Panel Software
Pterodactyl
Cloudflare Proxying

Cloudflare's Proxy with Pterodactyl Panel

Login to Cloudflare

Login to Cloudflare here (opens in a new tab).

Go to DNS

Go to Cloudflare's DNS Page (opens in a new tab)

Proxy Subdomain

Enable Cloudflare's orange cloud proxy symbol for the panel subdomain

Proxy to Port 443

  1. Visit https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls (opens in a new tab) and add change the flexible SSL option to full. This proxies Cloudflare's traffic to port 443 instead of port 80.

Create Origin SSL

Go to https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/origin (opens in a new tab) and create an origin SSL for panel.example.com with a 15-year expiration date, then copy the public key into /etc/ssl/cert.pem and the private key into /etc/ssl/key.pem

Enable Origin Pulls

Go to https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/origin (opens in a new tab) and enable the option "Authenticated Origin Pulls"

Modify the Nginx Config

Replace your existing webserver configuration at /etc/nginx/sites-enabled/pterodactyl.conf with:

pterodactyl.conf
server_tokens off;
 
server {
    listen 80;
    server_name panel.example.com;
    return 301 https://$server_name$request_uri;
}
 
server {
    listen 443 ssl http2;
    server_name panel.example.com;
 
    root /var/www/pterodactyl/public;
    index index.php;
 
    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;
 
    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;
 
    sendfile off;
 
    # SSL Configuration - Replace the example <domain> with your domain
    ssl_certificate /etc/ssl/cert.pem;
    ssl_certificate_key /etc/ssl/key.pem;
    #ssl_certificate /etc/letsencrypt/live/panel.example.com/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/panel.example.com/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;
 
    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;
 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
 
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }
 
    location ~ /\.ht {
        deny all;
    }
}

Restart Nginx

Run systemctl restart wings

Automatic RestartInstall Pterodactyl