Apr 17 2011
I have two young boys who are addicted to Minecraft. They wake up in the morning, log onto a Minecraft server, play as long as we’ll let them and then get back onto the servers as soon as we’ll let them. I was a little concerned at first because I really didn’t know much about the game, but I discovered I had several adult friends in the security community who were also playing the game, so I was willing to let the boys play on a system a friend runs. I don’t know about you, but it makes me feel a lot better about letting my kids play online when I know I can contact the administrator with a quick phone call or email.
Playing on someone else’s server is fun for the boys, but since Minecraft is a game of mining resources and constructing almost anything you can imagine, an eventual request came to build the boys their own server. Minecraft isn’t very resource intensive, it’s a Java based program that runs pretty decently on a low end server, at least if you only have two or three people using the server at a time. Since, like most geeks, I have several computers that are running 24/7 and have some spare memory, I was able to throw up our own home Minecraft server without too many problems. And as Minecraft has matured and added plugins, I could give the boys additional capabilities and superuser access so they can give themselves whatever resources they want to build anything they want. This kept them happy for a little while and gave me something to hold over their heads to get their homework done. It’s a lot easier to deny them access to the server when you can shut it down in a couple of seconds.
The next step came when the boys told their cousin about Minecraft and he started playing as well. It’s a community game and they often play together on public servers, but the lure of having superuser accounts and just having control of their environment with their cousin was strong. So the continuing plea of ‘Dad, can we make our Minecraft server public?” started. With the continued reply of “No.” to go with it. They tried several tactics, such as explaining the white and black listing capabilities of Minecraft, offering their cousin’s server instead if I’d tell them how to make it public, as well as several other plans that only a pre-teen could come up with. All of which were still denied.
It’s not that I don’t want my sons to have their own Minecraft server, it’s just that the security of my home network is more important to me than them playing a game that necessitates poking a hole in my network to the outside world. I’m a security professional and I know that despite that, I don’t know enough to lock down any program with 100% certainty once I’ve opened it up to the Internet. I do not currently allow any services to be served to the Internet from my home network and I have no intentions of changing that in the near future. I’ve also had several discussions that lead me to believe that while Minecraft doesn’t have any currently know publicly exploitable vulnerabilities, security is not a major concern of the developers and it’s only a matter of time before someone turns their full attention to rectifying the lack of exploits. Especially considering how popular Minecraft has become.
I’m the kind of father who wants to give their kids as many geek toys as he can, first to test my own abilities and second to give them something to stretch their own capabilities. Or perhaps it’s the other way around. In either case, I wanted to give my kids what they wanted, a publicly accessible Minecraft server that was not part of my home network and did not put any of my resources at risk, however minor. Which is when I realized I had a technology I’ve been meaning to learn more about and was just looking for an excuse to play with: the Cloud! I’ve been remiss in my duties as a geek and security professional in that I’d been reading about Cloud technologies, I’ve been listening to what others have to say and I’ve even given a talk about PCI in the Cloud, but I’d never actually signed up for a cloud service and created my own server because I didn’t have a real use for one. Setting up a Minecraft server on Amazon’s EC2 this weekend became the perfect solution to both issues, giving the boys a Minecraft server that I didn’t care who connected to and giving me a chance to stretch a little and learn more about the technology that is on everyone’s lips this year (and probably the next several)
I’ll be honest, one of the things that made this easy is that I found a step by step guide to creating a Minecraft server on the Minecraft forums. I’m including a copy of the guide in the extended post because I don’t want to take the chance of losing the information if something happens on the forums, an old habit of mine. I’ll add a few of my own notes to it as well. This was a huge help and probably cut my installation time by 3/4.
Signing up for all the Amazon Web Services was easy and only took about 30 minutes. I needed to sign up for these in any case for another project, but that’s someone else’s tale to tell when he’s ready. From that point on, the guide was spot on. I don’t think it was more than 30 minutes later that I had the boys personal Minecraft server up and running. As suggested, I chose a small, spot request instance of the default Linux installation, reserved an Elastic IP address, associated it and the server was up and running. I performed a few additional steps, like installing Bukkit and half a dozen plugins that the boys requested. Most of it was as easy as using wget to pull first bukkit and then the plugins and restarting server. I did have one minor problem in that one of the plugins was being hosted on a server using HTTPS and I had to modify the wget parameters, but that’s relatively minor to overcome.
I’ve been running our Minecraft server on Amazon’s EC2 for about 24 hours now. I made it clear to the boys that this server is only going to be up when evenings and weekends, which turns out to be a good thing. It’s not a huge cost, but in the past day this installation of Minecraft has cost me approximately $1.50 to run at a fairly low load, which could quickly add up to $40-50 or more per month. If there were more people using it, if their cousin actually had a full Minecraft account and could play with them, and if I didn’t already have a Minecraft server running on the home network, I might be willing to pay that, but for the most part they’re going to have to live with the server only being available when I say it is. I’m not an authoritarian … wait, no scratch that. When it comes to my kids, yes, I am the authorities and my wife lets me say so.
All in all, this was a worthwhile project; it gave me some experience with the Cloud and specifically AWS. I walked the kids through some sections of the installation, which taught us all a few lessons. They get a Minecraft server they can share with their cousin and friends, without my having to open my network or pay an arm and a leg. But I am realizing that it’s important to watch your Cloud instances or you’re going to end up paying a lot more than you thought very quickly.
couple weeks with just a couple of friends. I wanted to share my
knowledge about running a server on Amazon EC2. It’s really a great tool
for hosting Minecraft. Take my tutorial for what it is, a general
guideline. I’m by no mean a linux master.
- no long term server commitment – pay as you go
- easily scalable – shut a server down and reboot it with more processing power and ram within minutes
save money – You can host a server just in the evenings or weekends
with your friends and not have to pay to run it 24/7 unless you chose
- plenty of bandwidth – if you’re like me you’re limited to less
than half a megabit upstream at home which makes hosting a server
pretty much out of the question.
- easy backups – save your world easily anytime you choose into bootable server images.
- quick provisioning – get a server running within seconds or minutes.
I. Register for Amazon EC2
1. Go to aws.amazon.com and make an account.
Read over all appropriate charges that you will incur. You’ll be
charged for bandwidth, disk io, the server itself, ebs volumes, etc.
There is a free tier for new customers but you will probably incur some
extra charges outside of that tier.
3. Understand pricing structure of EC2 servers. There are 3 pricing tiers. Servers are charged per hour of usage.
On Demand: Most expensive but pay as you go and guaranteed server time. Set up within seconds usually.
Reserved: Same as on demand but you pay for access to lower prices for 1 or 3 years with a one time fee.
(what i generally use) based on bid for unused servers. Cheapest prices
of all. Set a maximum price you’re wiling to pay for server time and a
server is obtained through a bidding process. Usually costs 1/3 of price
of on demand instances. If current bid prices rises above your maximum
bid your server will be shut down and your data will be lost. I usually
bid 5x more than the current bid rate just to be safe. Your bid price
doesn’t effect the market price you will pay. So if you bid $1.00 an
hour and the market price was .30 you would still pay .30. If the price
per hour spiked to .50 briefly you’re server would still be running
since your maximum bid is high enough.
Spot instances can take a few minutes to set up whereas on demand and reserved generally take just a few seconds.
Typical server prices per hour for linux. As of March 2011.
Players per server instance type is an estimate and not a tested value.
Micro – don’t use. Too slow in my experience even for 2 people.
32 bit instances
Small – up to 10 players
On demand: .085
Medium – up to 25 players
On demand: .17
64 bit instances
Large – unsure 75-100 players?
On demand: .34
Extra Large – 200 players?
On demand: .68
II. Creating and setting up server
1. Create security group.
A. Navigate to security groups under ec2 in the aws console.
B. Create new group with name like minecraft so you know what it applies to.
C. Allow TCP Ports 22 and 25565 with source 0.0.0.0/0 on both.
2. Get elastic IP – Navigate to elastic IPs under ec2 and allocate new address.
Create a key pair – ec2 servers don’t accept passwords to login via
ssh. You will need to create a key pair for use when logging in. Name
the key pair and download the file to somewhere you know where it is
like your desktop.
4. Create instance.
A. Determine how
many players you will want on your server. If more than 25 players will
generally be playing you will probably want a 64 bit server. If its a
small group of people go with 32 bit.
B. Go to the ec2 dashboard and
click “create instance” I generally use the basic amazon 32 bit AMI for
my server so that’s what I would recommend. Again, use 64 bit if you’re
planning on running a larger server. By using 64 bit, though, you won’t
have access to the cheaper small and medium tiers should you chose to
downsize your server at a later date. You want to chose an AMI with EBS
since EBS is persistent, meaning if your server reboots for any reason
your data will still be there.
C. Chose your instance type and
payment method. I would suggest requesting a spot instance since it’s
MUCH cheaper. Just set a bid at 3-5x the current price and you should be
pretty well protected if the current price fluctuates any.
D. Use default kernel and disk id
On the next step next to name just put in a name that will easily
identify your server. This is just incase you have multiple servers
running you can identify which is which.
F. Select your existing minecraft key pair you set up earlier as well as your minecraft security group.
G. Launch instance
H. After your instance is running go to elastic IP page and associate elastic IP with the instance
5. Log into instance
A. Download Putty
B. Enter your elastic IP
C. use keygen which is included in the putty install to change .pem into the putty format .ppk. /*Note, it’s PuttyGen with the Windows installation of PuTTy*/
D. Associate the key with putty under shh and security options.
A. Open terminal
Navigate to the directory with the key pair file you downloaded
earlier. To do this type in cd and then the directory. (ex. “cd desktop”
C. Type “ls” to list files on your desktop or other folder
D. Type “chmod 400 yourkeyname.pem”
Go to AWS management and view your running instance. Right click on it
and click connect. Under the prompt that comes up copy and paste the
text displayed under “enter the following command line”. It should look
something like this “ssh -i macminecraft.pem
firstname.lastname@example.org”. Change the root right
before the @ symbol to ec2-user. Copy and paste this into the terminal.
F. You should be connected through ssh in your terminal at this point.
6. Setting up Minecraft on the server
I’m using the 32bit Amazon AMI. I’m not sure how this differs on different AMIs.
A. In terminal/putty type “wget http://www.minecraft.net/download/minecraft_server.jar”
B. To run server enter “java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui”
C. You should now be able to connect to your server using your elastic IP
/* I installed Bukkit, which changes the startup script needed. You can find the full installation guide for Bukkit on the wiki */
/* You will have to leave an SSH window open with Minecraft running. There’s some discussion in the mailing list of how to do this. I didn’t want to have it as a background process, since it’s harder to interact with */
7. Saving server/backing up server
a server in its current state is really easy in ec2 and is one of the
reasons i love ec2 so much. If you don’t want to pay to run a server
when you and your friends aren’t on then don’t. It gives you complete
Simply right click on a running instance and click
“create image (EBS AMI)”. When your server is saved into an AMI it can
be started easily at the that point. Once you’re AMI is created it’s
safe to terminate your instance. Your data is safe.
To launch a
previously saved AMI navigate to AMIs and right click “launch instance”
and your server will pick up where it left off.
- you can not boot from a snapshot. Always save as an AMI.
always release your elastic IP address after you shut down your server
or you’ll be charged .01 per hour for an unassociated IP. You could
decide to keep the IP of course if you didn’t want to distribute a new
one everytime you started a server.
Credit: This man is awesome http://www.youtube.com/watch?v=x-3BEcNrhuQ
Now you know how to do it. I don’t want to see anyone else using Hamachi!!!