname in an SRV record if it is in a different domain! The implementation just hasn’t been thought through properly, that’s all - SRV always seemed a rushed job I’ve reported other previous deviations from spec before).


#6

I am not discussing SRV records or their purpose here but referred to the fact the OP needs to unproxy his service if it does not support HTTP. How he achieves that does not really matter, the clients must not connect via Cloudflare.


#7

Since I’m a sucker for support articles:


#8

Did you just suggest the OP signs up for an enterprise plan? :smile:


#9

Apologies - I thought you were suggesting that that using an SRV record is a valid way to unproxy his connection. Hopefully people aren’t doing that as it certainly shouldn’t be.


#10

Im using a SRV & a A- But still doesnt work for some people.


#11

Is the host proxied?


#12

Its soyoustart, Idontknow there have a ddos protection but dont know how good that is


#13

No, the question is whether you proxy the host on Cloudflare. Can you post your DNS settings? Redact the IP addresses if necessary.


#14


#15

And ts is the host in question?


#16

No, my minecraft server teamspeak is working fine


#17

Well, in that case I can only refer you back to the very first response.


#18

Add a new A record pointing to your MC server IP address (e.g. mc.hcnations.org, ensure that this is ‘grey-cloud’ (i.e. not proxied), use that hostname (e.g. mc.htnations.org) in the SRV record’s name field.

This allows you to keep Cloudflare in front of any web traffic that may go to the same IP address but will ensure that MC traffic also works. It will also mean you keep on working if and when Cloudflare fix their present SRV implementation issue.


#19

Same host.

There seems to be already such a record in place, but does Minecraft support resolving hosts via SRV records?

But yes, the OP needs to unproxy that service either way, as mentioned 13 hours ago :wink:


#20

Yes it does. However if folk have inadvertently used that setup with oranged hostnames and Cloudflare have started playing with fixing their SRV lookup problem, then things would stop working as soon as the hostnames returned start resolving to Cloudflare proxy IPs.