# # How to protect your FiveM server (Linux)

So first of all, hello and welcome.

You might be aware that there's a ton of ways to correctly protect your GTA RolePlay server against threats. But what's a good protection?

**First** from a connection standpoint. Whether you use a [*DDoS*](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/) protection (like [Cloudflare](https://cloudflare.com)), a robust [*firewall*](https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html) or pretty much anything related to *"how players connect to your server"* can help more or less to protect your server.

*<mark>I want to say that this article won't talk about any anti-cheat script or anything in-game related. Simply because, it's not my expertise area.</mark>*

But today, I want to show you a way of protecting your instance that you've never seen before, it's not only simple to do, it's also **free**. Sounds exciting huh?

*Well, let's dig in!*

## 1\. Understanding the basics

To help you better understand how to correctly protect your server, you first need to know, **why should you protect your server?**

It might seem stupid to ask this question in the first place, but hey, it's never a good idea to stay in the dark.

So, the reason you **need** to protect your server, is actually two reasons :

* **Protect** against **security breaches** (file steal or data steal)
    
* **Protect** against **DDoS attacks** (stopping your player from connecting)
    

[FiveM](https://fivem.net) is known for it's *"one of a kind"* community. As you may know, people on this platform aren't known for being particularly nice and welcoming.

That's why you absolutely **need** to protect your server. Not only is it important for you, to avoid losing players because they can't connect to your server. But also for **your** community, because if they know that whenever they come on your server, they only have 10 minutes of playtime before the server closes. They won't come back. And we don't want that, do we?

Know that you are aware of the reasons for protecting your server, let's get into the step-by-step guide I made.

## 2\. Prerequisites

For this tutorial you need a bit of preparation.

First be sure to have everything listed under here :

* **A Cloudflare** account (if you don't know how to create your account [click here](https://viorise.com/how-to-create-your-cloudflare-account))
    
* **A domain name** routed to **Cloudflare's Network** (if you don't know what I'm talking about [click here](https://viorise.com/how-to-get-my-domain-on-cloudflare))
    
* A FiveM server running on a VPS
    
* A remote SSH connection to your VPS (root is better but will work as a sub-user)
    
* Your FiveM server's **IP and PORT** (usually something like: *100.100.100.100:30120*)
    

I know that I might be disappointing some people by saying that this tutorial **<mark>only works for FiveM servers running on a VPS.</mark>** This means that if you're running your server on a game server like ZAP-Hosting or a similar service, this setup won't apply.

But be reassured to know that most game servers, are already secured by the provider, so you shouldn't be under too much of a threat. If you still do you might want to look into a [manual setup of your server on a vps](https://viorise.com/how-to-start-a-fivem-server-on-a-vps).

Now that you have everything set up, let's continue.

## 3\. Create a reverse proxy

First and foremost, what is a reverse proxy? Compared to a normal proxy, a reverse proxy is used to redirect all the traffic to a specific target. You can see it like a funnel.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709646464028/3c4f1ed2-e8d1-44b8-8e9d-e83e42d674a0.png align="center")

But, what's the point of having one? Well the main point of having a reverse proxy, will be to hide your server's IP from players. This way you can be sure to only let players connect to your server and nothing else.

If you use Cloudflare, you can also redirect players connection to the closest server. Sort of like a VPN. Thus improving their connection reliability and even speed in some cases.

## 4\. Configuration and installation of your Cloudflare tunnel

Go to your Cloudflare [dashboard](https://dash.cloudflare.com), once logged in and once you have a registered domain click on the **Zero Trust** tab in the left-hand menu :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709646925576/5149f205-8450-4156-9e17-c9c1c9bc684c.jpeg align="center")

From there it will take you to a new page : [<mark>one.dash.cloudflare.com</mark>](https://one.dash.cloudflare.com) From there you simply need to go to the "Tunnels" section which is located under the "Networks" section.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709647194075/3396d681-2b9c-4252-81a6-10aaa4f31015.png align="center")

On this new page, you shouldn't see the 2 rows like me, but you should see a big box that says create a new tunnel. Either way, click on the blue button labeled "Create a tunnel" at the top left.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709647472655/7fe85778-6c81-4e23-9e35-2e77b8e6fb77.jpeg align="center")

Once you clicked it should get you to this page :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709795734491/a51fa0f0-2abd-410a-b7b4-3c815e13de3e.png align="center")

Here you want to select "**Cloudflared**" and continue.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709795777494/aceac530-a8c5-4c9e-9ba8-2b1b1375a442.png align="center")

Name your tunnel the way you want, it's just for your reference. And click "Save tunnel".

Now we are going to let that sit a few minutes, to switch on the VPS and make some installation and checks.

Connect to your VPS terminal by an SSH connection, and type :

```markdown
> byobu -v
```

This is to check if you have byobu installed on your VPS, if it doesn't return this or something along the lines of it :

```markdown
> byobu -v
byobu version 5.133
tmux 3.2a
```

It means byobu wasn't installed. To do so, just execute those two commands :

```markdown
> sudo apt-get update
> sudo apt-get install byobu
```

This will install it. Byobu is a screen manager, you will understand a bit later why you need it.

Once byobu is installed correctly, you need to check if you have docker installed. Same step. First check if you have it by checking it's version :

```markdown
> docker -v
Docker version 25.0.3, build 4debf41
```

Now if you don't have it, you can quickly follow [this guide](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04) to install Docker.

Once you are all done with the installation, it's time to run your first docker container for your reverse proxy!

Go back to your [Cloudflare dashboard](https://one.dash.cloudflare.com) and there select the docker icon :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709796749835/6cd0bdaa-ba0e-46ef-8682-5a7576559070.png align="center")

Now before running this new cloudflare tunnel, we first need to start a screen. This will ensure that even if you leave your SSH connection the process will keep on going.

So to do that, just type :

```markdown
> sudo byobu
```

This will open up a quite different terminal inside your terminal :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709796886571/413c6a1a-2611-460e-afd9-79962f4f0805.png align="center")

With this kind of stuff at the bottom of your terminal. If it's the first time you open it, you will have a fresh new screen but if you have for some reason already a process going on it, you have to press `F2` to create a new screen. (You can toggle between the different screens with `F3 / F4`)

In this new screen you can now copy/paste the command line cloudflare gives you in the dashboard :

*\*Be sure to keep a copy of this command somewhere it might be useful for you.*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709797143098/4ed6b5e9-844e-4894-b4e2-2177cf2c7b28.jpeg align="center")

You should see a bunch of stuff getting displayed but don't worry that's all normal. Once done, go back to your dashboard, and you should see a new connector :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709798383537/4663e7fe-fb9e-492b-91da-af5a4d6120f3.jpeg align="center")

Once you see it, just hit "Next" at the bottom right.

On the next page you have to type everything related to your server :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709797314201/3d8509dc-33e5-4028-87b7-d66fb9771571.png align="center")

So for example you could type in those information :

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709797477443/3bd5df17-84ce-41bf-9f9c-9b74d7c9c4d3.png align="center")

The really important parts of this configuration, is that you choose a simple subdomain so your players can remember it, and that you specify in the "**URL**" part your server's actual IP and PORT.

Once you are done with that you can skip the additional application settings and click on "Save tunnel".

**And voilà!** Your FiveM server is now behind a proxy!

The only last thing to do is add those settings in your `server.cfg` and restart your FiveM instance and your server should be accessible by the URL :

```bash
## Proxy settings
sv_forceIndirectListing true
sv_listingHostOverride play.viorise.com
sv_listingIpOverride "play.viorise.com"
```

*Change those 2 (sv\_listingHostOverride and sv\_listingIpOverride) values to your actual domain name and subdomain.*

<mark>Be sure to clear your FiveM's cache before reconnecting, because it will be saved to your old settings and might not connect directly.</mark>

You can now tell your players they can use the `connect "https://play.viorise.com"` command in their console, without risking to leak your server's IP!

# 5\. Tests and checks

Now that your server is all protected to be sure that you're all good to go. You can do those tests :

## 5.1. The DNS lookup

Kind of a barbarian name to just say: *"See what's behind a domain name"*

To do that just go to this [website](https://mxtoolbox.com/DnsLookup.aspx) and type in your domain (e.g. play.viorise.com)

There you can check if you see the IP of your VPS anywhere, and if you did everything correctly you should only see IPs from Cloudflare's network.

## 5.2. The ping

From your computer, open a command prompt. In it just type :

```markdown
> ping https://play.viorise.com
```

You should see a bunch of IPs getting listed periodically, also check if any of them is the one of your VPS, and if you don't see any, then you're good to go!

## 5.3. The final test

To be absolutely sure your server is fine, and your server's configuration is right. In your browser, just type \*your.server-domain.com/\****info.json*** if you see a black page with a bunch of random stuff written on it, it means your server is accessible and running well!

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709801245917/61541708-9e83-4406-8cea-6f5f93b784e1.png align="center")

# 6\. Conclusion

There you go, your server is perfectly protected against IP leaks, and the advantage of using a Cloudflare product is that you are also protected against DDoS.

*As of today (March 7th 2024) I've only tested this on a Linux FiveM server, but I'm pretty sure you could probably turn this around by renting a small vps to just run your proxy. I will update this tutorial accordingly once I know how to do it.*

I hope this tutorial was easy to follow! I tried my best to explain everything clearly.

Thanks for reading!

This is my first tutorial so it will get better overtime hopefully!