Skip to main content

Player Info Forwarding Configuration

Player info forwarding allows Gate to pass real player information (IP addresses and UUIDs) to backend Minecraft servers. Without forwarding, backend servers only see Gate’s IP address for all players.

Why Forwarding Matters

When players connect through a proxy: Without forwarding, backend servers:
  • See Gate’s IP for all players (breaks IP bans, geolocation)
  • Can’t verify player UUIDs (breaks bans, permissions, player data)
  • Can’t distinguish between players
With forwarding, backend servers:
  • See real player IP addresses
  • Get authentic player UUIDs
  • Can properly ban, track, and identify players

Configuration

config.forwarding
object
Player information forwarding settings
forwarding:
  mode: velocity
  velocitySecret: your-secret-here

Forwarding Modes

Gate supports multiple forwarding modes for compatibility with different server software:

Choosing a Forwarding Mode

Use this decision tree:

Velocity

Best for: Modern servers (1.13+)✅ Most secure
✅ Best performance
✅ Recommended

BungeeGuard

Best for: Older servers (1.7-1.12)✅ Secure
⚠️ Needs plugin

Legacy

Best for: Trusted networks only⚠️ Not secure
⚠️ LAN/private only

None

Best for: Testing only❌ No forwarding
❌ Not recommended

Secrets Configuration

Velocity Secret

config.forwarding.velocitySecret
string
Secret key for Velocity modern forwarding. Must match between Gate and backend servers.
forwarding:
  mode: velocity
  velocitySecret: your-secret-here
Generating a Secret: 
# Generate random secret (Linux/macOS)
openssl rand -base64 32

# Or use any random string generator
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32

# Example output:
RJf8xZ7kQwH2vY9mL3nP5sN8bG4tE1cV
Using Environment Variables (recommended for security): 
forwarding:
  mode: velocity
  velocitySecret: ${GATE_VELOCITY_SECRET}  # Read from env var

# Set environment variable
export GATE_VELOCITY_SECRET="RJf8xZ7kQwH2vY9mL3nP5sN8bG4tE1cV"
gate
Or use Gate’s built-in env var support: 
export GATE_CONFIG_FORWARDING_VELOCITYSECRET="your-secret"
gate

BungeeGuard Secret

config.forwarding.bungeeGuardSecret
string
Secret token for BungeeGuard forwarding. Must match backend BungeeGuard plugin configuration.
forwarding:
  mode: bungeeguard  
  bungeeGuardSecret: your-secret-here
Configuration: 
# Generate secret
openssl rand -base64 32

# Use environment variable
export GATE_BUNGEEGUARD_SECRET="your-secret"

# Or in config

forwarding:
  mode: bungeeguard
  bungeeGuardSecret: ${GATE_BUNGEEGUARD_SECRET}

Complete Configuration Examples

config:
  bind: 0.0.0.0:25565
  onlineMode: true
  
  servers:
    lobby: localhost:25566
    survival: localhost:25567
  
  try:
    - lobby
  
  # Velocity modern forwarding
  forwarding:
    mode: velocity
    velocitySecret: RJf8xZ7kQwH2vY9mL3nP5sN8bG4tE1cV

BungeeGuard Mode

config:
  bind: 0.0.0.0:25565
  onlineMode: true
  
  servers:
    lobby: localhost:25566
  
  try:
    - lobby
  
  # BungeeGuard forwarding for 1.7-1.12
  forwarding:
    mode: bungeeguard
    bungeeGuardSecret: your-token-here

Legacy Mode

config:
  bind: 0.0.0.0:25565
  onlineMode: true
  
  servers:
    lobby: localhost:25566
  
  try:
    - lobby
  
  # Legacy BungeeCord forwarding
  forwarding:
    mode: legacy
    # No secret needed

Backend Server Configuration

Paper/Purpur/Spigot 1.13+

For Velocity mode:
  1. Edit config/paper-global.yml (or paper.yml on older versions): 
    proxies:
  velocity:
    enabled: true
    online-mode: true
    secret: your-secret-here
  2. Edit server.properties: 
    online-mode=false
  3. Restart server

Spigot 1.7-1.12

For BungeeGuard mode:
  1. Install BungeeGuard
  2. Configure plugins/BungeeGuard/config.yml: 
    allowed-tokens:
  - your-secret-here
  3. Edit server.properties: 
    online-mode=false
  4. Restart server
For Legacy mode:
  1. Edit spigot.yml: 
    settings:
  bungeecord: true
  2. Edit server.properties: 
    online-mode=false
  3. Restart server

Vanilla/Fabric/Forge Servers

Vanilla servers don’t support forwarding natively. You need:

Security Best Practices

Velocity modern forwarding is the most secure option:
forwarding:
  mode: velocity  # ✅ Best security
  velocitySecret: strong-random-secret
Avoid legacy mode unless absolutely necessary.
Generate cryptographically secure random secrets:
# ✅ Good - random and long
openssl rand -base64 32

# ❌ Bad - predictable
velocitySecret: "password123"
velocitySecret: "secret"
Don’t commit secrets to version control:
# ✅ Good - use environment variable
forwarding:
  velocitySecret: ${GATE_VELOCITY_SECRET}

# ❌ Bad - secret in config file
forwarding:
  velocitySecret: "actual-secret-here"
Add to .gitignore:
config.yml
*.secret
Backend servers must ONLY be reachable from Gate:
# Bind backend to localhost only
server-ip=127.0.0.1
Or use firewall rules:
# Only allow connections from Gate IP
iptables -A INPUT -p tcp --dport 25566 -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 25566 -j DROP
Legacy mode has no authentication:
# ⚠️ ONLY use on trusted private network
forwarding:
  mode: legacy
Anyone who can connect to your backend can spoof player data.

Troubleshooting

Error: Connection refused, invalid secret, or authentication failedCause: Mismatched secrets between Gate and backendSolution:
  1. Verify secrets match exactly (case-sensitive)
  2. Check for extra whitespace or newlines
  3. Restart both Gate and backend after changes
# Gate config.yml
velocitySecret: "RJf8xZ7kQwH2vY9mL3nP5sN8bG4tE1cV"

# Backend paper-global.yml - MUST MATCH
secret: "RJf8xZ7kQwH2vY9mL3nP5sN8bG4tE1cV"
Problem: Backend logs show Gate’s IP (127.0.0.1) for all playersCauses:
  1. Forwarding not enabled on Gate
  2. Backend not configured for forwarding
  3. Mismatched forwarding modes
Diagnosis:
# Check Gate config
forwarding:
  mode: velocity  # Should NOT be "none"

# Check backend config
# Paper: proxies.velocity.enabled: true
# Spigot: settings.bungeecord: true
Problem: Players appear as different UUID each timeCause: Forwarding not working, players get random UUIDsSolution:
  1. Verify forwarding mode is configured correctly
  2. Check secrets match (Velocity/BungeeGuard)
  3. Ensure backend has forwarding enabled
  4. Verify online-mode=false on backend
Check UUIDs are consistent:
# Players should have same UUID each join
grep "UUID of player" backend/logs/latest.log
Problem: Banned players can still joinCause: Backend not receiving real IP addressesSolution: Configure forwarding properlyTest:
# Check backend logs for real player IP
tail -f backend/logs/latest.log
# Should show actual player IP, not proxy IP
Error: Unknown forwarding mode "velocty"Cause: Typo in configValid modes: none, legacy, velocity, bungeeguard
# ❌ Wrong
mode: velocty
mode: modern
mode: bungee

# ✅ Correct
mode: velocity
mode: bungeeguard
mode: legacy

Validation and Warnings

Gate validates forwarding configuration on startup: 
# ⚠️ Warning: Forwarding disabled
forwarding:
  mode: none
# Warning: "Player forwarding is disabled! Backend servers will have
#           players with offline-mode UUIDs and the same IP as the proxy."

# ⚠️ Warning: Insecure legacy mode
forwarding:
  mode: legacy
# Warning: "Using legacy forwarding mode! This is not secure.
#           Consider using velocity mode instead."

# ❌ Error: Invalid mode
forwarding:
  mode: invalid
# Error: "Unknown forwarding mode 'invalid', must be one of:
#         none, legacy, velocity, bungeeguard"

Testing Forwarding

Verify forwarding is working:
1

Join the server

Connect through Gate proxy as normal
2

Check backend logs

tail -f backend/logs/latest.log
Look for player join message with your real IP:
[INFO]: Player123[/203.0.113.45:51234] logged in...
Should show your real IP, not proxy’s IP (127.0.0.1)
3

Test IP-based features

Try features that depend on player IP:
  • IP bans
  • GeoIP plugins
  • Connection logs
They should work with your real IP
4

Verify UUID consistency

Join, leave, and rejoin. Your UUID should stay the same:
grep "UUID of player Player123" backend/logs/latest.log

Overview

Complete configuration overview

Servers

Configure backend servers

Security

Security best practices and hardening

Online Mode

Understanding online vs offline mode

Build docs developers (and LLMs) love

Get started for freeTalk to us