How to configure mtaserver.conf for MTA:SA from scratch — complete guide
Learn how to configure every option in mtaserver.conf for Multi Theft Auto from scratch, with technical explanation of ports, ASE, password, modules and resources.
The mtaserver.conf is the central configuration file of any Multi Theft Auto: San Andreas server. It defines everything from basic operational details like port and slot count to network behavior, loaded modules, resources that start at boot and how the server advertises itself on the public master list. Editing this file without understanding each block usually results in a server that never appears in-game, unexplained lag or startup crashes.
This tutorial is for anyone setting up an MTA:SA server from scratch — whether on a Linux VPS, Windows dedicated or local environment — and needs to understand what each line of mtaserver.conf does, with recommended values for production. Estimated execution time: 25 to 40 minutes, depending on how many optional blocks you enable.
The premise is that you already have the MTA server installed (the multitheftauto-server package on Linux or the official release from mtasa.com on Windows) and can start the mta-server process at least once before editing the final configuration.
Prerequisites
MTA:SA server version 1.6 or higher installed. Access to the server filesystem (SSH/SFTP or RDP). A text editor that respects XML line breaks (vim, nano, VS Code, Notepad++). Three UDP ports cleared in the firewall: the server port, ASE and internal HTTP.
mods/deathmatch/mtaserver.conf XML 22003/UDP port+123 22005/TCP The file lives at mods/deathmatch/mtaserver.conf relative to the installation root. Every change requires a restart of the mta-server process to take effect, with few exceptions applicable at runtime via console.
Identity and visibility block
This section defines how your server appears to players on the master list and how it responds to external queries. These are the first XML tags right after <config>.
Set the public name and description that appear on the master list:
<servername>My RP Server</servername>
<serverip>auto</serverip>Use auto in serverip almost always — MTA detects the external IP via STUN. Only pin the IP manually if the server sits behind complex NAT and you know which public address to advertise. Server name is limited to 96 characters; emojis and color codes (#FF0000) work but make text search harder.
Configure the network ports:
<serverport>22003</serverport>
<maxplayers>64</maxplayers>
<httpserver>1</httpserver>
<httpport>22005</httpport>serverport is UDP — that’s where gameplay traffic flows. maxplayers sets the number of simultaneous slots. httpserver=1 activates the embedded HTTP server to deliver resources to clients during join; httpport is TCP and usually sits at serverport+2.
Enable the master list broadcast (ASE):
<ase>1</ase>
<allow_gta3_img_mods>none</allow_gta3_img_mods>
<donotbroadcastlan>0</donotbroadcastlan>ase=1 makes your server appear in the in-game browser. The ASE port is automatically serverport+123 (UDP) — it needs to be open in the firewall, otherwise the master list can’t confirm the server is alive and removes it from the list after a few minutes.
An MTA server requires three open ports: serverport (UDP), the ASE port = serverport+123 (UDP) and httpport (TCP). Forgetting ASE is the most common mistake — the server boots, connects locally, but never shows up on the public list.
Security and access control
Here you define password, ACLs, anti-cheat and who can administer via remote console. This is the section that varies the most between a production server and a development server.
Set the password (optional) and access mode:
<password></password>
<minclientversion>1.6.0-9.22790.0</minclientversion>
<recommendedclientversion></recommendedclientversion>Leave <password></password> empty for a public server. For a private whitelist, set a strong password (16+ characters). minclientversion forces clients to be up to date — useful to avoid bugs already fixed; the exact format comes from the MTA release you want to require.
Configure anti-cheat and detections:
<ac>1,2</ac>
<disableac></disableac>
<enablesd>12,28,32</enablesd>ac enables anti-cheat categories — 1,2 covers the recommended standard checks. enablesd activates numbered special detections; the official list is on the MTA wiki. On development servers, leave disableac with the IDs you need to turn off to test mods.
Configure remote access via web admin:
<httpdosthreshold>20</httpdosthreshold>
<verifyclientsettings>-1</verifyclientsettings>
<bandwidthreductionmode>medium</bandwidthreductionmode>httpdosthreshold limits requests per second on the internal HTTP server to mitigate floods. bandwidthreductionmode can be none, medium or maximum — on a server with many players, medium is the sweet spot between bandwidth consumption and responsiveness.
The password in mtaserver.conf is only for joining the server. Who can run administrative commands comes from mods/deathmatch/acl.xml. Never leave the Admin group with the default serveradmin password — everyone on the internet knows it exists and tries to brute-force it daily.
Performance and logs
This section controls how much resource the server consumes and how it records activity. Bad values here cause perceived lag even with plenty of hardware to spare.
Set tickrate and voice limits:
<voice>0</voice>
<voice_samplerate>1</voice_samplerate>
<voice_quality>4</voice_quality>
<fpslimit>36</fpslimit>fpslimit is the server tickrate — 36 is the default and works for most cases. Raising it to 60 or 100 improves sync accuracy in competitive deathmatch, but doubles/triples CPU usage. voice=0 disables voice chat; only enable it if the gameplay depends on it.
Configure log files:
<logfile>logs/server.log</logfile>
<authserialloglevel>2</authserialloglevel>
<authserialgroups>Admin,Moderator</authserialgroups>
<loadfailurelogfile>logs/load_errors.log</loadfailurelogfile>
<scriptdebugloglevel>0</scriptdebugloglevel>
<htmllogfile>logs/server.html</htmllogfile>
<acllogfile>logs/acl.log</acllogfile>Separate logs help debugging. scriptdebugloglevel=0 turns off verbose Lua script logging — set it to 2 or 3 only in development because it fills the disk fast. authserialloglevel=2 records authentications by privileged groups; useful for auditing.
Set directories and crash dumps:
<crashdumpfile>logs/crashdump.log</crashdumpfile>
<filterduplicatelogfilelines>1</filterduplicatelogfilelines>
<backup_path>backups</backup_path>
<backup_interval>3</backup_interval>
<backup_copies>10</backup_copies>backup_interval=3 backs up mods/deathmatch/ every 3 days while keeping 10 copies. On a production server, consider pointing backup_path to a separate volume or running external rsync — a backup on the same disk as the server doesn’t protect against physical failure.
Modules and startup resources
The last section of the XML defines what loads at boot: C++ modules (binary extensions) and the Lua resources that become the gameplay.
List binary modules that should load:
<module src="mta_mysql.dll" />
<module src="ml_sockets.dll" />Replace .dll with .so on Linux. Common modules: mta_mysql for native MySQL connection (faster than plain dbConnect), ml_sockets for raw TCP/UDP, ml_base64. Each module must sit in mods/deathmatch/modules/ to be found.
Set which resources start automatically:
<resource src="admin" startup="1" protected="0" />
<resource src="webadmin" startup="1" protected="0" />
<resource src="resourcemanager" startup="1" protected="0" />
<resource src="mapmanager" startup="1" protected="0" />
<resource src="my-gamemode" startup="1" protected="0" />startup="1" loads on server boot. protected="1" prevents in-game commands from stopping the resource — use it on critical resources (admin, ACL). Order matters: dependencies must be declared before the resources that rely on them.
If the server has 100+ slots, configure httpdownloadurl pointing to an external nginx/CDN that mirrors the mods/deathmatch/resources/ directory. Clients download from there instead of saturating MTA’s internal HTTP — it reduces process CPU and improves join speed. The mirror needs to be updated on every new resource deploy.
Verification
After saving mtaserver.conf, validate the configuration before opening to the public. Start the server in the foreground to see the logs:
cd /opt/mta-server
./mta-serverOn Windows, run MTA Server.exe directly from the terminal to see the output. Look for these lines at startup:
[INFO] Server started and is ready to accept connections!
[INFO] Listening on 0.0.0.0:22003 (UDP)
[INFO] HTTP server started on port 22005
[INFO] Querying master server...
[INFO] Master server registration successfulIf the last line shows failed or timed out, it’s a firewall issue on the ASE port. Test from outside using nc -u -z YOUR_IP 22126 (if serverport=22003, ASE=22126). After success, connect from the MTA client at your-ip:22003 and confirm the server appears on the master list within 5 minutes.
Troubleshooting
Server boots but doesn’t appear on the list
The most common cause is a firewall blocking the ASE port (UDP serverport+123). The master list sends a query on that port every few minutes to confirm the server is alive. Without a response, it gets removed from the list. Check ufw status on Linux or Windows Firewall, and also the hosting provider’s firewall — on a VPS, both layers need to allow the port.
”Could not load module” at startup
The module path in <module src="..." /> is relative to mods/deathmatch/modules/. Confirm the file exists there and that the extension matches the OS (.dll Windows, .so Linux). Modules compiled for an old MTA version won’t load on 1.6+ — always download the build matching the exact version of your server.
Resource doesn’t start even with startup=“1”
Check logs/load_errors.log — the reason is usually there. Common errors: a dependency declared in meta.xml that doesn’t exist, a Lua file with a syntax error that prevents parsing, ACL blocking the resource’s actions. Run refresh on the server console after fixing.
Next steps
With mtaserver.conf configured, the natural next step is to tweak acl.xml to create administrative groups with granular permissions — never use the default serveradmin password. Then, set up external backups via rsync or a separate volume, and consider mirroring resources on a CDN if you plan to scale to 100+ slots.
For production deployment, it’s worth sizing the infrastructure by the desired tickrate: 36fps fits comfortably on a 2 vCPU VPS, while 100fps in competitive deathmatch demands 4+ dedicated vCPUs. If you’re putting an MTA:SA server online, the Hostini game hosting plan already comes with DDoS protection at the edge and low-latency IPs suitable for the regions where most MTA players are.
Finally, monitor long-term metrics: CPU usage per tickrate, outbound traffic per connected player and log size. A well-configured MTA server consumes surprisingly little — if consumption is high, it’s almost always a poorly written Lua resource, not the mtaserver.conf.
Frequently asked questions
Can I run two MTA servers on the same machine?
Yes. Each instance needs a separate copy of the server directory and distinct ports in serverport, httpport and ase. Remember to also change servername to differentiate on the master list and open all 3 ports in the firewall for each instance.
What's the difference between httpserver and httpdownloadurl?
httpserver=1 spins up an internal MTA HTTP server on httpport to deliver resources to clients. If you set httpdownloadurl pointing to an external CDN/nginx, the client downloads from there instead of the server — it reduces CPU and bandwidth on the MTA process, but requires keeping the mirror in sync.
Why doesn't my server appear in the in-game list even with ase=1?
Almost always it's the firewall on the ASE port (serverport+123 by default, UDP). The master list needs to receive a response on that port to list you. Check iptables/ufw and, on a VPS, the provider panel's firewall — both layers must allow the ASE UDP port.
Should I keep voice=1 in production?
Only if it's part of the gameplay. Voice consumes considerable bandwidth (around 8 kbps per speaking player) and adds CPU for mixing. On large servers (200+ slots) without voice mechanics, leave voice=0 to save resources.
What happens if I don't set a password in mtaserver.conf?
The server stays public — anyone on the master list can join. For a development or whitelist server, set a strong password. On a public production server, keep it empty but configure ACL and anti-cheat (ac) correctly to mitigate abuse.
Can I edit mtaserver.conf while the server is running?
You can edit it, but most options only reload on the next restart. Changes to maxplayers, password and some ACL rules can be applied via console commands without restart. For changes in ports, modules or httpserver, a restart is mandatory.