Pterodactyl Panel proxied through Cloudflare
I'm trying to Proxy Pterodactyl Panel through Cloudflare and I have created Origin Certificates from CF and configured them into my Panel.
Now when I try to go to my panel it "stalls" and just doesn't load anything, like in the picture.
Btw I've following this tutorial https://www.youtube.com/watch?v=yOG45TLWNu0&t=436s.
148 Replies
ctrl+shift+i or right click -> inspect and look at the console/network tabs and see which requests are failing
I haven't played around to much with pterodactyl but iirc it uses "Wings" on the host server for status/actual server info which its probably trying to send requests to and failing
Ah yes request I forgot that, it's
504
that's the request for server info? Any more info on it? What's the request path and such?
there's also this
That error looks like your panel is trying to reach out to wings/the actual server via Axios and failing, I would check config/logs
Oh, I think I haven't opened daemon port
8443
Let me check
Wasn't, but now is
It's still in same condition however
I rebooted alsoDid the error change at all?
For me that gives an instant 523 now
Err maybe you were rebooting it when i was testing, seems to back to timeout now
nope
yeah ig
here are the logs
any idea? by that
So my understanding is Wings is on 8443 but it's unreachable. Panel is on 443 and works fine. Check Wings config/anything blocking it. On the server itself can you reach that port?
curl https://127.0.0.1:8443 -k -vvvYep connection refuse for
8443I guess by default it's on 8080 and you need to change it? https://pterodactyl.io/wings/1.0/configuration.html#enabling-cloudflare-proxy
Additional Configuration | Pterodactyl
Pterodactyl is an open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.
Yes, but if I want to use proxy I need to use
8443Right, so I'm guessing you didn't change it or something went wrong in that changing process
I did change it on conf
Could this also affect this?
Tho I have updated panel twice without single error, but it stays 'outdated'...
no
alright then
is your panel and wings on the same machine?
yes
try running
sudo wings --debug
make sure to stop the old
and see the logsis your node proxied?
not right now im trying with out
do you have waf enabled?
whats that?
or maybe im under attack mode etc
also, is your port open?
DNS Checker
DNS Checker - DNS Check Propagation Tool
Check DNS Propagation worldwide. DNS Checker provides name server propagation check instantly. Changed nameservers so do a DNS lookup and check if DNS and nameservers have propagated.
for
8080arent you using 8443?
also it will say closed if your service isnt running
you should check it in your vps
yes for protected, but im now trying to make it work without proxy protection
on vps
8080 and 8443 is openedso have you edited the /etc/pterodactyl/config.yml right?
yeah
in your oracle networking too?
wdym?
are you using oracle vps?
yes
so you have to also open the ports there
yeah they're open
in oracle?
yep
wings status
regenerate the token from your panel and paste it
Daemon Master Key
?
no in configuration
Hmm, now the site gives
523 straight awaypanel?
yes when I try to reach
now it reached but still doesn't work properly
logs?
sudo wings diagnostics
wings --debug
ok you have a firewall issue
alright, hmm
your wings ip is blocked by panel cloudflare
go to cloudflare > security > waf
then add rule
ip source address
equals
yout wings ip
wings ip = ?
then choose action skip
Wings ip is your public oracle ip
if your panel and wings same machine then sane ip
yhis will 101% work
oh yeah.. ?
yes select everything
everything possible
If you think it's blocking it, you should check under Security -> events first if you can even see it
yes
there's some products that aren't skippable
supah bot fight
No firewall events found matching your filters
what filter you add?
wings ip?
Nothing
oh
you disabled proxy for the panel subdomain, looks like?
yes, I'm trying without proxy temporary
I will try to configure the proxy some day
oh your panel isnt proxied š
You regenerated your token righr?
you overwrited the file too right?
I dont think the error was from firewall
I regened the token and it worked then
but anyway
No it isn't i thought ur panel is proxied
yep ofc
like it worked?
green heart too?
yeah
then maybe reset the daemon key, save it, then again regenerate token
why again?
it's works now
after resetting the daemo n key?
yes I resetted that and also conf key
hm that was the issue
ok nvm
also dont proxy nodes if you are gonna use minecraft server, it won't connect then
you can proxy the panel
I meant to proxy the panel, not wings
oh
then you dont have to use 8443
Isn't there a solution to proxy wings?
iirc
see you can but minecraft won't work (coz i have only tested that) maybe because minecraft tries to connect to the cloudflare ip
aight
is there any solution tho @Chaika
solution for what, I wasn't following?
proxying minecraft?
yes
Cloudflare Spectrum but it's stupid expensive ($1/gb) out of an Enterprise Contract
or Magic Transit but it's fully Enterprise
oh
Aalright I see, so with Cloudflare's proxy I can't protect Pterodactyl right?
you can protect panel...
yes, I meant the servers
oh
maybe others games may work i dont know much about networking lol
alright
cf's normal proxy is just http/https
unless the game is a http powered game then won't work with normal proxy lol
yeah lol
lol
SuperKali
YouTube
HOW TO PROTECT YOUR PTERODACTYL PANEL WITH CLOUDFLARE PROXY
Hi guys, today I will show you how to protect your server against DDoS attacks through Cloudflare, in the next video, I will show how to add new nodes on the pterodactyl panel!
š This tutorial requires a Domain and VPS (KVM & VMware)
š§ I need support, can contact you for some help?
ā”ļø Yes, you can contact me through my email or discord, some f...
So this was the tutorial I was following
And he put
8443 as the port of daemon3 yo old video, things may have changed altough not sure...
I think it's pretty similar
but shouldn't the panel still work if I put
8443 as daemon port? bcz it shut hereyes, any unique port will work until port is opened, that error was due to invalid token/key
hmm, what could have cause that?
maybe you accidently edited the key in the config.yml while changing port
maybe some letter got put, etc.
oh right
yeah
Now that I know that, I also cant proxy the panel, cause wings has same IP and so minecraft & servers, right?
no you obviously can, and you should to protect from ddos aatacks, just use a different domain for the node
So I would need to delete my current node and make a new one w/ diff subdomain
no no, you can switch subdomains too, no need to delete annything at all
Switching Domains | Extra Pterodactyl Documentation
An open source documentation to complement official docs
ignore daemon
Oh oh okay great
I'm trying to proxy it now, but cloudflare certificate "signed by unkown authority"?
@debargha ?
maybe some issue go to ur cloudflare > ssl/tls > set cert to max setting
oh yes it was by cf side, now the ssl works, BUT my panel (wings) stoppped work :/
I fixed that^ and set wings port to 8443 and sftp to 2053 and everything seems to work as they should but wings still not working on panel?
Gives
504 error again
sometimes the wings is ok, but sometimes it goes down...
@debargha do you have any idea?
how do you run wings?
systemctl start/restart wings
and sudo wings (--debug)
but there's something with the certificate currently
it's valid but somethings not working
I also do get ssh error..?
so, I still havent figured out.. @debargha @Chaikait's strange that panel shows green heart
something with sftp it seems to be
when you click on that node, oracle cloud, are the information showing or loading forever
loading forever
the wings/panel is working like half
console shows, but not files..
it's strange
504 is the error codethat means your browser can connect to winga but your panel can't
thats because your panel isnt connected to wings
First of all I hope you didn't proxy the node.
I proxied panel
then don't use 8443 port
yes its fine
I dont
You are using 8080 then?
yep
Ok thats the issue
You should use lets encrypt cert
for wings
is that one from cloudflare?
yeah it is
full strict
Cloudflare cert is only valid when you use cloudflare
So use certbot for wings
Oh yeah ofc
because your wings isnt using cloudflare
yeah
so run certbot certonly
then gen cert fpr you wings node
then again go to config.yml
and change the path to that ssl
and then restart
and u done
Do I use nginx one? @debargha
The certificate seems to work now, but now I get this and my wings still goes down.. @debargha
That's for
sftp, but I think my server runs good nowyes
service wings status
what os are you using
vps or my pc
run
systemd-detect-virtkvm
thats good
it seems to work now though
ohk
tysm
I will say if something goes wrong again:D
sure
wlcm