Pterodactyl Panel Behind an NGINX Reverse Proxy

!Running Pterodactyl (Panel & Wings) Behind and NGINX Reverse Proxy

Your panel should run on port 80 (well whatever you want I suppose)
Node daemon port should be 443 (but still http) because it hard codes those ports into connection urls for websockets in the webui :/

Ensure you have `TRUSTED_PROXIES=proxyip` in your `/var/www/pterodactyl/.env` file.

nginx_config

server {

  listen 443 ssl;

  ssl on;
  ssl_certificate /path/to/cert/fullchain.pem;
  ssl_certificate_key /path/to/cert/key.pem;


  server_name panel.domain.tld;


  location / {

      proxy_pass http://PANELIP_should_be_port_80/;
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;

  }

}
server {

  listen 443 ssl;

  ssl on;
  ssl_certificate /path/to/cert/fullchain.pem;
  ssl_certificate_key /path/to/cert/key.pem;


  server_name node1.domain.tld;

  location ~ ^\/api\/servers\/(?<serverid>.*)?\/ws$ {

      proxy_pass http://node_ip:443/api/servers/$serverid/ws;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;


  }

  location / {

      proxy_pass http://node_ip:443/;
      proxy_set_header Host $host;
      client_max_body_size 50m;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_redirect off;
      proxy_buffering off;
      proxy_request_buffering off;
      
  }

}

I can't get Pterodactyl to work behind Nginx Proxy Manager either.

My setup
Domain with @ and * records linked to the VPS IP address

VPS (Proxmox)
Virtual bridge 192.168.111.1/24
UFW on the PVE
UFW Allow Ports 8082/TCP 2022/TCP 25585/TCP 25585/UDP
UFW Forward

-A PREROUTING -i vmbr0 -p tcp --dport 8082 -j DNAT --to-destination 192.168.111.202
-A POSTROUTING -p tcp --dport 8082 -d 192.168.111.202 -j MASQUERADE
-A PREROUTING -i vmbr0 -p tcp --dport 2022 -j DNAT --to-destination 192.168.111.202
-A POSTROUTING -p tcp --dport 2022 -d 192.168.111.202 -j MASQUERADE
-A PREROUTING -i vmbr0 -p tcp --dport 25585 -j DNAT --to-destination 192.168.111.202
-A PREROUTING -i vmbr0 -p udp --dport 25585 -j DNAT --to-destination 192.168.111.202
-A POSTROUTING -s 192.168.111.0/24 -o vmbr0 -j MASQUERADE

LXC-110-Debian13 (IP 192.168.111.110):
Docker + Nginx Proxy Manager
2 proxy hosts: ptero.domain.tld + node1.domain.tld
Scheme http / Port 80 / WebSocket on / SSL cert / SSL on / HTTP/2 on

LXC-202-Debian13 (IP 192.168.111.202):
Pterodactyl Panel + Wing
Application URL in Panel setup: ptero.domain.tld
.env TRUSTED_PROXIES=* added
Web Server Nginx Without SSL replaces server_name with ptero.domain.tld
Wing setup: FQDN node1.domain.tld, SSL Connection, Behind Proxy, Daemon Port 443, SFTP Port 2022

I copied the cert and key from LXC-110 to LXC-202

In config.yml I changed:
host: 192.168.111.202
port: 443
cert: /etc/pterodactyl/fullchain.pem
key: /etc/pterodactyl/privkey.pem
remote: 'https://ptero.domain.tld'

I added the entry in the proxy host for the panel (ptero.domain.tld) under “Advanced”:

location / {
  proxy_pass http://192.168.111.202/;
  proxy_set_header Host $host;
  client_max_body_size 50m;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_redirect off;
  proxy_buffering off;
}

I added the following entry in the proxy host for the node (node1.domain.tld):

  location ~ ^\/api\/servers\/(?<serverid>.*)?\/ws$ {
    proxy_pass http://192.168.111.202:443/api/servers/$serverid/ws;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection “upgrade”;
    proxy_set_header Host $host;
    client_max_body_size 50m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_buffering off;
  }

  location / {
    proxy_pass http://192.168.111.202:443/;
    proxy_set_header Host $host;
    client_max_body_size 50m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_buffering off;
  }

When I start Wing, I get the following error message

DEBUG: [Apr 15 16:50:11.465] making request to external HTTP endpoint endpoint=https://ptero.domain.tld/api/remote/servers?page=0& per_page=50 headers=map[Accept:[application/vnd.pterodactyl.v1+json] Authorization:[(redacted)] Content-Type:[application/json] User-Agent:[Pterodactyl Wings/vv1.12.1 (id:Ro7dVh4I79f67V0e)]] method=GET
FATAL: [Apr 15 16:50:11.488] failed to load server configurations error=http: request creation failed: Get "https://ptero.domain.tld/api/remote/servers?page=0& per_page=50": dial tcp 178.111.111.111:443: connect: connection refused

I have no idea what I'm doing wrong :(

I have updated the domain and the VPS IP in the post. These are correct in the live system.