Trouble Configuring HAProxy for Game Server Traffic Routing

Help!
1

Introduction
I am attempting to configure HAProxy on an Ubuntu server to route TCP traffic for multiple game servers. My goal is to use HAProxy to manage connections to multiple game servers through one public IP address and distribute the traffic based on subdomain access. However, despite setting everything according to typical guidelines, clients cannot connect through the HAProxy layer to the Minecraft server.

Technical Background Server Details:
Operating System: Ubuntu 24.04 LTS HAProxy Version: HAProxy 2.8.5-1ubuntu3 Network Setup:

DNS Addresses: domain name “abands-mc.com and *.abands-mc.com” are forwarded to my local home network where the ubuntu server is running.

On home network providor, port 4000 is public forwarded to the servers ip address

HAProxy Configuration:

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations (although not used for TCP, still good to define for future use)
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # SSL settings (keep these if you might configure SSL in the future)
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
    log global
    mode tcp   # Changed from http to tcp for game traffic
    option tcplog  # Using TCP-specific logging
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend main_front
    bind *:4000
    acl is_game1 hdr(host) -i game1.abands-mc.com
    acl is_game2 hdr(host) -i game2.abands-mc.com
    use_backend game1_backend if is_game1
    use_backend game2_backend if is_game2

backend game1_backend
    server game1 <server-ip-address>:25565

backend game2_backend
    server game2 <server-ip-address>:25566

Problem Description:
Clients are unable to connect to the (for testing) Minecraft server through the HAProxy setup. While direct connections to the Minecraft server using its local IP and port are successful, attempts to connect through the HAProxy IP and designated port fail without any specific error message on the client or server side. The expected behavior is for HAProxy to seamlessly forward the traffic to the respective game server based on the domain name provided by the client.

Here’s a list of troubleshooting actions I’ve taken so far:
Checked HAProxy syntax with:

haproxy -c -f /etc/haproxy/haproxy.cfg.

Restarted HAProxy and verified its active status. Directly connected to the Minecraft server to ensure it’s operational. Used network tools like ping and netcat to check connectivity and port accessibility.
Now i’ve also added a log system afterwards where i got this error when trying to join the mc server trough the domain name:

2024-04-30T17:34:54.768861+02:00 local-server haproxy[44315]: 141.134.109.179:50620 [30/Apr/2024:17:34:54.768] main_front main_front/<NOSRV> -1/-1/0 0 SC 1/1/0/0/0 0/0
2024-04-30T17:34:54.768861+02:00 local-server haproxy[44315]: 141.134.109.179:50620 [30/Apr/2024:17:34:54.768] main_front main_front/<NOSRV> -1/-1/0 0 SC 1/1/0/0/0 0/0
2024-04-30T17:34:54.829935+02:00 local-server haproxy[44315]: 141.134.109.179:50623 [30/Apr/2024:17:34:54.829] main_front main_front/<NOSRV> -1/-1/0 0 SC 1/1/0/0/0 0/0
2024-04-30T17:34:54.829935+02:00 local-server haproxy[44315]: 141.134.109.179:50623 [30/Apr/2024:17:34:54.829] main_front main_front/<NOSRV> -1/-1/0 0 SC 1/1/0/0/0 0/0

Request for Help I am seeking advice on further diagnostics I can run to pinpoint the issue. Any specific HAProxy settings or network configurations that might typically be overlooked would be immensely helpful. Additionally, if there are known issues or best practices specifically related to HAProxy, sharing these would be greatly appreciated.

2

You are accessing the HTTP header “Host” and you expect it to contain the DNS name. However the traffic is not HTTP (but a gaming traffic), your client is not a browser (but a game), so there is no such header.

Unless the application / game traffic specifically sends the hostname in a static offset in the first TCP segment, and you access this specific offset, this will not be possible.

But I think it is unlikely that the game does this.