Skip to content

Deployment Overview of Pterodactyl Panel on Server

Prerequisites and Basic Requirements

The deployment environment requires a specific operating system configuration and user privileges to ensure compatibility with the application stack.

  • Operating System: Ubuntu 22.04 LTS (Release: jammy). The installation process will fail on other distributions or versions.

  • Privileges: Root access or sudo privileges are required to install system packages, manage systemd services, and configure the firewall.

  • Timezone: The application is configured to use the Europe/Amsterdam timezone.

  • Required Ports:

    • Port 80 (HTTP) for initial access and SSL certificate validation.

    • Port 443 (HTTPS) for secure panel access.

    • Port 12333 (Wings Proxy) for game server management communication.

    • Port 3306 (MariaDB) for database connectivity.

    • Port 6379 (Redis) for caching and queue processing.

    • Port 9000 (PHP-FPM) for PHP processing (internal).

FQDN of the Final Panel

The Pterodactyl Panel is accessible via a custom domain on the hostkey.in infrastructure. The Fully Qualified Domain Name (FQDN) follows the specific naming convention based on the server identifier.

  • FQDN Format: pterodactyl<Server ID>.hostkey.in

  • Access URL: https://pterodactyl<Server ID>.hostkey.in

File and Directory Structure

The application files, configuration, and data are stored in specific locations on the host filesystem.

  • Application Root: /var/www/pterodactyl

  • Web Root (Public): /var/www/pterodactyl/public

  • Storage Directory: /var/www/pterodactyl/storage

  • Bootstrap Directory: /var/www/pterodactyl/bootstrap

  • Nginx Configuration: /etc/nginx/sites-available/pterodactyl.conf

  • SSL Certificates: Managed within the Docker container at /etc/letsencrypt/live/pterodactyl<Server ID>.hostkey.in

  • Cron Jobs: /etc/cron.d/pterodactyl

  • Systemd Service Files: /etc/systemd/system/pteroq.service

  • Docker Compose Configuration: /root/nginx/compose.yml

Application Installation Process

The Pterodactyl Panel is installed using the latest release binary, configured with a custom environment file, and integrated with local system services.

  1. System Preparation:

    • Updates are applied to the apt cache.

    • Required repositories are added, including ppa:ondrej/php for PHP 8.3 and the official Redis repository.

  2. Dependency Installation:

    • The following packages are installed: php8.3 and its extensions (cli, common, gd, mysql, mbstring, bcmath, xml, curl, zip, fpm), nginx, mariadb-server, redis-server, git, composer, curl, unzip, and cron.

  3. Application Deployment:

    • The latest panel.tar.gz archive is downloaded from the Pterodactyl GitHub releases.

    • The archive is extracted to /var/www/pterodactyl.

    • Composer dependencies are installed in production mode (--no-dev, --optimize-autoloader).

  4. Configuration:

    • The .env.example file is copied to .env.

    • The APP_KEY is generated using php artisan key:generate.

    • Environment variables are set non-interactively to configure the panel URL, timezone, and database credentials.

  5. Database Initialization:

    • A MariaDB database named panel is created.

    • A user named pterodactyl is created with full privileges on the panel database.

    • Database migrations and seeding are executed.

  6. Admin User Creation:

    • The first administrator account is created with the username admin and the email address provided in the deployment variables.

Access Rights and Security

Security configurations include firewall rules, user permissions, and SSL enforcement.

  • Web Server User: All application files and directories under /var/www/pterodactyl are owned by the www-data user and group.

  • SSL Enforcement:

    • SSL is enabled using Let's Encrypt certificates via certbot.

    • HTTP traffic on port 80 is automatically redirected to HTTPS on port 443.

    • Modern TLS protocols (TLSv1.2, TLSv1.3) and strong cipher suites are enforced.

  • Firewall and Access:

    • Default Nginx site is disabled.

    • Access to hidden files (starting with .) is denied.

    • The pteroq service runs as the www-data user.

  • PHP Security:

    • HTTP_PROXY environment variable is explicitly set to empty to prevent the HTTPoxy vulnerability.

Databases

The application utilizes a local MariaDB instance for data persistence and Redis for caching and queue management.

  • Database Engine: MariaDB (MySQL compatible).

  • Database Name: panel.

  • Database Host: 127.0.0.1.

  • Database Port: 3306.

  • Database User: pterodactyl.

  • Cache and Queue Driver: Redis.

  • Redis Host: 127.0.0.1.

  • Redis Port: 6379.

  • Redis Password: Not configured (null).

Docker Containers and Their Deployment

A Docker container is deployed to manage SSL certificates and proxy traffic for the Wings API endpoint.

  • Container Image: jonasal/nginx-certbot:latest.

  • Deployment Method: docker compose using the file located at /root/nginx/compose.yml.

  • Network Mode: host.

  • Volumes:

    • nginx_secrets (external) mounted at /etc/letsencrypt.

    • /data/nginx/user_conf.d mounted at /etc/nginx/user_conf.d.

    • /var/www/pterodactyl/public mounted read-only at /var/www/pterodactyl/public.

  • Environment Variables:

  • Restart Policy: unless-stopped.

Proxy Servers

Two proxy configurations are active: one on the host system for the main Panel interface and one inside the Docker container for the Wings proxy.

Host Nginx (Panel)

  • Configuration File: /etc/nginx/sites-available/pterodactyl.conf.

  • Ports: Listens on 80 and 443.

  • Root Directory: /var/www/pterodactyl/public.

  • PHP Handler: FastCGI via Unix socket /run/php/php8.3-fpm.sock.

  • SSL Certificates: Managed automatically by Certbot via the Nginx plugin.

Docker Nginx (Wings Proxy)

  • Configuration Template: templates/nginx.conf.j2 (applied inside the container).

  • Ports: Listens on 80 (redirect) and 443 (SSL).

  • SSL Certificates: /etc/letsencrypt/live/pterodactyl<Server ID>.hostkey.in.

  • Proxy Backend: Forwards PHP requests to 127.0.0.1:9000 on the host.

  • HTTP/2: Enabled.

Permission Settings

File and directory permissions are strictly set to ensure the web server can read and write necessary files while preventing unauthorized access.

Path Owner Group Permissions
/var/www/pterodactyl www-data www-data 0755 (Recursive)
/var/www/pterodactyl/storage www-data www-data 0755
/var/www/pterodactyl/bootstrap www-data www-data 0755
/var/www/pterodactyl/bootstrap/cache www-data www-data 0755
/root/nginx root root 0755
/etc/nginx/sites-available/pterodactyl.conf root root 0644
/etc/cron.d/pterodactyl root root 0644

Location of Configuration Files and Data

The following files contain the core configuration for the application and its services.

  • Application Environment: /var/www/pterodactyl/.env

  • Nginx Site Config: /etc/nginx/sites-enabled/pterodactyl.conf

  • Cron Job: /etc/cron.d/pterodactyl

  • Queue Worker Service: /etc/systemd/system/pteroq.service

  • Docker Compose: /root/nginx/compose.yml

  • Wings Proxy Config: Managed within the Docker container context.

Available Ports for Connection

The following ports are open and configured for specific services on the server.

  • 80: HTTP (Redirects to HTTPS).

  • 443: HTTPS (Pterodactyl Panel Access).

  • 12333: Wings Proxy (Game Server Management).

  • 3306: MariaDB (Internal database access).

  • 6379: Redis (Internal cache/queue access).

  • 9000: PHP-FPM (Internal process communication).

Starting, Stopping, and Updating

The application relies on systemd for managing background services and docker compose for the proxy container.

  • Start Services: 

    systemctl start php8.3-fpm
systemctl start mariadb
systemctl start redis-server
systemctl start nginx
systemctl start pteroq

  • Stop Services: 

    systemctl stop php8.3-fpm
systemctl stop mariadb
systemctl stop redis-server
systemctl stop nginx
systemctl stop pteroq

  • Restart Services: 

    systemctl restart nginx
systemctl restart pteroq

  • Enable Services on Boot: 

    systemctl enable php8.3-fpm
systemctl enable mariadb
systemctl enable redis-server
systemctl enable nginx
systemctl enable pteroq

  • Docker Container Management: Navigate to /root/nginx and execute: 

    docker compose up -d

  • Update Application: To update the Pterodactyl Panel binary, download the latest release to /tmp, extract it to /var/www/pterodactyl, and run: 

    cd /var/www/pterodactyl
composer install --no-dev --optimize-autoloader
php artisan migrate --force
php artisan config:clear
php artisan config:cache
php artisan route:clear
php artisan view:clear

  • Schedule Tasks: The application scheduler is managed by a cron job located at /etc/cron.d/pterodactyl, which executes php /var/www/pterodactyl/artisan schedule:run every minute.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×