How to Set Up a FiveM Reverse Proxy for DDoS Protection with Cloudflare

Setting up a reverse proxy for your FiveM server can help protect it from DDoS attacks and improve security. This guide will walk you through setting up a reverse proxy using Nginx and integrating it with Cloudflare.

Requirements

  • Nginx 1.17+ (1.16 absolute minimum, guide tested on 1.17)
  • A server with reasonable network bandwidth (500mbps uplink strongly suggested)
  • FXServer version 2377 or later
  • SSL certificate for the domain you're using (highly recommended)
  • Cloudflare account
  • Another VPS running Ubuntu 22.04

Step 1: Prerequisites Setup

Some older Linux distributions do not have the required version of Nginx packaged. You can install the latest via the official Nginx repositories. More information can be found here.

Step 2: Nginx Configuration

Below is an example configuration of implementing a combined proxy for both cache and the game server itself. Place this file inside /etc/nginx/sites-available and use it like any other website.

upstream backend {
    server your.fivem.server.ip:30120;
}

proxy_cache_path /srv/cache levels=1:2 keys_zone=assets:48m max_size=20g inactive=2h;

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name yourhost.yourdomain.com;

    # SSL is highly encouraged but optional. If not using SSL, comment the below and change the listen blocks above.
    ssl_certificate /path/to/certificate.pem;
    ssl_certificate_key /path/to/privkey.pem;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass_request_headers on;
        proxy_http_version 1.1;
        proxy_pass http://backend;
    }

    # if you do not wish to use the caching proxy, remove the below block
    location /files/ {
        proxy_pass http://backend$request_uri;
        add_header X-Cache-Status $upstream_cache_status;
        proxy_cache_lock on;
        proxy_cache assets;
        proxy_cache_valid 1y;
        proxy_cache_key $request_uri$is_args$args;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 1;
    }
}

Next, place the following file outside this directory (i.e., in /etc/nginx):

stream {
    upstream backend{
        server your.fivem.server.ip:30120;
    }
    server {
        listen 30120;
        proxy_pass backend;
    }
    server {
        listen 30120 udp reuseport;
        proxy_pass backend;
    }
}

In your nginx.conf, add the following within the http {} block, preserving everything else:

proxy_cache_path /srv/cache levels=1:2 keys_zone=assets:48m max_size=20g inactive=2h;

And add the following after the close of your http {} block:

include /etc/nginx/stream-proxy.conf;

Use service nginx reload (varies by distribution) to apply your changes. You need to do the FXServer steps next before it will be usable.

Step 3: FXServer Config

This configuration is straightforward. Add the following to your server.cfg and restart the server:

sv_forceIndirectListing true
sv_listingHostOverride yourhost.yourdomain.com
sv_listingIpOverride "your.proxy.ip.address"
sv_proxyIPPranges "your.proxy.ip.address/32"

# below is optional if you are not using the caching proxy
adhesive_cdnKey "randomKeyHere"
fileserver_add ".*" "https://yourhost.yourdomain.com/files"

Step 4: Testing

First, test your setup by trying to browse to https://yourhost.yourdomain.com/info.json. If you can see your server's information page, good job! If not, review logs for troubleshooting steps and check your configuration.

Next, attempt to connect to the server via the server list. If the connection succeeds, you've successfully set up the server.

You can also connect to your server by using connect "https://yourhost.yourdomain.com", similar to using the cfx.re proxy you get with Nucleus.

Step 5: Cloudflare Configuration

Log in to your Cloudflare account and add your domain. Set up DNS records to point to your Nginx server's IP address. Enable the proxy status to ensure traffic goes through Cloudflare's network, providing an extra layer of DDoS protection.

Troubleshooting

HTTP errors: Review Nginx logs (example, in /var/log/nginx/error.log) for clues. Double-check your upstream {} entries as well.

"Failed to getinfo after 3 attempts": This error is caused by your client not receiving UDP packets from the proxy. Review upstream settings to ensure you're actually passing these to the server. For this issue, you may have to use Wireshark/tcpdump to trace where the packets get lost. Occasionally, the proxy server's host may be to blame.

"Failed to connect after 3 attempts": Check your Nginx version with nginx -t. This guide has been tested with 1.17.10 specifically, but any meeting the requirements above should work.

Conclusion

By following this guide, you've set up a reverse proxy for your FiveM server using Nginx and integrated it with Cloudflare to provide additional DDoS protection. Regularly monitor your server and update your configurations as necessary to maintain optimal performance and security.

Esta resposta lhe foi útil? 0 Usuários acharam útil (0 Votos)

Os Mais Populares

How To Add Vehicles To Fivem Server

How to add vehicles to a fivem server    Overview & Purpose The purpose of this article...
How To Port Forward Your Fivem Server

How to setup the Windows firewall for FiveM First, log into your GoodLeaf Vps using remote...
How To Install A Mlo

Download a YMAP/MLO you would like from a website like gta5 mod you can get link to gta5 mods...
How To Grow/Promote Your Fivem Server

Create a Website or Forum Having a website or forum dedicated to your FiveM server is a...
How To Host A Fivem Server

Go to the Windows server build listing ('artifacts' listing, as in 'build artifacts')....