Onboarding with TCPShield is a very simple process. If you haven't yet, sign up with a TCPShield account, please do so here. Once you have signed up, you can begin the process of moving your server(s) to behind the protection of our network.
When you first log into TCPShield, you will be greeted with a page that looks like this:
This is the dashboard for the TCPShield service. When you have added servers to our network, you will be able to gain insights about your server. To add your server, on the left navigation bar, head over to the manage servers page.
When you click on the manage servers page, you will be presented with the onboarding process for TCPShield.
The first step of onboarding with TCPShield is adding your backend servers and domains. By filling out this table, you will be well on your way to joining the TCPShield Network.
The first column in the table is for your domain, or the IP you want your users to connect through. For example, if I own
CrunchyPvP.com and this the IP I want my players to connect too, this will be my domain.
The next column is for your backend servers. For example, if I purchased two dedicated servers for my minecraft server instances with the IPs of
126.96.36.199, these would would be my "backend" connections. In other words, these are the servers that would be protected behind TCPShield.
You can have multiple backend IP's associated with the same domain. You can also just have one. This is important for users with multiple bungeecord instances, as you will need to set the same IP's under the backend category.
For each hostname entry defined on our dashboard, if you do not include a subdomain and just have 2 DNS levels (i.e. example.com with no subdomain), then our system will automatically create wildcard entries for these domains. You will see this in your dashboard where a *. is appended to the front of the domain, for example
*.example.com. In regular expressions, this signifies a wildcard, and means any subdomain in front of example.com can be used to connect to your server. You can also think of this as a "fallback record" where if you have explicit subdomains such as
eu.example.com that points to
188.8.131.52:25565, you could have the remainder of traffic go to your NA proxies with your wildcard record, where
*.example.com points to
You can also setup wildcard DNS routing in most modern DNS management systems (i.e. Cloudflare), by simply creating a CNAME record with the name
* and the value as
myserver.ipv4.tcpshield.com (or whichever CNAME is displayed in your dashboard). As a result, players will be able to connect to your server with any subdomain they choose, even if they misspell it. For example
paly.example.com would still proxy as normal.
On the next page, you will be given downloads to the TCPShield Real IP plugin. These plugins must be installed while using TCPShield in order for players to have the correct IP addresses on your server. If you don't run these plugins, all players will look like they are originating from the same IP address.
These plugins are open source, and are available for modification and pull requests here.
Note: If you are running a BungeeCord server, you only need the Real IP plugin on your BungeeCord instances. Note: If you are running Lilypad (while not recommended), you will need to contact us for a way to get the correct IP addresses for your players. This is a limitation of Lilypad (No plugins), not TCPShield.
The last step of the TCPShield onboarding process is to point your domain(s) to the TCPShield network. On the final page of the manage servers page, you will be given instructions on what to point your domains too. While adding
CrunchyPvP.com I am given the instruction to set a CNAME record to
This will require you to update your DNS. We recommend Cloudflare as your DNS provider, but any provider will do.
At my DNS provider, I will create a new CNAME record to pointing to
with the name being
@ for all incoming subdomains.
If you are using cloudflare,
name would be your subdomain. For example, if I wanted to use
mc.crunchypvp.com I would set
Once you have set your CNAME records, you can use the Verify Domains button to ensure that everything is correctly configured. You should be able to join your server through the TCPShield Network at this point.
You have officially joined the TCPShield Network! If something didn't work quite right, don't hesitate to contact us using the ticket system on our discord. We also have tons of troubleshooting documents and a FAQ to help you debug any potential issues.