Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: A tool to self host game servers with a free static IP (playit.gg)
91 points by patricklorio 13 days ago | hide | past | favorite | 44 comments

My coworker's kid uses zerotier to maintain a private gaming network with static IPs for all their friends. Does your system have anything similar or is it just out in the open? Taking a cursory glance at your page it's hard to tell exactly what is being done. Looks cool though.

Just fyi, I've found Tailscale to be excellent for this purpose. I just created a new google account, for sharing with friends and family to log in to tailscale, and it's completely free. A relay on my Raspberry pi allow me to expose select devices to those connected to my tailscale.

Easy, magical NAT traversal.

- https://tailscale.com/blog/how-nat-traversal-works/

Edit: Oh wow. I just ran into innernet. Looks like a self-hosted FOSS alternative to tailscale, and also cool blog

- https://blog.tonari.no/introducing-innernet

You actually don't need to share your account with friends and family to share access with Tailscale. You can share devices instead: https://tailscale.com/kb/1084/sharing/. (I believe the doc is out of date and that this is now a production feature.)

I use this for sharing a media server with family and friends and it works great!

Looks like innernet relies on third party "Nebula" from "Slack Technologies" (commercialised IRC) which uses

Perhaps the definition of "self-hosted" varies from person to person. The definition I subscribe to for "self-hosted" peer-to-peer is that I have to supply the publicly reachable IP address and run a supernode on it. (I prefer supernodes that only provide IP:port information for peers to directly connect and do not pass any traffic once the peers are connected.) Many of the so-called "peer-to-peer" projects I see today provide the IP address of a server run by a third party as part of their default configuration, with the option that a user could run their own server on their own IP address. (How many users do that.) Under the definition I subscribe to, nothing is for "free". I have to pay for the publicly reachable IP address and run the supernode from that address. Under another person's definition of "self-hosted", a third party might be hosting a necessary server. If they stop providing that service, the "self-hosted" solution no longer works.

Your understanding of how Nebula works is incorrect.

If you checked Nebula's readme you'd see the following:

> Nebula lighthouses allow nodes to find each other, anywhere in the world. A lighthouse is the only node in a Nebula network whose IP should not change. Running a lighthouse requires very few compute resources, and you can easily use the least expensive option from a cloud hosting provider. If you're not sure which provider to use, a number of us have used $5/mo DigitalOcean droplets as lighthouses.

Beyond that, innernet does not run on nebula.

Alright, I looked throught the code. Suprisingly there is no default configuration that includes a third-party-operated resource.


This puts Nebula in a relatively small group of what I would call true self-hosted overlay networks (by the definition of "self-hosted" I subscribe to). Kudos for that.

What drew my attention was the remote IP address in


No idea why that is there.

Anyway, while I would not necessarily choose to run Nebula myself (I prefer smaller overlay networks, for example), it is certainly an exception to the pattern I see in so many other "self-hosted" peer-to-peer projects. I apologise if the comment I submitted implied otherwise.

Note I never suggested innernet "runs on Nebula". The words I used were "innernet relies on Nebula." Of course, that, too, is incorrect. The blog post was just comparing innernet to Nebula. My bad! I am just too cynical about peer-to-peer projects since so many fall into the same patterns I dislike; hence I skimmed where I should have read more closely.

> No idea why that is there.

That's a test file.

Similar critique would, however, be somewhat accurate for Tailscale.

This system is a little simpler, it creates a public endpoint that will tunnel traffic to the game server over the playit program. So when the program and game server are running, anyone can connect to the server through the public address.

It has the advantage that only the server needs to run a program. It also does a few tricks like mapping each client's public IP to a LAN IP like so ip banning / whitelisting still works in game.

Gotcha, nice work

Does this also work for consoles or just pcs?

At the moment the program only run on PCs, however a few users have figured out how to run it on mobile. But that's just for the server, the server that is tunneled can be connected to by anything. We have a few users hosting Minecraft Bedrock servers that are being connected to by mobile and consoles.

How are people tunneling their console over the zerotier vpn? I assume this requires zerotier to be installed on the gateway, which is a bit beyond most users sadly :(

I tunneled my switch through a VPN by entering it in the switch's proxy settings. That wasn't especially challenging.

It does mean you can unlock predownloaded time-gated games about 18 hours early, though.

> a few users have figured out how to run it on mobile

Mobile hotspot//USB tether forwarding your VPN.

Oh, I was speaking for playit.gg, not sure about zerotier. I misread the comment thread.

If anyone is interested, you can setup your own tunnel sever like this with FRP.

Plus its open source


Looks like this uses https://github.com/cloudflare/boringtun, a userspace implementation of Wireguard written in Rust, and (I'm guessing) user IP:port is sent to third party at api.playit.gg.

Version 3 did, however I was needing to manage the TCP IP stack in application. I tried using and patching smoltcp, then made things more stable by linking to gvisor (a go project) but users were still having performance issues. Ended up launching v4 which uses the http2 protocol under the hood.

The users we have vary quite drastically in terms of their network access and computer hardware.

Looks convenient. I assume multiple servers share the same IP(s) on different non-default ports? I don’t see any info on how this works on the site.

I can’t imagine providing a free unique static IPv4 for 4000+ active servers would be a sustainable business model. IPv6 of course would be fine, if residential ISPs ever leave the Stone Age. (Looking at you, Bell Canada)

Yes, I'm assigning a random port to each tunnel. I have been considering purchasing an IP space to offer a premium version but it's hard to make the numbers work at my current scale.

Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.

Careful with this, as some Java versions on some Linux distributions (such as Java 11 on Ubuntu/Arch) does not work


> Minecraft is quite nice as it supports SRV records

Oh that's nifty!

i had a similar use case for sharing my plex media server. i am behind a cgnat so dont have a fixed IP address nor can I port-forward if I wanted to. the solution I came up with, involves zerotier and a cheap vps qith a static ip (required as I cant setup zerotier everywhere (apple tvs, chromecasts, iphones, etc.) the vps acts as a relay to the private zerotier network (single address only, the plex server) which allows anyone i have shared my plex server with to access without any setup.

a script to set it all up (debian 8): https://gist.github.com/scktt/b586dd4bf5a19be91a978c6b2abb59...

I'd look at using an SSH reverse tunnel. If you can connect from the plex-server to a server hosted on EC2, Linode, DigitalOcean, etc, you could expose the service from that.

Something like:

       ssh -f -N -T -R 8080:localhost:80 user@external.example 
Now access to your remote host on port 8080 will be mapped back to your home machine, behind the NAT. You could install nginx as a proxy for it, etc.

There's also good ol' (newish?) WireGuard on a relay VPS. But I understand how it'd be another extra step that could get in the way for someone unfamiliar with the tech.

For people who want to use WireGuard to receive a clean IPv4 and IPv6 public address (no blacklist and good reputation), you can check out https://hoppy.network

All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.

This looks awesome. I recently moved and had to get a new ISP and router and I gave up trying to get my home server working because the router firmware is so bugged out that port forwarding doesn’t work.

WireGuard is terrible. ZeroTier is so much better.

Would you mind expanding on this? How do wireguard and zerotier compare to each other?

A bit late of a reply, but, to me, wireguard is more of a catchall solution, where as zerotier focuses on one job, accessing internal services externally.

Zerotier seems like a fine tool, but I feel like learning how to use wireguard has more opportunity to come in handy later. Not to mention how wireguard is a part of the kernel now, which makes things a bit more convenient as well.

This seems to create long-running tunnel sessions, doesn't it? If so, that seems to me to potentially create load that's too great for the service to be free.

That is correct. It's been difficult, I've had to rebuild the entire system 4 times finding new optimizations here and there. I'm at break even cost wise from people purchasing custom domains for $1/month, or $6/year.

The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.

I thought that virtual hosts for TCP would be an interesting feature to have to support multiple services on a single port. I remember reading about this years back: http://www.litech.org/~brian/tcphosts/paper.html

A better solution would be to have each service on its own IP address and to do away with ports entirely. Ports are a hack to deal with limited IP addresses.

How can I self host this for an arbitrary game TCP port? I'd be happy to pay for a "limited feature" edition (don't need source either) that will:

- let me self host with binaries, public IP server on Linux, private IP server on Windows

- map IPs so that the gameserver running on Windows can issue IP bans

- I don't need hostname-picking or unique ports

If you download and run the program it will launch the web browser to https://playit.gg/manage. On that page you should be able to add a Custom TCP tunnel. I don't quite follow the features you're looking for but I think the custom TCP tunnel should cover a good bit.

As for banning IPs, public IPs are mapped to local IPs (for example so in game banning should work. I have thought about creating a premium tier that lets you add firewall rules to the edge (our tunnel servers) so the traffic you filter never gets tunneled to you.

Is it possible to self host it? I don't mind paying for a premium tier that lets me self host/configure; I don't mind if it isn't open source, but I have a need to host something like this for players in APAC region and also be able to select my own ports.

It looks like there's a tunnel app... could I use it to tunnel other stuff if I got creative? I'm behind CGNAT with Starlink on one of my connections, and I wouldn't mind a freebie tunnel to, say, a webserver in there...

Have you tried ngrok? https://ngrok.com

+1 for ngrok, totally worth the $80 a year (or whatever it is I shell out).

Yes, you're free to tunnel whatever you like with the custom TCP and UDP tunnels. We have users tunneling their SSH and FTP servers and all sorts of things. Though if the bandwidth starts disrupting game severs, I may need to reconsider :).

If this doesn't work out for your needs, I've had good results using Cloudflare Argo Tunnel so far.

Awesome work!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact