Hypixel.net is both their website and mc server adress.
Is it just that https is on port 443 and minecraft is on port 25565?
And if that is the case, can i do something similar by making a reverse proxy have two seperate server blocks for the one domain, with different ports?
Redirects.
If you try to connect to hypixel.net via port 443, it redirects you to the html page.
If you try to connect to play.hypixel.net via port 25565, it redirects you to the minecraft server.
The amount of confidently incorrect responses is exactly what one could expect from Lemmy.
First: TCP and UDP can listen on the same port, DNS is a great example of such. You’d generally need it to be part of the same process as ports are generally bound to the same process, but more on this later.
Second: Minecraft and website are both using TCP. TCP is part of layer 4, transport; whereas HTTP(S) / Minecraft are part of layer 7, application. If you really want to, you could cram HTTP(S) over UDP (technically, QUIC/HTTP3 does this), and if you absolutely want to, with updates to the protocol itself, and some server client edits you can cram Minecraft over UDP, too. People need to brush up on their OSI layers before making bold claims.
Third: The web server and the Minecraft server are not running on the same machine. For something that scale, both services are served from a cluster focused only on what they’re serving.
Finally: Hypixel use reverse proxy to sit between the user and their actual server. Specifically, they are most likely using Cloudflare Spectrum to proxy their traffic. User request reaches a point of presence, a reverse proxy service is listening on the applicable ports (443/25565) + protocol (HTTPS/Minecraft), and then depending on traffic type, and rules, the request gets routed to the actual server behind the scenes. There are speculations of them no longer using Cloudflare, but I don’t believe this is the case. If you dig their mc.hypixel.net domain, you get a bunch of direct assigned IP addresses, but if you tried to trace it from multiple locations, you’d all end up going through Cloudflare infrastructure. It is highly likely that they’re still leaning on Cloudflare for this service, with a BYOIP arrangement to reduce risk of DDOS addressed towards them overflow to other customers.
In no uncertain terms:
- Hypixel.net has Cloudflare DNS for their domain.
- For their website, it has orange cloud enabled to proxy traffic through CF’s global CDN and DDOS protection service.
- For their Minecraft server, they advertise
mc.hypixel.net
, but also have a SRV record for_minecraft._tcp.hypixel.net
set for 25565 onmc.hypixel.net
- The
mc.hypixel.net
domain has CNAME record formt.mc.production.hypixel.io.
which is flattened to a bunch of their own direct assigned IP addresses. - Traceroute towards those direct assigned IP addresses goes through Cloudflare infrastructure but final destination is obscured, just like their website, to protect them from DDOS attacks.
TCP and UDP can listen on the same port, DNS is a great example of such. You’d generally need it to be part of the same process as ports are generally bound to the same process
They don’t even need to be the same process. I’m pretty sure that’s just a common practice if something needs both protocols, but there’s nothing stopping you from having a web server on TCP 443 and a VPN server on UDP 443. Ports are an abstraction brought by each protocol, they aren’t in anyway related.
Some protocols, like ICMP, don’t have the concept of ports at all!
This person networks
looks at community I hope so?
Commercial IT’s overreliance on cloudflare will be the undoing of the internet.
Of the internet? Probably not. Of the independent internet? Maybe.
If all that is left is a shopping mall and propaganda, then as far as I am concerned, it would be dead.
Is it just that https is on port 443 and minecraft is on port 25565?
Yes
Good to know i was right, i will now carry this newfound confidence into every subject
Yes, and Minecraft is TCP not http
HTTP is TCP. And I’m pretty sure Minecraft uses UDP?
Oops you are right.
A quick search said mc uses tcp
Most games use UDP as the latency induced by TCP is unacceptable for games
Minecraft java, for some reason, doesnt
Minecraft is a building game where latency does not matter as much as in shooter games. For example, if your latency is 200 ms, you can play Minecraft smoothly, while in FPS games it is unacceptable 😉
Edit: In addition, the Minecraft server can use UDP protocol to serve the server status (but only for this purpose and it is not, nor has it ever been used by the game client). In the past, it was used to display the number of players on websites with server listings, but this can be considered deprecated now – today they use the same protocol as the game client.
HTTP/3 is UDP though.
QUIC? Yeah I know. Interesting system.
You are sort of right
TCP is on layer 4 of the OSI model. Http is layer 7 which runs on top of layer 4 (TCP)
In sort Minecraft and http are both tcp
TCP is the way that you send information, HTTP is what it means.
The difference, in your case, is the port. You
can’tCAN have TCP and UDP on the same port, but you can’t have the same protocol on the same port.edit: I didn’t knew you could have different transfer protocols on the same port, ty!
You can’t have TCP and UDP on the same port.
Why not? They are 2 completely separated set of ports. You can have a service listening on port 88 TCP while having another listening on port 88 UDP and they never know about each other.
You can’t have UDP and TCP on the same port? I don’t think that makes sense, I have DNS listening on UDP and TCP both on port 53.
For what
DNS
You have DNS listening on UDP and TCP… for DNS?
Iol, lol.
What’s there to laugh about? DNS protocol uses both ports: TCP for zone transfer and UDP for queries.
Yes I have a DNS service listening on both UDP and TCP to respond to DNS queries from clients using the standard DNS port; crazy me. 🤪
Minecraft can read a special DNS record type called SRV records. You can create a record like that to point Minecraft to a port that the server is running on. It doesn’t even have to have the same ip as the webserver.
This is for Namecheap, but the general principle applies everywhere: https://www.namecheap.com/support/knowledgebase/article.aspx/9765/2208/how-can-i-link-my-domain-name-to-a-minecraft-server/
Does Bedrock support SRV records yet? I honestly haven’t checked in a year or two, but I tried to use SRV records to host a survival game and creative game on different ports but found out it didn’t quite support them yet where as Java edition did.
DNS A record points to an IP destination. Ports are then handled by the requests for a specific port thing.
Example: A record for www.dududu.com points to IP 1.2.3.4, but different service ports are listening there to pick up different traffic.
Does that mean, to play minecraft on their server I would put “www.dududu.com” in my Minecraft client?
Host:Port
Thanks, that’s what i figured.
I got confused by so many game servers using seperate domains for the site and server, i assumed there was a good reason for that
Maybe most smaller ones have hosted both things separately, e.g… with a dedicated minecraft server hoster and a common website-building+hosting service, and don’t want to run an extra server for a proxy just for this.
With bigger servers (eg. Hypixel, 2b2t) or selfhosted servers (eg. mine), everything is on the same physical (or virtual) machine anyway and therefore everything has the same address, so you wouldn’t even need a proxy.
Nope. Just ports and an A Record.
Flexibility. Maybe they get a hosting package that includes domain registration and hosting, but they can’t put anything else under that name.
Don’t forget, you can also use SRV records to point a domain to another target, where you can also omit the port number. So connecting to server.org say, can point to mc.server.org:25565 under the hood.
This prolly isn’t what hypixel are doing as everything’s likely on the same network and their router/firewall is just forwarding traffic onto different machines, but SRV is one way to redirect a minecraft connection (and you could combine the technique with subdomains).
That suggested, it could be done with ports, or it could be done with separate servers.
Domain.com resolves to 1.2.3.4
www.domain.com resolves to 1.2.3.4:443
app.domain.com resolves to 1.2.3.4:5555
Games.domain.com resolves to 1.2.5.6
Mail.domaim.com resolves to 1.2.7.8
Portal.domain.com resolves to 1.2.9.10
Etc, etc.
You cannot specify ports in a DNS A or AAAA record. www.example.com cannot resolve to 1.2.3.4:443 and app.domain.com cannot resolve to 1.2.3.4:5555
If the application (be it a game or whatnot) supports it, SRV records can identify a port for a hostname. So, you could have minecraft1.domain.com and an SRV record to specify port 25565, and minecraft2.domain.com SRV 25566.
This means you can have multiple Minecraft servers with the same IP address, but you won’t need to give people the port numbers to remember; the hostname allows the game to look up the port via the SRV record.
This is great for selfhosters because we generally only get one IP (until they rollout IPv6; probably half the reason they don’t)
I didn’t say to specify a port in the DNS. I just said that it is a way that we can resolve a resource.
In the case of ports we’d configure it through whatever webserver (Apache, nginx, traefik, whatever) configs necessary on that machine. The DNS in this scenario would only be for the machines IP where our webserver then routes traffic to different ports.
I was accounting for both valid setups.
This is how I set up my reverse proxy and it works really well with wildcard SSL certs. Only need one certificate for as many sites as I want!
Or you can use something like caddy that will set up certs automatically using tls-alpn-01 challenge, so no need for dns challenge .
I haven’t tried caddy but I’ve heard good things. I’ve used nginx in the past. I’m currently using Traefik and have been for a few years now. Once it’s set up its pretty great.
Caddy can do both. If you’re using a wildcard already, stick with it. In fact, I’d say it’s more prudent to use wildcards (with DNS challenges) than http challenges.Then you aren’t listing all of your domains in letsencrypt’s public database for everyone to see. Nobody needs to know you’ve got a site called bulwarksdirtyunderpants.bulwark.ninja
deleted by creator