Skip to content

Recommended FiveM server.cfg settings

A handful of convars are worth setting (or double-checking) on every production FiveM server. They control how your server appears in the public server list, whether your raw IP leaks to scrapers, and how many concurrent TCP connections the runtime accepts before it starts refusing them.

This page goes through the ones we recommend and explains what each one actually does, so you can decide which ones apply to your setup.

TL;DR

Drop this near the top of your server.cfg:

# Hide the raw server IP from the public listing
sv_forceIndirectListing true

# Tell the listing backend which IP to query (only needed if it cannot
# guess on its own, e.g. behind NAT or a reverse proxy)
sv_listingIpOverride "<your-public-ip-or-proxy-ip>"

# If you front your server with a custom domain or reverse proxy, point
# the listing backend at it instead of the raw IP
sv_listingHostOverride "https://play.example.com/"

# Advertise the endpoint(s) clients should actually connect to
# (your public IP:port, or your proxy)
sv_endpoints "<your-public-ip>:<your-game-port>"

# Raise the per-IP TCP connection limit so the HTTP layer doesn't
# rate-limit player browsers and asset fetches under load
set net_tcpConnLimit 50000

Below is what each line does and when you should (or shouldn't) keep it.

sv_forceIndirectListing true

From the official Cfx.re proxy-setup docs: "prevents the server list from advertising your server using its actual IP."

When this is on, the FiveM server list never publishes your raw IP. Players reach your server through the Cfx.re listing backend, which then hands them the connection address you configured (sv_endpoints / sv_listingHostOverride). Scrapers that crawl the public list to harvest IPs for DDoS targeting only see the indirect entry.

Recommended value: true. There is essentially no downside for a normal production server.

sv_listingIpOverride

From the official docs: "this value is only needed if the server list backend can't guess the IP to query itself, and is not provided to any front-end connection."

The listing backend periodically pings your server at /dynamic.json to refresh the public listing data (player count, hostname, etc.). If your server lives behind NAT, has multiple public IPs, or only accepts master-server probes on a specific interface, you can pin the IP that the backend will hit here. Players never see this value.

On Zaroz Cloud, our entrypoint already writes the correct sv_listingIpOverride for the IP we've allocated to you on every container start, so you don't normally need to add it yourself. Override it only if you're proxying traffic through a different IP.

sv_listingHostOverride

From the official docs: "makes the server list backend request https://server1.example.com/ instead of the default."

This is the hostname version of the same idea. Instead of having the listing backend hit https://<ip>:<port>/, it makes the request to a domain you control. Use this when:

  • You've put a reverse proxy in front of your server (Cloudflare Spectrum, your own nginx/HAProxy, X4B, etc.).
  • You want a stable domain in the listing rather than a raw IP.

If you don't run a custom proxy or domain, leave this unset and let the listing backend reach you directly.

sv_endpoints

From the official docs: "the actual endpoint your server is hosted on, or one or multiple server endpoint proxies."

This is what the listing backend hands to players when they click your server. If sv_forceIndirectListing is on, this is the single source of truth for where players actually connect to, separate from where the backend pings you (sv_listingIpOverride).

Set it to:

  • Your public IP and game port (1.2.3.4:30120), or
  • Your proxy/tunnel endpoint, if you're routing traffic through one for DDoS protection.

You can list several endpoints separated by spaces if you want fallbacks.

set net_tcpConnLimit 50000

This convar caps the number of concurrent TCP connections the FiveM server will accept per source IP. The default is 16, which is fine for a small server but trips badly under real-world load:

  • The in-game server browser opens several connections per player as it probes your /info.json, /dynamic.json and /players.json endpoints.
  • Asset downloads (fivem-data / streaming) reuse and open new connections aggressively.
  • Reverse proxies (Cloudflare, Spectrum, your own) collapse many client IPs into a small pool of proxy IPs, so a single "source IP" may legitimately need thousands of concurrent connections.

When the limit is hit, the server starts refusing new TCP connections, which surfaces in clients as connection failures and in logs as Error 56 style CURL errors.

Raising it to 50000 is the value most production servers and DDoS-protection providers recommend. It is generous enough that a proxy fronting hundreds of players won't get throttled, while still capping the absolute amount of work the server is willing to do for a single peer.

What Zaroz Cloud already does for you

You don't have to do everything from scratch. On every container start, our entrypoint:

  • Removes any existing endpoint_add_tcp, endpoint_add_udp, and set sv_listingIpOverride lines from your server.cfg.
  • Prepends fresh ones bound to the real port and public IP we've allocated to you.

In practice, this means that at the very top of your server.cfg you will always find something like the following, matching the IP and port from your order:

endpoint_add_tcp "0.0.0.0:<your-port>"
endpoint_add_udp "0.0.0.0:<your-port>"
set sv_listingIpOverride "<your-public-ip>"

You don't need (and shouldn't try) to edit those three lines yourself: they get rewritten on every boot to match the current allocation. The minimum you usually want to add on top is sv_forceIndirectListing true and set net_tcpConnLimit 50000. The rest is only relevant if you're putting your own domain or proxy in front of the server.

When to contact support

If you've applied this config and you're still seeing:

  • Connection drops or Error 56 under heavy load.
  • The server failing to appear in the public list.
  • Players unable to connect using the address from your dashboard.

Send us your server.cfg (you can redact license keys) and your order ID, and we'll take a look.