Show HN: A tool to self host game servers with a free static IP (opens in new tab)

(playit.gg)

91 pointspatricklorio5y ago44 comments

44 comments

35 comments · 11 top-level

sockaddr5y ago· 7 in thread

My coworker's kid uses zerotier to maintain a private gaming network with static IPs for all their friends. Does your system have anything similar or is it just out in the open? Taking a cursory glance at your page it's hard to tell exactly what is being done. Looks cool though.

sjnair965y ago

Just fyi, I've found Tailscale to be excellent for this purpose. I just created a new google account, for sharing with friends and family to log in to tailscale, and it's completely free. A relay on my Raspberry pi allow me to expose select devices to those connected to my tailscale.

Easy, magical NAT traversal.

- https://tailscale.com/blog/how-nat-traversal-works/

Edit: Oh wow. I just ran into innernet. Looks like a self-hosted FOSS alternative to tailscale, and also cool blog

- https://blog.tonari.no/introducing-innernet

ethanmad5y ago

You actually don't need to share your account with friends and family to share access with Tailscale. You can share devices instead: https://tailscale.com/kb/1084/sharing/. (I believe the doc is out of date and that this is now a production feature.)

I use this for sharing a media server with family and friends and it works great!

1vuio0pswjnm75y ago

Looks like innernet relies on third party "Nebula" from "Slack Technologies" (commercialised IRC) which uses 70.199.182.92.

Perhaps the definition of "self-hosted" varies from person to person. The definition I subscribe to for "self-hosted" peer-to-peer is that I have to supply the publicly reachable IP address and run a supernode on it. (I prefer supernodes that only provide IP:port information for peers to directly connect and do not pass any traffic once the peers are connected.) Many of the so-called "peer-to-peer" projects I see today provide the IP address of a server run by a third party as part of their default configuration, with the option that a user could run their own server on their own IP address. (How many users do that.) Under the definition I subscribe to, nothing is for "free". I have to pay for the publicly reachable IP address and run the supernode from that address. Under another person's definition of "self-hosted", a third party might be hosting a necessary server. If they stop providing that service, the "self-hosted" solution no longer works.

1 more reply

patricklorioOP5y ago

This system is a little simpler, it creates a public endpoint that will tunnel traffic to the game server over the playit program. So when the program and game server are running, anyone can connect to the server through the public address.

It has the advantage that only the server needs to run a program. It also does a few tricks like mapping each client's public IP to a LAN IP like 127.5.21.3 so ip banning / whitelisting still works in game.

sockaddr5y ago

Gotcha, nice work

infogulch5y ago

Does this also work for consoles or just pcs?

patricklorioOP5y ago

At the moment the program only run on PCs, however a few users have figured out how to run it on mobile. But that's just for the server, the server that is tunneled can be connected to by anything. We have a few users hosting Minecraft Bedrock servers that are being connected to by mobile and consoles.

1 more reply

jjice5y ago· 4 in thread

There's also good ol' (newish?) WireGuard on a relay VPS. But I understand how it'd be another extra step that could get in the way for someone unfamiliar with the tech.

rubatuga5y ago

For people who want to use WireGuard to receive a clean IPv4 and IPv6 public address (no blacklist and good reputation), you can check out https://hoppy.network

All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.

foxpurple5y ago

This looks awesome. I recently moved and had to get a new ISP and router and I gave up trying to get my home server working because the router firmware is so bugged out that port forwarding doesn’t work.

arthurcolle5y ago

WireGuard is terrible. ZeroTier is so much better.

gouggoug5y ago

Would you mind expanding on this? How do wireguard and zerotier compare to each other?

1 more reply

Syonyk5y ago· 4 in thread

It looks like there's a tunnel app... could I use it to tunnel other stuff if I got creative? I'm behind CGNAT with Starlink on one of my connections, and I wouldn't mind a freebie tunnel to, say, a webserver in there...

cs05y ago

Have you tried ngrok? https://ngrok.com

nmfisher5y ago

+1 for ngrok, totally worth the $80 a year (or whatever it is I shell out).

patricklorioOP5y ago

Yes, you're free to tunnel whatever you like with the custom TCP and UDP tunnels. We have users tunneling their SSH and FTP servers and all sorts of things. Though if the bandwidth starts disrupting game severs, I may need to reconsider :).

tengbretson5y ago

If this doesn't work out for your needs, I've had good results using Cloudflare Argo Tunnel so far.

jagger275y ago· 3 in thread

Looks convenient. I assume multiple servers share the same IP(s) on different non-default ports? I don’t see any info on how this works on the site.

I can’t imagine providing a free unique static IPv4 for 4000+ active servers would be a sustainable business model. IPv6 of course would be fine, if residential ISPs ever leave the Stone Age. (Looking at you, Bell Canada)

patricklorioOP5y ago

Yes, I'm assigning a random port to each tunnel. I have been considering purchasing an IP space to offer a premium version but it's hard to make the numbers work at my current scale.

Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.

CraftThatBlock5y ago

Careful with this, as some Java versions on some Linux distributions (such as Java 11 on Ubuntu/Arch) does not work

https://bugs.mojang.com/browse/MC-175531

jagger275y ago

> Minecraft is quite nice as it supports SRV records

Oh that's nifty!

ev15y ago· 2 in thread

How can I self host this for an arbitrary game TCP port? I'd be happy to pay for a "limited feature" edition (don't need source either) that will:

- let me self host with binaries, public IP server on Linux, private IP server on Windows

- map IPs so that the gameserver running on Windows can issue IP bans

- I don't need hostname-picking or unique ports

patricklorioOP5y ago

If you download and run the program it will launch the web browser to https://playit.gg/manage. On that page you should be able to add a Custom TCP tunnel. I don't quite follow the features you're looking for but I think the custom TCP tunnel should cover a good bit.

As for banning IPs, public IPs are mapped to local IPs (for example 127.3.5.6) so in game banning should work. I have thought about creating a premium tier that lets you add firewall rules to the edge (our tunnel servers) so the traffic you filter never gets tunneled to you.

ev15y ago

Is it possible to self host it? I don't mind paying for a premium tier that lets me self host/configure; I don't mind if it isn't open source, but I have a need to host something like this for players in APAC region and also be able to select my own ports.

1vuio0pswjnm75y ago· 1 in thread

Looks like this uses https://github.com/cloudflare/boringtun, a userspace implementation of Wireguard written in Rust, and (I'm guessing) user IP:port is sent to third party at api.playit.gg.

patricklorioOP5y ago

Version 3 did, however I was needing to manage the TCP IP stack in application. I tried using and patching smoltcp, then made things more stable by linking to gvisor (a go project) but users were still having performance issues. Ended up launching v4 which uses the http2 protocol under the hood.

The users we have vary quite drastically in terms of their network access and computer hardware.

scktt5y ago· 1 in thread

i had a similar use case for sharing my plex media server. i am behind a cgnat so dont have a fixed IP address nor can I port-forward if I wanted to. the solution I came up with, involves zerotier and a cheap vps qith a static ip (required as I cant setup zerotier everywhere (apple tvs, chromecasts, iphones, etc.) the vps acts as a relay to the private zerotier network (single address only, the plex server) which allows anyone i have shared my plex server with to access without any setup.

a script to set it all up (debian 8): https://gist.github.com/scktt/b586dd4bf5a19be91a978c6b2abb59...

stevekemp5y ago

I'd look at using an SSH reverse tunnel. If you can connect from the plex-server to a server hosted on EC2, Linode, DigitalOcean, etc, you could expose the service from that.

Something like:

       ssh -f -N -T -R 8080:localhost:80 user@external.example

Now access to your remote host on port 8080 will be mapped back to your home machine, behind the NAT. You could install nginx as a proxy for it, etc.

BossingAround5y ago· 1 in thread

This seems to create long-running tunnel sessions, doesn't it? If so, that seems to me to potentially create load that's too great for the service to be free.

patricklorioOP5y ago

That is correct. It's been difficult, I've had to rebuild the entire system 4 times finding new optimizations here and there. I'm at break even cost wise from people purchasing custom domains for $1/month, or $6/year.

The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.

nickspacek5y ago· 1 in thread

I thought that virtual hosts for TCP would be an interesting feature to have to support multiple services on a single port. I remember reading about this years back: http://www.litech.org/~brian/tcphosts/paper.html

foxpurple5y ago

A better solution would be to have each service on its own IP address and to do away with ports entirely. Ports are a hack to deal with limited IP addresses.

mStreamTeam5y ago

If anyone is interested, you can setup your own tunnel sever like this with FRP.

Plus its open source

https://github.com/fatedier/frp

jeffnv5y ago

Awesome work!

j / k navigate · click thread line to collapse

44 comments

35 comments · 11 top-level

sockaddr5y ago· 7 in thread

sjnair965y ago

Easy, magical NAT traversal.

- https://tailscale.com/blog/how-nat-traversal-works/

Edit: Oh wow. I just ran into innernet. Looks like a self-hosted FOSS alternative to tailscale, and also cool blog

- https://blog.tonari.no/introducing-innernet

ethanmad5y ago

I use this for sharing a media server with family and friends and it works great!

1vuio0pswjnm75y ago

Looks like innernet relies on third party "Nebula" from "Slack Technologies" (commercialised IRC) which uses 70.199.182.92.

1 more reply

patricklorioOP5y ago

sockaddr5y ago

Gotcha, nice work

infogulch5y ago

Does this also work for consoles or just pcs?

patricklorioOP5y ago

1 more reply

jjice5y ago· 4 in thread

There's also good ol' (newish?) WireGuard on a relay VPS. But I understand how it'd be another extra step that could get in the way for someone unfamiliar with the tech.

rubatuga5y ago

For people who want to use WireGuard to receive a clean IPv4 and IPv6 public address (no blacklist and good reputation), you can check out https://hoppy.network

All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.

foxpurple5y ago

arthurcolle5y ago

WireGuard is terrible. ZeroTier is so much better.

gouggoug5y ago

Would you mind expanding on this? How do wireguard and zerotier compare to each other?

1 more reply

Syonyk5y ago· 4 in thread

cs05y ago

Have you tried ngrok? https://ngrok.com

nmfisher5y ago

+1 for ngrok, totally worth the $80 a year (or whatever it is I shell out).

patricklorioOP5y ago

tengbretson5y ago

If this doesn't work out for your needs, I've had good results using Cloudflare Argo Tunnel so far.

jagger275y ago· 3 in thread

Looks convenient. I assume multiple servers share the same IP(s) on different non-default ports? I don’t see any info on how this works on the site.

patricklorioOP5y ago

Yes, I'm assigning a random port to each tunnel. I have been considering purchasing an IP space to offer a premium version but it's hard to make the numbers work at my current scale.

Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.

CraftThatBlock5y ago

Careful with this, as some Java versions on some Linux distributions (such as Java 11 on Ubuntu/Arch) does not work

https://bugs.mojang.com/browse/MC-175531

jagger275y ago

> Minecraft is quite nice as it supports SRV records

Oh that's nifty!

ev15y ago· 2 in thread

How can I self host this for an arbitrary game TCP port? I'd be happy to pay for a "limited feature" edition (don't need source either) that will:

- let me self host with binaries, public IP server on Linux, private IP server on Windows

- map IPs so that the gameserver running on Windows can issue IP bans

- I don't need hostname-picking or unique ports

patricklorioOP5y ago

ev15y ago

1vuio0pswjnm75y ago· 1 in thread

Looks like this uses https://github.com/cloudflare/boringtun, a userspace implementation of Wireguard written in Rust, and (I'm guessing) user IP:port is sent to third party at api.playit.gg.

patricklorioOP5y ago

The users we have vary quite drastically in terms of their network access and computer hardware.

scktt5y ago· 1 in thread

a script to set it all up (debian 8): https://gist.github.com/scktt/b586dd4bf5a19be91a978c6b2abb59...

stevekemp5y ago

I'd look at using an SSH reverse tunnel. If you can connect from the plex-server to a server hosted on EC2, Linode, DigitalOcean, etc, you could expose the service from that.

Something like:

       ssh -f -N -T -R 8080:localhost:80 user@external.example

Now access to your remote host on port 8080 will be mapped back to your home machine, behind the NAT. You could install nginx as a proxy for it, etc.

BossingAround5y ago· 1 in thread

This seems to create long-running tunnel sessions, doesn't it? If so, that seems to me to potentially create load that's too great for the service to be free.

patricklorioOP5y ago

The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.

nickspacek5y ago· 1 in thread

foxpurple5y ago

A better solution would be to have each service on its own IP address and to do away with ports entirely. Ports are a hack to deal with limited IP addresses.

mStreamTeam5y ago

If anyone is interested, you can setup your own tunnel sever like this with FRP.

Plus its open source

https://github.com/fatedier/frp

jeffnv5y ago

Awesome work!

j / k navigate · click thread line to collapse