#Subdomain for Pterodactyl.

I just bought an domain and i have setup dns records. I pointed xxx.com to my server ip. I don't want people seeing my pterodactyl panel so i want it to be a nly subdomain accessible like panel.xxx.com

yes then make a new A record with panel.example.com(Point this to your server aswell), and just follow the tutorial to install the panel. When you are at domain setup, then just use the panel.example.com domain

i already installed pterodactyl

okay then you have to change the domain in /var/www/pterodactyl/.env

create a new certificate using certbot, and in /etc/nginx/sites-available/pterodactyl.conf, change the domain to the subdomain eg example.com -> panel.example.com

restart nginx and it should be good to go

what do i do there?

there is app url?

okay i changed it

can you help?

i changed both and it doesn't work

Please explain the issue you're experiencing in as much detail as possible. Preferably with error messages in a text format or paste link to logs. Nobody can assist you without information that helps to understand the issue. Help us help you. Messages such as "doesn't work" or "i need help" will most likely be ignored.

you have changed the domain also in /etc/nginx/sites-available/pterodactyl.conf

what is the output of service nginx status

right now i am back to default settings

tell me how should i do it in steps

okay so first create SSL certificate using CertBot

i am installing it using snapd right?

probaly, i use apt

okay so its asking me what domain name i am setting it to panel.xx.com right?

Could not automatically find a matching server block for panel.tachyonpvp.com. Set the server_name directive to use the Nginx installer.

Unable to install certificate

@teal kettle

i think nginx was first...?

did you create an A record

panel.xx.com

yes.

certbot certonly -d panel.xx.com

use the standalone webserver option

proxy should be off?

Since you're using your own certificate (and to avoid issues with certificates) the dns record on cloudflare (that's what I assume you're using) should be set to DNS-Only.

its saying congratilations

what now?

@teal kettle

okay in /etc/nginx/sites-available/pterodactyl.conf

change all xx.com to panel.xx.com

there is no xx.com there is my machine ip

this will leak your backend IP, you can also use the SSL Full mode (instead of strict)

put this in there

so i should enable it? but it doesn't work i think cloudflare wants money?

server {
    listen 80;
    server_name <domain>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name <domain>;

    root /var/www/pterodactyl/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # SSL Configuration - Replace the example <domain> with your domain
    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}```

Hey, @teal kettle! You must replace <domain> in the pterodactyl.conf SSL config to match your actual real domain.

and do as the bot says xD

just disable it for now, it will also give node erros if you use the same domain

Cloudflare has free plans, you don't have to pay anything to use their proxies. The free plan just has some ports that are protected

okay ill configure that later

He will have the IP leaked anyway once he sets up wings... Wings usually doesn't work pretty well with cloudflare (at least from what I've tried already) so he'll end up using dns-only for wings which means the IP will be "leaked" anyways.

I don't see any issue with the IP leaking. If he's got a home server - that's a little bit of a concern - but if the server is on a datacenter then what is the issue? Datacenter has protections...