#Proxy for Ptero&Wings

Hi everyone,

I’m trying to set up a central proxy server as a public entry point for my game servers running with Pterodactyl Wings. My goal is to have one or more proxy VPSs with public IPs, and route traffic over WireGuard VPN to multiple backend servers that run Wings.

My setup idea:
Each proxy VPS has a WireGuard tunnel to backend Wings servers.

The proxy has IP 10.0.0.1, and backend nodes have IPs like 10.0.0.6, 10.0.0.7, etc.

I want the proxy to forward TCP/UDP traffic (e.g., ports 25001–30000) to a specific Wings server based on port range.

For example:

Ports 25001–26000 → forward to 10.0.0.6

Ports 26001–27000 → forward to 10.0.0.7

etc.

The problem:
It quickly became a huge headache, especially when Docker on the backend interferes with source IPs (because of NAT). I don’t want to use --network host, as it breaks container isolation and limits port reuse.
I'd like to eventually run multiple Wings instances per proxy, all reachable through the proxy with real client IPs preserved if possible.

My question:
Is this setup actually doable using WireGuard and Docker (without host mode)?

Has anyone done something similar — maybe using macvlan, iptables, or Traefik with TCP/UDP?

How would you structure such a setup if you wanted to scale it to 5+ Wings nodes?

Any guidance or experience would be appreciated. Thanks!

Proxy for Ptero&Wings

@obsidian oriole I’m not a professional but I just wrapped up my cloudflare setup with zero trust. I ran into issues with the authentication methods but that’s me. I would be happy to help out

And most of the time you don’t need to tell pterodactal that it’s through a proxy just watch out for your latency times when hosting game servers. I had my wings game servers hosted open off the network instead of through a proxy/cloud flare. I only had my panel through proxy/cloud flare.

A just to be clear your are having trouble with panel connecting to each of your wings nodes through your tunnel.? Or is it both ways?

I am testing it on 2 VPS. One is my proxy and it's creating WireGuard VPN. All conections on ports for the servers running on wings I want to proxy via WG to pterodactyl. The problem is idk how to set it up. I achieved it only once, but ptero did not see ip of client. Just ip of proxy.

The goal is to run all servers (ptero and wings) behind a device with DDoS protection and proxy. It's more secure. But the settings is a hell.

Pterodactyl has features to enable use of proxies, however we cannot provide support for proxies as it adds great complexity to the application set up. Troubleshooting complex network setups involving tunnels and proxies is extremely difficult to do without access to that network. Supporting complex network issues is outside the scope of this support.

Well regardless of the bot I’ll try to give support but I must say it might be worth more to not run the game ports behind wings.

Is each vps going to have there own proxy and proxy IP?

Because if so you I don’t see why it would be an issue to redirect via subdomains points towards the proxy’s ip

Or have the dns redirect to the same ip (if your using one) and multiple ports witch the proxy intern handles

But that’s me

I need to redirect traffic like tcp udp too. Not just http. 1 proxy will work with around 5 nodes probably.

Idk if I am wrong but how other people solve bigger infrastructure and ddos protection?

Tbh I don’t know

It’s normaly handled by the vps provider I beleave

And yes you should be able to handle all traffic