#We have a custom cloud flare domain for our mc server and we try to connect and get a getsockopt

We have a selfhosted mc server and we want to run a custom domain we saw that you set up a custom domain for mc does anyone have any idea why this is

What did you use to associate the domain with the IP?

Sorry, didn't see that you said cloudflare

Could you screenshot the settings?

You just have an A record pointing to the Minecraft server IP in CloudFlare, yeah? And you are bypassing CloudFlare's DNS cache, right? (Last I checked, you can't use CloudFlare free to proxy anything other than web traffic over ports 80/443.)

You can set up a server record

So that would be the subdomain mc with the port of 6862.

You have set up the main domain as well of course with an A record

Ah right, I always forget the SRV records exist. 👍

Yes we have a SRV set up

Yes we have an a record and a SRV. Locally on the same network we can connect to the server. But with someone off network they get the getsockopt.

@dusky jasper Can you screenshot the config?

You can blur the IPs

@dusky jasper Also, can they connect to the IP via the internet?

I'm the owner and host of the server.

Details:
Server running though crafty though dockage on truenas scale

And cloudflated running as a iX app

These are the settings

We are co owners

The A record is set for the local IP, not the internet IP

It needs to point to the IP that is accessible on the internet

With the current rule, it would tell users to connect to 192.168.86.33 on their own local network

Wouldn't that expose the IP then and defeat the purpose?

You can get the IP from any DNS

DNS doesn't hide the IP

Not sure if cloudflare routes it internally

If you want to hide the IP, you would need a tunnel

Or proxy

Not sure if Cloudflare does that

I went and checked my own server

I then checked a DNS lookup

So it looks like cloudflare proxies it, so the IP is hidden

This is the free tier, not paying for anything

And when setting it up, I seem to remember Cloudflare giving a warning that the IP was exposed when I did it wrong the first time

I set the A as the public and proxied. Its still giving the getsockopt. and if i use a mc status checker, it exposes the ip

Not proxied

DNS only

dns only exposes the ip

Then you would need a tunnel

Not sure why that doesn't happen with me though

Correct. That's how DNS works. You either a) need to expose the IP by using Cloudflare as DNS only, or b) setup a Cloudflare tunnel.

I've set up a tunnel, doesn't work.

All the clients also need to be connected to the tunnel, too...
https://community.cloudflare.com/t/would-i-be-able-to-use-cloudflare-tunnel-to-host-a-minecraft-server/383942

A full guide is available here: https://dacubeking.com/2024/02/28/Proxying-Minecraft

If you can't or don't want to tunnnel, and also don't want to expose the IP, you can pay for Spectrum.
https://community.cloudflare.com/t/its-possible-to-use-a-tunnel-to-open-a-minecraft-server/619949
https://www.cloudflare.com/application-services/products/cloudflare-spectrum/minecraft/

you need an SRV record as well as an A record pointing to your public IP

ive researched this quite a bit for my own servers, and the best free solutions ive found are:

1. SRV + A record; exposes your IP, which might be a security concern if you self-host
2. VPN/Proxy tunnel; requires clients on every player computer
3. VPN Tunnel to "free" VPS Server (SRV + A record to VPS server that exposes the VPS ip not your own); Oracle Cloud has a decent free tier, but they can and will reposess your server randomly

the safest and most secure would probably be option 2. VPN tunnel requires a port exposed, but a cloudflare tunnel (ex.) requires you to trust cloudflare with your data

the reality is, anything in the cloud can't really be free because a datacenter is expensive af

so any free proxy or VPS server or anything like that might skip out on you or steal anything and everything from you because they have to make money somehow

Can't you use Modflared for this

or is that what they are trying to do

They are on a free plan, the tunnel is paid

We already have a SRV and A record pointed there

And here, I see it pointing to the server’s private IP (good thing too or it’d have leaked your public ip). It needs to be your public ip

What 09creeperboy said above. The guides I linked in my last message have everything you need to get setup.

we are looking into the guilds we both changed our dns to cloudflare. Looking at modflared is that something for client side or user side