From f9412e68ea38f7f3330eeb91c064c08eef7c8b70 Mon Sep 17 00:00:00 2001
From: ChenKaiLiuG <e24136487@gs.ncku.edu.tw>
Date: Sun, 28 Dec 2025 02:03:23 +0800
Subject: [PATCH] Add proxy

---
 karylab-minecraft/minecraft.yml | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/karylab-minecraft/minecraft.yml b/karylab-minecraft/minecraft.yml
index 9ff47d2..baf7455 100644
--- a/karylab-minecraft/minecraft.yml
+++ b/karylab-minecraft/minecraft.yml
@@ -9,9 +9,7 @@ services:
     environment:
       - TZ=Asia/Taipei
     ports:
-      - "8000:8000"              # 管理介面
-      - "1110-2000:1110-2000" # 預留 MC 埠口
-      - "11100-12000:11100-12000/udp" # 預留 Bedrock 埠口
+      - "8000:8443"              # 管理介面 (HTTPS)
     volumes:
       - /docker/minecraft/crafty/backups:/var/opt/crafty/backups
       - /docker/minecraft/crafty/db:/var/opt/crafty/db
@@ -28,12 +26,6 @@ services:
           memory: 24G
         reservations:
           memory: 8G  # 保證最低 8GB，適合多伺服器同時運行
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8000/api/v2/status"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 60s
 
   # 2. 全方位監控儀表板 (Netdata)
   netdata:
@@ -114,7 +106,23 @@ services:
   #   networks:
   #     - minecraft_net
 
-  # 5. Watchtower - 自動更新容器映像檔（可選）
+  # 5. Cloudflare Tunnel - 網域穿透 (不需開防火牆)
+  cloudflared:
+    image: cloudflare/cloudflared:latest
+    container_name: cloudflared_minecraft
+    restart: unless-stopped
+    command: tunnel run
+    environment:
+      - TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}  # 需要在 Cloudflare Dashboard 建立 Tunnel 取得
+    networks:
+      - minecraft_net
+    # Cloudflare Tunnel 會自動處理:
+    # - SSL/TLS 加密
+    # - DDoS 防護
+    # - 不需開任何防火牆 port
+    # 設定方式: https://dash.cloudflare.com -> Zero Trust -> Access -> Tunnels
+
+  # 6. Watchtower - 自動更新容器映像檔（可選）
   # watchtower:
   #   image: containrrr/watchtower:latest
   #   container_name: watchtower_minecraft