This BungeeCord (and now Spigot and Velocity) plugin enables proxied and direct connections both at the same time. More infomation about HAProxy and its uses can be found here.

Allowing both direct and proxied connections has significant security implications — a malicious player can access the server through their own HAProxy instance, thus tricking the server into believing the connection is coming from a fake IP.

To counter this, this plugin implements IP whitelisting. By default, only proxied connections from localhost will be allowed (direct connections aren't affected). You can add the IP/domain of your trusted HAProxy instance by editing whitelist.conf, which can be found under the plugin data folder.

# List of allowed proxy IPs
#
# An empty whitelist will disallow all proxies.
# Each entry must be an valid IP address, domain name or CIDR.
# Domain names will be resolved only once at startup.
# Each domain can have multiple A/AAAA records, all of them will be allowed.
# CIDR prefixes are not allowed in domain names.

127.0.0.0/8
::1/128

YesIReallyWantToDisableWhitelistItsExtremelyDangerousButIKnowWhatIAmDoing!!!

proxy_protocol needs to be enabled in BC config.yml for this plugin to work. (Not to be confused with the similar option in paper.yml)

Older versions of BC can in theory use BungeeProxy in parallel with this plugin, but it hasn't been tested yet. Feedback is welcomed.

ProtocolLib is a required dependency. This plugin was developed using ProtocolLib v4.8.0; please try that version first if there are any errors. Check out issue #3 for experimental support for ProtocolLib 5.0.

New versions of Paper have built-in HAProxy support (proxied connection only). It's not compatible with this plugin, so please disable the proxy-protocol option in paper.yml.

haproxy-protocol needs to be enabled in Velocity config for this plugin to work.

Versions older than 3.0 are not supported.

If errors like NoClassDefFoundError: sun.misc.Unsafe, InaccessibleObjectException and such are encountered, please add --add-opens java.base/java.lang.invoke=ALL-UNNAMED to JVM arguments.

If errors like IllegalAccessException: static final field has no write access are encountered, please upgrade the plugin to at least v3.0.2.

If you cannot upgrade for whatever reason, a temporary workaround would be to add -Djdk.reflect.useDirectMethodHandle=false to JVM arguments.

Note that this argument will be removed in future Java releases.

This plugin uses bStats for metrics. It collects some basic information, like how many people use this plugin and the total player count. You can opt out at any time by editing the config file under plugins/bStats/.