Containers
1
Config Lines
~50
Setup Time
10 min
RAM Required
10 GB
Executive Summary
Deploy a Minecraft 1.20.1 Forge server with the MedivalC modpack, featuring protected external access and automated backups.
| Feature | Implementation |
|---|---|
| LAN Access | linuxserver.lan:9123 |
| External Access | minecraft.ai-servicers.com:9123 Port Forward |
| Backups | Every 3 hours (11 AM - 2 AM), 7-day retention |
| Protection | Whitelist + Online Mode + No direct port exposure |
Architecture
┌──────────────────────────────────────────────────────────────┐
│ linuxserver.lan │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ minecraft-medivalc │ │
│ │ │ │
│ │ itzg/minecraft-server:java17 │ │
│ │ Forge 1.20.1 + MedivalC Mods │ │
│ │ Port 9123 | MEMORY: 12G │ │
│ │ │ │
│ │ PROTECTION: │ │
│ │ ├─ Online Mode: Validates Mojang accounts │ │
│ │ └─ Whitelist: Only approved players can join │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ Port 9123 │
│ │ │
│ ┌────────────┴────────────┐ │
│ │ │ │
│ LAN Players UFW Firewall (open) │
│ linuxserver.lan:9123 │ │
│ │ │
│ Router Port Forward │
│ │ │
│ minecraft.ai-servicers.com:9123 │
│ │ │
│ External Players │
└──────────────────────────────────────────────────────────────┘
Backup: Cron every 3h (11AM-2AM) → tar → /opt/minecraft/backups/
Cleanup: Daily at 3 AM → delete backups > 7 days
Solution Evolution
This solution was refined through a 3-AI critique process that identified over-engineering in the initial design.
v1 (Over-Engineered)
- 3 Docker containers
- 500+ lines of config
- GitLab CI/CD pipeline
- 20+ custom JVM flags
- Separate backup container
- Complex cron orchestration
v2.1 (Simplified)
- 1 Docker container
- ~50 lines of config
- Direct SSH deployment
- Image defaults (MEMORY=12G)
- Simple cron + tar backup
- Direct port forward + whitelist protection
Result: 70% reduction in complexity while maintaining all functionality.
Quick Start Guide
1
Create directory
sudo mkdir -p /opt/minecraft && cd /opt/minecraft
2
Create docker-compose.yml and .env
Copy from solution document, set RCON_PASSWORD
Copy from solution document, set RCON_PASSWORD
3
Start server
docker compose up -d
4
Set up backups
Copy backup.sh, add cron entries
Copy backup.sh, add cron entries
5
Open firewall & configure router
sudo ufw allow 9123/tcp + forward port 9123 on router
How Protection Works
Even with port 9123 open to the internet, the server is protected:
| Protection Layer | What It Does | Blocks |
|---|---|---|
| Online Mode | Validates player owns Minecraft via Mojang | Pirated clients, fake accounts |
| Whitelist | Only allows pre-approved usernames | Everyone not explicitly added |
| RCON Localhost | Admin commands only from server | Remote admin exploits |
Result: Unauthorized connection attempts are rejected at the application layer. Port scans may find 9123 open, but can't actually play without being whitelisted.
Software Stack
| Component | Choice | Rationale |
|---|---|---|
| Server Image | itzg/minecraft-server:java17 | Industry standard, 10M+ pulls, handles Forge automatically |
| Backup | Cron + tar | Simple, reliable, no extra container |
| External Access | Port Forward | Direct via minecraft.ai-servicers.com:9123, protected by whitelist |
Resource Requirements
| Resource | Allocation | System Available |
|---|---|---|
| RAM | 10 GB | 44 GB free |
| CPU | 4 cores | Sufficient |
| Storage | ~50 GB | 1.6 TB free |