In today’s technology-driven world, the gaming community continues to expand and evolve. One of the most requested topics from my son was how to set up a Minecraft server using FreeBSD Jails. This approach is similar to using Docker or Podman containers on Linux, but it provides a more secure environment for hosting your games.

Preparation Steps

To kick things off, we need to create the necessary directories and download the FreeBSD Base System version required for our Minecraft server setup. For this guide, we will use the 14.2-RELEASE version of FreeBSD UNIX.

host # mkdir -p /jail/minecraft /jail/BASE

host # VER=$( freebsd-version | awk -F \'-\' \'{print $1 "-" $2}\' )

host # fetch -o /jail/BASE/${VER}-base.txz https://download.freebsd.org/releases/amd64/14.2-RELEASE/base.txz

With the base system in place, we will proceed to create a dedicated FreeBSD Jail specifically for our Minecraft server. It is crucial that we also copy the /var/run/dmesg.boot file, as the Minecraft server requires it to function correctly.

host # tar -C /jail/minecraft --unlink -xvf /jail/BASE/14.2-RELEASE-base.txz

host # cp /var/run/dmesg.boot /jail/minecraft/var/run/

Configuring the FreeBSD Jails

Next, we will establish the base configuration for FreeBSD Jails. This configuration will be the default for all future Jails unless they are redefined with new settings.

host # cat /etc/jail.conf

exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/jail_console_${name}.log"; exec.clean; mount.devfs;

For our specific Minecraft Jail, we will utilize the em0 LAN interface with an allocated IP address of 10.0.0.210.

host # cat /etc/jail.conf.d/minecraft.conf

minecraft { # GLOBAL exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/jail_console_${name}.log"; exec.clean; mount.devfs; host.hostname = ${name}; path = /jail/${name}; # CUSTOM ip4.addr = 10.0.0.210; interface = em0; allow.raw_sockets; allow.sysvipc; devfs_ruleset=210; allow.mount; enforce_statfs=1; allow.mount.devfs; allow.mount.procfs; allow.mount.fdescfs; }

Moreover, the following /etc/devfs.rules ruleset on the host provides the necessary permissions:

host # grep -A 4 minecraft /etc/devfs.rules

[minecraft=210] add include $devfsrules_jail add path \'fd*\' unhide

Starting the Minecraft Jail

We are now ready to start our new Jail.

host # service jail onestart minecraft

To check if the jail has started successfully, we can use the following command:

host # jls

JID IP Address Hostname Path 1 10.0.0.210 minecraft /jail/minecraft

For those interested, you can also utilize the jmore(8) tool to view your jails more interactively.

host # jmore JAIL JID TYPE VER DIR IFACE IP(s)

To ensure that our Minecraft Jail starts automatically at boot, we need to add the following lines to the /etc/rc.conf file:

host # grep jail /etc/rc.conf

jail_enable=YES jail_devfs_enable=YES jail_list="minecraft"

Entering the Minecraft Jail

At this point, we can enter the Minecraft Jail using the following command:

host # jmore minecraft c

This command is equivalent to executing env PS1=\'minecraft # \' jexec minecraft /bin/sh.

Next, we need to configure basic settings such as DNS and update the package manager’s branch to the latest version.

minecraft # echo nameserver 1.1.1.1 > /etc/resolv.conf

minecraft # mkdir -p /usr/local/etc/pkg/repos

minecraft # sed -e \'s|quarterly|latest|g\' /etc/pkg/FreeBSD.conf > /usr/local/etc/pkg/repos/FreeBSD.conf

minecraft # pkg search -o minecraft games/minecraft-client Client for the block building game

We will now proceed to install the necessary packages required to build the Minecraft server using FreeBSD Ports. The installation process includes accepting or ignoring license agreements manually.

minecraft # pkg install gitup bsddialog ccache portconfig openjdk21 tmux jless

Building the Minecraft Server

To begin building the Minecraft server, we must first fetch the FreeBSD Ports tree with the gitup tool. During the configuration process, make sure to select the DAEMON option.

minecraft # gitup ports

minecraft # cd /usr/ports/games/minecraft-server

minecraft # make config

Follow the on-screen prompts to ensure the proper configuration.

Finalizing Minecraft Server Setup

Before we start the Minecraft server, we need to modify some settings in the configuration files. Add additional virtual filesystems to the /etc/fstab file to ensure they are automatically mounted during the Jail\'s startup process.

minecraft # cat << FSTAB >> /etc/fstab

fdesc /dev/fd fdescfs rw 0 0 proc /proc procfs rw 0 0

minecraft # echo \'mount -a\' >> /etc/rc.local

minecraft # mount -a

We also need to configure the primary /etc/rc.conf file for the Minecraft server, noting down the necessary options.

minecraft # cat << RC >> /etc/rc.conf

minecraft_enable=YES

minecraft_mems=1024M

minecraft_memx=1024M

RC

Additionally, we must accept the EULA and configure the primary server properties at /usr/local/etc/minecraft-server/server.properties.

minecraft # echo eula=true > /usr/local/etc/minecraft-server/eula.txt

minecraft # cat << MINECRAFT > /usr/local/etc/minecraft-server/server.properties

enable-jmx-monitoring=false

rcon.port=25575

motd=FreeBSD Minecraft Server

server-ip= 10.0.0.210

server-port=25565

max-players=20

level-name=world

allow-flight=false

MINECRAFT

Starting the Server

With everything configured correctly, we can now start the Minecraft server:

minecraft # service minecraft start

minecraft # service minecraft status

To verify that the server is running, we can check the list of open sockets:

minecraft # sockstat -l4

If you encounter issues, try running the server directly to debug any problems:

minecraft # su mcserver -c \'/usr/local/bin/java -Xmx1024M -Xms1024M -jar /usr/local/minecraft-server/server.jar nogui\'

Connecting with Minecraft Client

Ensure your Minecraft client is running the same version as the server — in this case, 1.21.4. When setting up your client, navigate to the Multiplayer option, click Add Server, and enter your server\'s name and IP address. Upon joining the server, you will see the message "Connecting to the server…" and shortly after, you should be in.

Managing Users and Admins

As I am not a Minecraft expert, it took me some time to figure out how to define administrators for the server. Initially, I attempted to use the jless(8) tool, which is designed for JSON management. Fortunately, I\'ve found a working solution.

When a player connects to the server, their name and UUID are added to the /usr/local/etc/minecraft-server/usercache.json file:

host # cat /jail/minecraft/usr/local/etc/minecraft-server/usercache.json | tr \',\' \' \'

To grant admin privileges, add their UUIDs to the /usr/local/etc/minecraft-server/ops.json file and restart the Minecraft server for the changes to take effect.

host # jless /jail/minecraft/usr/local/etc/minecraft-server/ops.json | cat

Level 4 permissions provide the highest level of authority within the server, allowing my son to utilize commands like /gamemode or /time.

Final Thoughts

This setup offers a robust and secure environment for running a Minecraft server. Feel free to share your thoughts regarding additional configurations or enhancements needed for a personal Minecraft server experience.

Update: FreeBSD Jails vs. Linux Podman

The initial discussion on this topic spurred considerable interest, prompting a deeper examination of the security differences between FreeBSD Jails and Linux Podman containers. While both have their merits, FreeBSD Jails generally provide enhanced security measures out-of-the-box compared to Podman. Isolation capabilities, kernel syscall surfaces, and firewall functionalities favor Jails, particularly when additional layers of security are incorporated.

To summarize, FreeBSD Jails stand as a well-established solution since their introduction in the late 1990s, with extensive real-world testing making them a top choice for server management in a secure environment.