Pterodactyl Panel Behind an NGINX Reverse Proxy

!Running Pterodactyl (Panel & Wings) Behind and NGINX Reverse Proxy

Your panel should run on port 80 (well whatever you want I suppose)
Node daemon port should be 443 (but still http) because it hard codes those ports into connection urls for websockets in the webui :/

Ensure you have `TRUSTED_PROXIES=proxyip` in your `/var/www/pterodactyl/.env` file.

nginx_config

server {

  listen 443 ssl;

  ssl on;
  ssl_certificate /path/to/cert/fullchain.pem;
  ssl_certificate_key /path/to/cert/key.pem;


  server_name panel.domain.tld;


  location / {

      proxy_pass http://PANELIP_should_be_port_80/;
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;

  }

}
server {

  listen 443 ssl;

  ssl on;
  ssl_certificate /path/to/cert/fullchain.pem;
  ssl_certificate_key /path/to/cert/key.pem;


  server_name node1.domain.tld;

  location ~ ^\/api\/servers\/(?<serverid>.*)?\/ws$ {

      proxy_pass http://node_ip:443/api/servers/$serverid/ws;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;


  }

  location / {

      proxy_pass http://node_ip:443/;
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;
      
  }

}

Hey there!

I wanted to reach out to mention that this config did not work for me out of the box (namely the panel section.) I was getting continual "400 bad request" errors from Nginx. After setting Nginx to debug mode I found this error
2023/05/06 16:43:04 [info] 1742#1742: *12 client sent duplicate host header: "Host: panel.domain.tld", previous value: "Host: panel.domain.tld" while reading client request headers, client: <ReverseProxy IP>, server: <Server IP>, request: "GET /favicon.ico HTTP/1.0", host: "panel.domain.tld"

What fixed it for me was just commenting out the proxy_set_header Host $host; line, but I am admittedly unsure if this is a real fix or not.

I'm going to post screenshots for anyone struggling. A lot has changed since this was posted.

I did not leave my FQDN blank, I set it to my node domain name. node1.domain.com

This is my general configuration:

Inside of my /etc/pterodactyl/config.yml

I changed:
api:
host: Internal IP of Server from Wings not 0.0.0.0
port: 443

You can change these inside of the panel too I just had trouble doing so. You can find your internal server ip on linux with "ip a"

Nginx Config:

server {
  listen 443 ssl http2;
  server_name panel.<domain>.com;

  ssl_certificate /etc/letsencrypt/live/panel.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/panel.domain.com/privkey.pem;

  location / {
    proxy_pass http://Internal_IP_of_Server_from_Wings/;
    proxy_set_header Host $host;
    client_max_body_size 50m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_buffering off;
  }
}

server {
  listen 443 ssl http2;
  server_name node1.domain.com;

  ssl_certificate /etc/letsencrypt/live/node1.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/node1.domain.com/privkey.pem;

  location ~ ^\/api\/servers\/(?<serverid>.*)?\/ws$ {
    proxy_pass http://Internal_IP_of_Server_from_Wings:443/api/servers/$serverid/ws;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    client_max_body_size 50m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_buffering off;
  }

  location / {
    proxy_pass http://Internal_IP_of_Server_from_Wings:443/;
    proxy_set_header Host $host;
    client_max_body_size 50m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_buffering off;
  }
}

regix1
THANK YOU, IT'S WORKING

Just want to warning someone, your node should have a unic different A record even your node installed on the same IP as the panel, DON'T USE THE SAME DOMAIN NAME for node as for the pterodactyl game panel.
The first time i used same domain name for the panel and for the node and nothing is worked.
Should be.

panel.domain.com - ip: 92.222.100.100
node1.domain.com - ip: 92.222.100.100