Complete Guide: Setting Up Minecraft Server with Pangolin

This guide will walk you through setting up a self-hosted Minecraft server using Crafty Controller and exposing it securely to the internet using Pangolin tunneling solution.

Table of Contents

1. Prerequisites

2. Part 1: Server Preparation

3. Part 2: Crafty Controller Setup

4. Part 3: Creating the Minecraft Server

5. Part 4: Pangolin Installation

6. Part 5: Newt Tunnel Configuration

7. Part 6: Exposing Services via Pangolin

8. Part 7: Testing and Connection

9. Part 8: Advanced Configuration (Optional)

10. Troubleshooting

Prerequisites

Before starting, ensure you have:

• Server/VPS: A Linux server or virtual machine (Ubuntu/Debian recommended)

• Docker and Docker Compose: Installed on your server

• Domain Name: A registered domain pointed to your server (e.g., from Namecheap, Cloudflare, etc.)

• Open Ports: The following ports must be open on your server and firewall:

  • TCP: 80, 443 (for web traffic)

  • UDP: 51820, 21820 (for Pangolin tunneling)

  • TCP: 25565 (for Minecraft)

• Pangolin Account: Sign up at pangolin.io

• Minecraft Java Edition: For testing the server

Part 1: Server Preparation

Step 1: Connect to Your Server

ssh user@your-server-ip

Step 2: Install Docker (if not already installed)

# Update package list
sudo apt update

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Add your user to docker group
sudo usermod -aG docker $USER

# Log out and back in for group changes to take effect
exit
ssh user@your-server-ip

Step 3: Install Docker Compose

# Download Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# Make it executable
sudo chmod +x /usr/local/bin/docker-compose

# Verify installation
docker-compose --version

Step 4: Create Project Directory

mkdir minecraft-pangolin
cd minecraft-pangolin

Part 2: Crafty Controller Setup

Step 1: Create Docker Compose File for Crafty

nano docker-compose.yml

Step 2: Add Crafty Configuration

Copy and paste this configuration:

services:
  crafty_container:
    container_name: crafty_container
    image: registry.gitlab.com/crafty-controller/crafty-4:latest
    restart: unless-stopped
    environment:
      - TZ=Etc/UTC
    ports:
      - "8443:8443"  # HTTPS Web UI
      - "8123:8123"  # HTTP Web UI
      - "19132:19132/udp"  # Bedrock
      - "25565-25600:25565-25600"  # Java
      - "8000:8000"  # Dynmap plugin
    volumes:
      - ./docker/backups:/crafty/backups
      - ./docker/logs:/crafty/logs
      - ./docker/servers:/crafty/servers
      - ./docker/config:/crafty/app/config
      - ./docker/import:/crafty/import

Step 3: Create Required Directories

mkdir -p docker/{backups,logs,servers,config,import}

Step 4: Start Crafty Container

docker compose up -d

Step 5: Get Default Credentials

# Wait a moment for the container to initialize
sleep 10

# Find the default credentials
cat docker/config/default-creds.txt

Save these credentials - you’ll need them to log in!

Step 6: Access Crafty Web UI

Open your browser and navigate to:

https://your-server-ip:8443

Note: You’ll see a security warning because of the self-signed certificate. It’s safe to proceed.

Step 7: Log In to Crafty

Use the credentials from Step 5 to log in.

Part 3: Creating the Minecraft Server

Step 1: Navigate to Servers

In the Crafty dashboard, click on “Servers” in the left menu.

Step 2: Create New Server

Click “Create New Server” button.

Step 3: Configure Server Settings

• Server Type: Minecraft Java

• Server Version: Select latest stable (e.g., 1.20.4)

• Server Name: MC Demo (or your preferred name)

• Memory:

  • Minimum: 2000 MB

  • Maximum: 4000 MB (adjust based on your server’s RAM)

• Server Port: 25565 (default)

Click “Build Server”

Step 4: Start the Server

1. Click on your newly created server

2. Click the “Start” button

3. Accept the Minecraft EULA when prompted

4. Click OK on the port forwarding notification

5. Wait for the server to fully initialize (watch the console for “Done” message)

Part 4: Pangolin Installation

Step 1: Install Pangolin Base

Create a new terminal session and run:

cd ~
mkdir pangolin
cd pangolin

# Download and run the Pangolin installer
curl -fsSL https://get.pangolin.io | bash

Step 2: Configure Pangolin Installation

Follow the installer prompts:

1. Choose Docker as the container type

2. Enter your base domain (e.g., example.com)

3. Enter dashboard subdomain (e.g., pangolin.example.com)

4. Enter email for Let’s Encrypt certificates

5. Configure email settings (optional, can skip)

6. Choose to install Gerbil (recommended: yes)

Step 3: Verify Pangolin Installation

docker ps

You should see containers for:

• pangolin

• gerbil

• traefik

Part 5: Newt Tunnel Configuration

Step 1: Access Pangolin Dashboard

Navigate to your Pangolin dashboard:

https://pangolin.your-domain.com

Step 2: Create Organization

If first time:

1. Click “Create Organization”

2. Enter organization name (e.g., “Lab”)

3. Click “Create”

Step 3: Create Site

1. Go to “Sites” tab

2. Click “Add Site”

3. Enter site name (e.g., “Minecraft-Server”)

4. Click “Create Site”

5. Copy the generated newt command

Step 4: Add Newt to Docker Compose

Go back to your minecraft-pangolin directory:

cd ~/minecraft-pangolin
nano docker-compose.yml

Add the newt service to your existing docker-compose.yml:

  newt:
    image: ghcr.io/fosrl/newt:latest
    container_name: newt
    restart: unless-stopped
    command: [
      "tunnel",
      "--remote", "https://pangolin.your-domain.com",
      "--token", "YOUR_TOKEN_HERE",
      "--site-id", "YOUR_SITE_ID_HERE"
    ]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - default

Important: Replace YOUR_TOKEN_HERE and YOUR_SITE_ID_HERE with values from the copied newt command.

Step 5: Connect to Pangolin Network

Add this to the bottom of your docker-compose.yml:

networks:
  default:
    external:
      name: pangolin

Step 6: Restart Services

docker compose down
docker compose up -d

Step 7: Verify Newt Connection

docker logs newt

You should see “Successfully connected to Pangolin endpoint” message.

Part 6: Exposing Services via Pangolin

Step 1: Expose Crafty Web UI

In the Pangolin dashboard:

1. Go to “Resources” tab

2. Click “Add Resource”

3. Configure HTTP resource:

   • Name: crafty

   • Type: HTTP Resource (toggle ON)

   • Subdomain: crafty

   • Site: Select your site (e.g., “Minecraft-Server”)

4. Click “Create Resource”

Step 2: Configure Crafty Target

1. In the resource settings page

2. Under “Target Configuration”, add target:

   • Method: https

   • IP/Hostname: crafty_container

   • Port: 8443

3. Click “Save Targets”

Your Crafty UI is now accessible at: https://crafty.your-org.pangolin.io

Step 3: Expose Minecraft Server Port

1. Click “Add Resource” again

2. Configure TCP resource:

   • Name: Minecraft

   • Type: HTTP Resource (toggle OFF)

   • Protocol: TCP

   • Port Number: 25565

   • Site: Select your site

3. Click “Create Resource”

Step 4: Update Firewall Rules

For AWS EC2:

1. Go to EC2 Dashboard → Security Groups

2. Select your instance’s security group

3. Add inbound rule:

   • Type: Custom TCP

   • Port: 25565

   • Source: 0.0.0.0/0

For other providers:

# Using ufw (Ubuntu/Debian)
sudo ufw allow 25565/tcp
sudo ufw reload

# Using firewalld (CentOS/RHEL)
sudo firewall-cmd --permanent --add-port=25565/tcp
sudo firewall-cmd --reload

Step 5: Configure Traefik Entrypoints

Edit the Traefik configuration to add the Minecraft port:

cd ~/pangolin
nano config/traefik/traefik_config.yml

Add the TCP entrypoint for Minecraft (add this to the existing entryPoints section):

entryPoints:
  http:
    address: ":80"
    # ... existing config
  https:
    address: ":443"
    # ... existing config
  minecraft:  # Add this new entrypoint
    address: ":25565/tcp"

Step 6: Configure Port Mapping

Edit the main Pangolin docker-compose file:

nano docker-compose.yml

Add port mapping to the gerbil service:

  gerbil:
    ports:
      - 51820:51820/udp
      - 21820:21820/udp
      - 443:443
      - 80:80
      - 25565:25565  # Add this line

Step 7: Restart Pangolin Stack

docker compose down
docker compose up -d

Step 8: Configure Minecraft Target in Pangolin

Back in Pangolin dashboard, in your Minecraft resource settings:

1. Under “Target Configuration”, add target:

   • IP/Hostname: crafty_container

   • Port: 25565

2. Click “Save Targets”

Important Note: If the TCP resource creation shows you need to add entrypoints, make sure you’ve completed Step 5 (Traefik entrypoints configuration) and restarted the stack.

Part 7: Testing and Connection

Step 1: Get Your Server Address

Your Minecraft server address will be:

your-org.pangolin.io:25565

Step 2: Test with Minecraft Client

1. Open Minecraft Java Edition

2. Click “Multiplayer”

3. Click “Add Server”

4. Enter server details:

   • Server Name: Pangolin Server

   • Server Address: your-org.pangolin.io:25565

5. Click “Done”

Step 3: Connect to Server

1. Select your server from the list

2. Click “Join Server”

3. You should successfully connect!

Step 4: Verify in Crafty

Check the Crafty console - you should see your player joining the server.

Part 8: Advanced Configuration (Optional)

Complete Traefik Configuration Example

Here’s what a complete traefik_config.yml should look like with all entrypoints:

# config/traefik/traefik_config.yml
api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
  
  https:
    address: ":443"
    http:
      tls:
        certResolver: letsencrypt
  
  # Minecraft Java server ports
  minecraft:
    address: ":25565/tcp"
  
  # Additional server ports (if needed)
  minecraft2:
    address: ":25566/tcp"
  
  # Bedrock edition (if needed)
  bedrock:
    address: ":19132/udp"
  
  # Voice chat plugin (if needed)
  voicechat:
    address: ":24454/udp"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: "/etc/traefik/dynamic"
    watch: true
  http:
    endpoint: "http://pangolin:3001/api/v1/traefik-config"
    pollInterval: "5s"

certificatesResolvers:
  letsencrypt:
    acme:
      email: your-email@example.com
      storage: /letsencrypt/acme.json
      httpChallenge:
        entryPoint: http

Proxy Protocol Configuration

Note: Proxy Protocol is only supported by Minecraft Java Edition and requires additional configuration. Most users won’t need this unless they’re running multiple servers or need to preserve client IP addresses.

If you need to enable Proxy Protocol:

1. Edit Traefik configuration:

cd ~/pangolin
nano config/traefik/dynamic_config.yml

2. Add TCP service with Proxy Protocol:

tcp:
  routers:
    minecraft:
      rule: "HostSNI(`*`)"
      entryPoints:
        - "minecraft"
      service: "minecraft-service"
  
  services:
    minecraft-service:
      loadBalancer:
        servers:
          - address: "crafty_container:25565"
        proxyProtocol:
          version: 1

3. Enable Proxy Protocol in your Minecraft server:

   • For Velocity proxy: Set proxy-protocol = true in velocity.toml

   • For BungeeCord: Add proxy_protocol: true to config.yml

   • For Paper/Spigot: Requires additional plugins

Multiple Server Ports

To expose additional Minecraft servers:

1. Add entrypoints in Traefik configuration:

# config/traefik/traefik_config.yml
entryPoints:
  minecraft:
    address: ":25565/tcp"
  minecraft2:
    address: ":25566/tcp"
  minecraft3:
    address: ":25567/tcp"
  # Add more as needed

2. Add ports to the gerbil service in docker-compose.yml:

gerbil:
  ports:
    - 25565:25565
    - 25566:25566
    - 25567:25567

3. In Crafty, create servers on different ports (25566, 25567, etc.)

4. Create separate TCP resources in Pangolin for each port

5. Configure targets for each resource

Voice Chat Support

For plugins like Simple Voice Chat:

1. Add UDP port mapping to gerbil service in docker-compose.yml:

gerbil:
  ports:
    - 24454:24454/udp

2. Add UDP entrypoint in Traefik configuration:

# config/traefik/traefik_config.yml
entryPoints:
  udp-24454:
    address: ":24454/udp"

3. In Pangolin config, enable raw resources:

# config/config.yml
flags:
  allow_raw_resources: true

4. Restart the stack for changes to take effect:

docker compose down
docker compose up -d

Troubleshooting

Container Won’t Start

# Check logs
docker logs crafty_container
docker logs newt

# Verify network exists
docker network ls | grep pangolin

Can’t Connect to Minecraft Server

1. Verify port is open:

netstat -tuln | grep 25565

2. Check Docker port mapping:

docker port crafty_container

3. Test connection locally:

telnet localhost 25565

SSL Certificate Issues

# Check Traefik logs
docker logs traefik

# Verify DNS records
nslookup your-domain.com

Player IP Shows as Proxy

This is expected behavior without Proxy Protocol. The server will see connections coming from the proxy IP. Only Minecraft Java Edition supports Proxy Protocol for preserving client IPs.

Performance Issues

1. Increase Docker memory limits

2. Optimize JVM flags in Crafty server settings

3. Monitor resource usage:

docker stats

Security Recommendations

1. Change Default Passwords: Always change Crafty’s default admin password

2. Firewall Rules: Only open required ports

3. Regular Updates: Keep Docker images updated

4. Backups: Enable automatic backups in Crafty

5. Resource Limits: Set appropriate memory/CPU limits in Docker

6. Access Control: Use Pangolin’s authentication features for the web UI

Conclusion

You now have a fully functional Minecraft server accessible through Pangolin’s secure tunneling system! Your server is protected behind Pangolin’s proxy, and both the game server and management interface are accessible through your custom domain.

Remember that standard TCP mode will show all players connecting from the proxy IP address. This is normal and doesn’t affect gameplay. Proxy Protocol support requires additional configuration and is only available for Java Edition servers.