# Setup ## Installation Download the latest version of the plugin from [SpigotMC](https://www.spigotmc.org/resources/65075/) or [GitHub](https://github.com/dejvokep/safe-net). Install SafeNET on **all** your servers (proxy - BungeeCord/Waterfall/FlameCord..., backend - Bukkit/Spigot/Paper/Purpur...). **On your proxy:** If you are running Velocity, do not put SafeNET there (but install it on all your backend servers) and continue with steps [below](#setup-for-velocity). **On your backend:** If you are not running Paper (meaning native Bukkit/Spigot) servers, also install [ProtocolLib 5.3.0 or newer](https://www.spigotmc.org/resources/protocollib.1997/) on all your backend servers. If you, for some reason, need to use other ProtocolLib releases, use SafeNET 3.9 (ProtocolLib 5.0.0-5.2.0) or SafeNET 3.8-LEGACY (previous ProtocolLib versions), all downloadable from [GitHub](https://github.com/dejvokep/safe-net/releases/tag/v3.8). {% hint style="danger" %} Ensure the plugin's installed on **all** servers according to the information above, you are **vulnerable** to attacks otherwise! {% endhint %} ## Setup for BungeeCord-like proxies This covers setup for generic (BungeeCord-like) proxy server implementations. For Velocity setup, see the steps below this section. ### IP forwarding For the plugin to function properly, please enable `ip_forward` at BungeeCord, if not already done so. ### Passphrase You need to generate a new passphrase **(password; secret)** which you will use for your network. Open the console on the proxy server (if you have more proxies, do that only on one of them) and type `/sn generate` which will generate a passphrase of the default length - 1000 (you can specify a custom length to override it). {% hint style="danger" %} **Passphrase guidelines:** * Passphrases shorter than 50 characters are considered weak. If using such passphrase, the plugin will display a warning each time the server starts. * Never share it with anyone else. * Regenerate it once in a while, just in case. * Use the built-in generator or any other cryptographically secure string generator you trust. {% endhint %} After that's done, you should get a message informing you that the passphrase has been successfully generated. You can find the generated phrase in the config.yml (on the server where the command was used) under `passphrase`. Copy the passphrase into all other SafeNET's configuration files under `passphrase` - on **other proxy servers** and on **all the backend servers**. Reload the plugin on all servers with `/sn reload`. [GeyserMC](https://github.com/GeyserMC) (including [Floodgate](https://github.com/GeyserMC/Geyser/wiki/Floodgate)) is supported and does require any additional configuration. ## Setup for Velocity ### Forwarding If you are using `modern` Velocity [forwarding](https://docs.papermc.io/velocity/player-information-forwarding), you **do not need** SafeNET. If you, however, need to use `legacy` mode, you can use SafeNET or [BungeeGuard](https://www.spigotmc.org/resources/bungeeguard.79601/). ### Passphrase Set the `player-info-forwarding` setting inside `velocity.toml` to `bungeeguard` and copy the contents of `forwarding.secret` to SafeNET's configuration files under `passphrase`. Then, change `property-name.handshake` to `bungeeguard-token` (also in all SafeNET's configuration files). Finally, reload the plugin on all servers with `/sn reload`. *You may need to generate a new passphrase **(password; secret)** which you will use for your network. Use any generator you trust to generate a cryptographically secure string consisting ideally of only ASCII characters (recommended length: 1000 chars).* Consult the official [Velocity documentation about data forwarding](https://docs.papermc.io/velocity/player-information-forwarding#configuring-legacy-bungeecord-compatible-forwarding). {% hint style="success" %} **Unless configured properly, the plugin won't let anybody join.** {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dejvokep.gitbook.io/securednetwork/basic/setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.