#Pterodactyl Panel Behind CloudFlare Tunnel

@timid kraken; Panel and Wings must communicate over HTTPS when either one has HTTPS enabled. Make sure to enable and use HTTPS for both.

If you are using Cloudflare Proxy, please read this: https://pterodactyl.io/wings/1.0/configuration.html#enabling-cloudflare-proxy and make sure you have "Not behind proxy" option selected in Node settings.

I am currently not using https for any of them.

cloudflare doesnt serve https requests over port 8080 in the free plan

Aha, so what should i do then? use an other port for wings or?

yes. Look at the the following https://developers.cloudflare.com/fundamentals/reference/network-ports/#network-ports-compatible-with-cloudflares-proxy

Okey, so a clean reinstall with port 8443 would be correct?

Because that is supported with https?

just changing the config of your wings to use port 8443 is probably going to fix it, and restarting of course. No need to reinstall anything

and also ofcourse on your panels node settings setting the deamon to communicate on port 8443

You also loses SFTP Connectivity FYI

https://pterodactyl.io/wings/1.0/configuration.html#enabling-cloudflare-proxy

Just tried changing it, but the node is still down.

uuid: ------------
token_id: ------------------
token: ------------------
api:
  host: 0.0.0.0
  port: 8443
  ssl:
    enabled: false
    cert: /etc/letsencrypt/live/node.mijnclan.eu/fullchain.pem
    key: /etc/letsencrypt/live/node.mijnclan.eu/privkey.pem
  upload_limit: 100
system:
  data: /var/lib/pterodactyl/volumes
  sftp:
    bind_port: 2022
allowed_mounts: []
remote: 'http://192.168.1.150' ```

There were too many logs to read @timid kraken. Please post 5 or less.

TLS is off ^

in your config set it to 8080

but on pterodactyl set it to 8443

its mismatched on purpose

Still the same issue, i also rebooted the whole VM, and still the same issue.

node.mijnclan.eu:8443/api/system:1 
Failed to load resource: net::ERR_FAILED```

@timid kraken; Make sure that your Wings are running and reachable. This error usually happens when your browser can't reach Wings to verify the CORS headers. Click on the URL in the CORS error to verify it can be connected to without any errors.

ah wait

are you using cloudflare's tunnel?

Yea

if you head onto your cloudflared tunnel settings, edit the node configuration

go under additional settings > TLA > no tls verify and enable it

Allready on 🙂

and youre using cloudflares certificates for ssl?

Yes, for the main root domain i do, for the node subdomain im not using any certificate's because i cant create one, because its pointed to a tunnel that go's to a local ip. so i cant generate a certificate for that.

And in the node settings i also enabled the behind proxy setting, because its going trough a cloudflare tunnel, so it should skip all certificate's, but still that HTTPrequest error.

dont

you have to select not behind proxy in your node settings.

actually reading the docs that brainshead sends helps.

Yea ive read that haha, but i tought i shoudnt use that because i dont have a SSL certification for that subdomain, since its a tunnel.

using port 8443 and turning off behind proxy should do it

Just changed it back, to try. and still the XMLHttprequest blocked.
nodes:1 Access to XMLHttpRequest at 'https://node.mijnclan.eu:8443/api/system' from origin 'https://pterodactyl.mijnclan.eu' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

@timid kraken; Make sure that your Wings are running and reachable. This error usually happens when your browser can't reach Wings to verify the CORS headers. Click on the URL in the CORS error to verify it can be connected to without any errors.

Wings is running fine.

does the node info load? Like the amount of cores etc?

Nope.

We need some logs from you in order to help debug this issue.
Panel: tail -n 150 /var/www/pterodactyl/storage/logs/laravel-$(date +%F).log | nc pteropaste.com 99
Wings: sudo wings diagnostics
Please see .plogs and .wlogs respectively for more information.

And i think it has to do with the tunnel, when i search node.mijnclan.eu:8443 i get this gateway error, but when i search it locally it runs fine:

Panel: https://ptero.co/ipokucurem

Wings: https://ptero.co/mapozilaku

I have found the following for: https://ptero.co/ipokucurem
You will normally see 502 bad gateway error when php-fpm can't be reached by your web server. This can be due to a wrong path, it not running or wrong permissions. Confirm that it is running and using the correct php-fpm version in the config pterodactyl.conf file. It would be attempting to use PHP 8.3 by default. When using other PHP versions, make sure to change the php-fpm version in your config to match your used PHP version.

Not sure where to find the server block file? Type .webconf and I will respond with more instructions. Web server error logs can provide additional details.

I have found the following for: https://ptero.co/mapozilaku
@timid kraken; Wings must have a certificate to use when SSL is enabled. Follow this guide to learn how to generate SSL certificates: https://pterodactyl.io/tutorials/creating_ssl_certificates.html

why disable ssl?

SSL is on?

well in your wings config its set to false

and youve still behind proxy checked in your screenshot

Let me update it.

 INFO: [Jul 19 12:05:29.376] writing log files to disk path=/var/log/pterodactyl/wings.log

                     ____
__ Pterodactyl _____/___/_______ _______ ______
\_____\    \/\/    /   /       /  __   /   ___/
   \___\          /   /   /   /  /_/  /___   /
        \___/\___/___/___/___/___    /______/
                            /_______/ 1.11.13

Copyright © 2018 - 2025 Dane Everitt & Contributors

Website:  https://pterodactyl.io
 Source:  https://github.com/pterodactyl/wings
License:  https://github.com/pterodactyl/wings/blob/develop/LICENSE

This software is made available under the terms of the MIT license.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.

 INFO: [Jul 19 12:05:29.376] loading configuration from file config_file=/etc/pterodactyl/config.yml
 INFO: [Jul 19 12:05:29.376] configured wings with system timezone timezone=Etc/UTC
 INFO: [Jul 19 12:05:29.376] checking for pterodactyl system user username=pterodactyl
 INFO: [Jul 19 12:05:29.376] configured system user successfully gid=988 uid=999 username=pterodactyl
 INFO: [Jul 19 12:05:29.377] fetching list of servers from API
 INFO: [Jul 19 12:05:29.392] processing servers returned by the API total_configs=0
 INFO: [Jul 19 12:05:29.393] finished processing server configurations duration=325.019µs
 INFO: [Jul 19 12:05:29.395] configuring system crons  interval=1m0s subsystem=cron
 INFO: [Jul 19 12:05:29.395] starting cron processes   subsystem=cron
 INFO: [Jul 19 12:05:29.395] configuring internal webserver host_address=0.0.0.0 host_port=8443 use_auto_tls=false use_ssl=true
 INFO: [Jul 19 12:05:29.395] updating server states on Panel: marking installing/restoring servers as normal
FATAL: [Jul 19 12:05:29.395] failed to configure HTTPS server auto_tls=false error=open /etc/letsencrypt/live/node.mijnclan.eu/fullchain.pem: no such file or directory

Stacktrace:
open /etc/letsencrypt/live/node.mijnclan.eu/fullchain.pem: no such file or directory
github.com/pterodactyl/wings/cmd.rootCmdRun
        github.com/pterodactyl/wings/cmd/root.go:369
github.com/spf13/cobra.(*Command).execute
        github.com/spf13/[email protected]/command.go:987
github.com/spf13/cobra.(*Command).ExecuteC
        github.com/spf13/[email protected]/command.go:1115
github.com/spf13/cobra.(*Command).Execute
        github.com/spf13/[email protected]/command.go:1039
github.com/pterodactyl/wings/cmd.Execute
        github.com/pterodactyl/wings/cmd/root.go:71
main.main
        github.com/pterodactyl/wings/wings.go:17
runtime.main
        runtime/proc.go:267
runtime.goexit
        runtime/asm_amd64.s:1650



root@internode:/etc/pterodactyl#

But i cant generate a certificate for this subdomain right? because its local.

@timid kraken; Wings must have a certificate to use when SSL is enabled. Follow this guide to learn how to generate SSL certificates: https://pterodactyl.io/tutorials/creating_ssl_certificates.html

you generate it for your wings fqdn

so node.mijnclan.eu

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for node.mijnclan.eu

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: node.mijnclan.eu
  Type:   unauthorized
  Detail: 2606:4700:3036::ac43:9535: Invalid response from http://node.mijnclan.eu/.well-known/acme-challenge/Yga6JMOP5vsBjkIvztPJdUuhw0lT1KSBNYHtDfmcyr4: 502

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@internode:/etc/pterodactyl# ^C

Aha okey, but this domain doesnt point to a VPS ip or anything, it points to a tunnel from cloudflare

it doesnt have to point to your IP directly

did you even expose port 80? which is needed for http challenge.

if you dont want to use DNS challenge or use cloudflares api

Yes, port 80 is allowed trough the firewall.

I dont even think http challenge works for your cloudflare tunnel.

bcs the tunnel sends you to 8443 while it requires port 80

use DNS challenge or cloudflares api

Sure, will try

Now i can run wings normaly, but still my node is offline.

         Chrome is moving towards a new experience that allows users to choose to browse without third-party cookies.
nodes:285       
           GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 net::ERR_BLOCKED_BY_CLIENT```

But not the XMLHttpRequest error anymore.

We need some logs from you in order to help debug this issue.
Panel: tail -n 150 /var/www/pterodactyl/storage/logs/laravel-$(date +%F).log | nc pteropaste.com 99
Wings: sudo wings diagnostics
Please see .plogs and .wlogs respectively for more information.

panel: https://ptero.co/iqamusoqeb

Wings: https://ptero.co/netopimabi

I have found the following for: https://ptero.co/netopimabi
@timid kraken; Wings must have a certificate to use when SSL is enabled. Follow this guide to learn how to generate SSL certificates: https://pterodactyl.io/tutorials/creating_ssl_certificates.html

you have to also set the right protocol in your .env file. Since wings communicates over https. Your panel needs to be to and not http

The env file can be found at /var/www/pterodactyl/.env. Files starting with a . in Linux are hidden so it may not show up in file browsers by default. You can open it directly with nano /var/www/pterodactyl/.env

your probably also gonna have to change the wings config again since its also http there now.

Oh just updated it, but will change it. thanks!

That was it, thank u so much!

np

you dont need to, just use a certificate from cloudflare