Skip to content
setup.md

Reverse Proxy

This tutorial covers how to proxy your Dynmap server behind Nginx with a free SSL certificate from Let’s Encrypt installed

Requirements

  • A Minecraft server with Dynmap configured
  • A VPS with atleast Ubuntu 22.04 deployed
  • A ZeroSSL account (Optional)
  • Root access to the aforementioned VPS

If you haven’t got access to the above, you should consult your service providers.

Caddy Deployment

Installation

First off, we need to install Caddy and add allow rules for both HTTP and HTTPS traffic to the UFW firewall.

...


sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install caddy
sudo ufw allow http
sudo ufw allow https


...

Generate ZeroSSL API Keys (Optional)

This step is optiona if you don’t want to use ZeroSSL as you’re provider. If you chose not to use ZeroSSL your certs will be deployed via LetsEncrypt however support for Google Trust Services can also be configured.

You can go to the ZeroSSL developer console and select ‘Generate’ under ‘EAB Credentials’.

Caddyfile Config

Below is an example configuration file. Edit it and save it as /etc/caddy/Caddyfile

...


# Define ACME credentials (Optional but required for ZeroSSL)
{
        acme_ca https://acme.zerossl.com/v2/DV90
        acme_eab {
                key_id <yourAPIkey>
                mac_key <yourMACkey>
        }
}


# Required for all deployments
map.mydomain.com {
        reverse_proxy http://<dynmapIP>:<dynmapPort>
}


...

To enable the site run the following command

Terminal window
...


caddy reload


...

If you get an error with formatting you should run the following command and then re-run the reload command.

Terminal window
...


sudo caddy fmt --overwrite


...

Testing Configuration

If you’re using ZeroSSL you should check you see a provisioned SSL certificate under you account dashboard, when you select ‘Certificates’ > ‘Issued’ it will be marked as a ‘Certificate’ and not ‘90-Day SSL’.

All users should be able to use https://map.mydomain.com, if you’re not using the ACME setup within