Protect Minecraft Dynmap with a Password

Dec 10, 2022

Dynmap is a great plugin for inspecting your Minecraft Map in a top-down view from your webbrowser. In this post I will show you how to password protect it to prevent the wrong people from viewing it and using it as an attack vector against your server.

Get it running using nginx

The way I did it was simply using a nginx reverse proxy to configure basic-auth for Dynmap. The following commands apply to a Debian based machine.

If you do not have nginx installed on the machine running your Minecraft server, you can do so (on Debian based distros) by running the following command.

sudo apt install nginx

First, create the login credentials. To generate the needed .htpasswd file, you can use the following command on Linux.

sudo htpasswd -c /yourfolder/.htpasswd youruser

To configure the proxy, create a site-configuration called etc/nginx/sites-available/your.domain. It could look something like this, you will just have to replace your.domain with the domain that points to your server and yourfolder with the folder where you generated the .htpasswd file.

server {
	server_name your.domain;
        location / {
                auth_basic "Restricted";
                auth_basic_user_file /yourfolder/.htpasswd;
                proxy_pass http://localhost:8123;
        }
        listen 80;
}

Next, link the available sites to the enabled sites.

ln -s /etc/nginx/sites-available/your.domain /etc/nginx/sites-enabled

After that, restart nginx.

sudo service nginx restart

Finally, always make sure that you use a SSL certificate with Basic-Auth!

Otherwise the username and password will be easily captured by any intruder in your current network, as they are delivered unencrypted. There are tools like certbot, which make protecting your domain with a valid SSL certificate very easy. To get it installed, please follow their instructions page.

If you installed the tools for nginx ( package python-certbot-nginx), you can now simply run the command sudo certbot and the wizard will guide you through the process of getting your SSL certificate.

To add even more security, please consider enabling the firewall ufw and forbid direct access to port 8123 (the default port of dynmap) and only allow 443 for HTTPS. If you access your server via SSH, don’t forget to allow the port for it too, otherwise you will no longer be able to access your server remotely.