pterodactyl/documentation
1
0
Fork 0
mirror of https://github.com/pterodactyl/documentation.git synced 2025-12-10 09:17:40 -06:00
Code Issues Packages Projects Releases Wiki Activity
documentation/daemon/0.6/configuration.html

105 lines
31 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Additional Configuration | Pterodactyl</title>
<meta name="generator" content="VuePress 1.8.2">
<link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" href="/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicons/favicon-16x16.png" sizes="16x16">
<link rel="mask-icon" href="/favicons/safari-pinned-tab.svg" color="#0e4688">
<link rel="manifest" href="/favicons/site.webmanifest">
<link rel="shortcut icon" href="/favicons/favicon.ico">
<meta name="description" content="Pterodactyl is an open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.">
<meta name="msapplication-config" content="/favicons/browserconfig.xml">
<meta name="theme-color" content="#0e4688">
<link rel="preload" href="/assets/css/0.styles.b3d0dfa6.css" as="style"><link rel="preload" href="/assets/js/app.31544372.js" as="script"><link rel="preload" href="/assets/js/4.17b22ac2.js" as="script"><link rel="preload" href="/assets/js/1.19e16341.js" as="script"><link rel="preload" href="/assets/js/48.b52bf3e1.js" as="script"><link rel="prefetch" href="/assets/js/10.cdd4a61d.js"><link rel="prefetch" href="/assets/js/11.edf57bce.js"><link rel="prefetch" href="/assets/js/12.29206997.js"><link rel="prefetch" href="/assets/js/13.bd04c4ec.js"><link rel="prefetch" href="/assets/js/14.d448db4e.js"><link rel="prefetch" href="/assets/js/15.e88515bc.js"><link rel="prefetch" href="/assets/js/16.24317aa9.js"><link rel="prefetch" href="/assets/js/17.99a727ea.js"><link rel="prefetch" href="/assets/js/18.fcb158a9.js"><link rel="prefetch" href="/assets/js/19.a335f151.js"><link rel="prefetch" href="/assets/js/2.21e1a937.js"><link rel="prefetch" href="/assets/js/20.0d86a0bd.js"><link rel="prefetch" href="/assets/js/21.40b46144.js"><link rel="prefetch" href="/assets/js/22.f9353e9f.js"><link rel="prefetch" href="/assets/js/23.09b11a78.js"><link rel="prefetch" href="/assets/js/24.3db401dc.js"><link rel="prefetch" href="/assets/js/25.0d90b696.js"><link rel="prefetch" href="/assets/js/26.199e42e5.js"><link rel="prefetch" href="/assets/js/27.53b2955f.js"><link rel="prefetch" href="/assets/js/28.b1cca863.js"><link rel="prefetch" href="/assets/js/29.34880c0e.js"><link rel="prefetch" href="/assets/js/30.6cc47499.js"><link rel="prefetch" href="/assets/js/31.d561e4f4.js"><link rel="prefetch" href="/assets/js/32.5ec9cc12.js"><link rel="prefetch" href="/assets/js/33.48c3e849.js"><link rel="prefetch" href="/assets/js/34.08d0de59.js"><link rel="prefetch" href="/assets/js/35.226da989.js"><link rel="prefetch" href="/assets/js/36.b9c41633.js"><link rel="prefetch" href="/assets/js/37.8e7964de.js"><link rel="prefetch" href="/assets/js/38.ea3ffaf8.js"><link rel="prefetch" href="/assets/js/39.5d85947d.js"><link rel="prefetch" href="/assets/js/40.a78ec0ad.js"><link rel="prefetch" href="/assets/js/41.738df04c.js"><link rel="prefetch" href="/assets/js/42.a8778d05.js"><link rel="prefetch" href="/assets/js/43.25886c53.js"><link rel="prefetch" href="/assets/js/44.1b22667c.js"><link rel="prefetch" href="/assets/js/45.14943dc6.js"><link rel="prefetch" href="/assets/js/46.0fcb43fb.js"><link rel="prefetch" href="/assets/js/47.3af19f15.js"><link rel="prefetch" href="/assets/js/49.8d6a6c8f.js"><link rel="prefetch" href="/assets/js/5.2366f5e0.js"><link rel="prefetch" href="/assets/js/50.e5e4cbbf.js"><link rel="prefetch" href="/assets/js/51.1e3a5853.js"><link rel="prefetch" href="/assets/js/52.5e2e1e53.js"><link rel="prefetch" href="/assets/js/53.aaf29ed5.js"><link rel="prefetch" href="/assets/js/54.5fc704a0.js"><link rel="prefetch" href="/assets/js/55.393a224a.js"><link rel="prefetch" href="/assets/js/56.3a4538a1.js"><link rel="prefetch" href="/assets/js/57.06958522.js"><link rel="prefetch" href="/assets/js/58.ed936067.js"><link rel="prefetch" href="/assets/js/59.7697fd60.js"><link rel="prefetch" href="/assets/js/6.92501184.js"><link rel="prefetch" href="/assets/js/60.401f2243.js"><link rel="prefetch" href="/assets/js/61.ad708944.js"><link rel="prefetch" href="/assets/js/62.037b9f1e.js"><link rel="prefetch" href="/assets/js/63.bbf85631.js"><link rel="prefetch" href="/assets/js/64.58530ff1.js"><link rel="prefetch" href="/assets/js/65.95e6b666.js"><link rel="prefetch" href="/assets/js/66.38ba9f8f.js"><link rel="prefetch" href="/assets/js/67.d3caf7e1.js"><link rel="prefetch" href="/assets/js/68.6351c8cd.js"><link rel="prefetch" href="/assets/js/69.332eb050.js"><link rel="prefetch" href="/assets/js/7.c41300e2.js"><link rel="prefetch" href="/assets/js/70.5cc2ec6f.js"><link rel="prefetch" href="/assets/js/71.69398c3c.js"><link rel="prefetch" href="/assets/js/72.aeb7ce36.js"><link rel="prefetch" href="/assets/js/73.757eb6a0.js"><link rel="prefetch" href="/assets/js/74.6cdeb276.js"><link rel="prefetch" href="/assets/js/75.a9fdb850.js"><link rel="prefetch" href="/assets/js/76.4beb770e.js"><link rel="prefetch" href="/assets/js/77.8717480c.js"><link rel="prefetch" href="/assets/js/8.c87d5fba.js"><link rel="prefetch" href="/assets/js/9.28a16f41.js">
<link rel="stylesheet" href="/assets/css/0.styles.b3d0dfa6.css">
</head>
<body>
<div id="app" data-server-rendered="true"><div><div class="fixed h-12 w-full z-50 top-0"><div class="h-12 w-full bg-black flex items-center justify-center px-4"><p class="text-grey-lightest font-semibold">
Stand with Ukraine 🇺🇦 
<a href="https://www.savethechildren.org/us/where-we-work/ukraine" target="_blank" rel="noindex nofollow noopener" class="text-blue-lighter">Donate</a> <a href="https://razomforukraine.org/" target="_blank" rel="noindex nofollow noopener" class="text-blue-lighter">Today.</a></p></div></div> <div class="theme-container mt-12"><header class="nav"><div class="sidebar-button block md:hidden flex-no-shrink"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <div class="logo-container"><a href="/" class="home-link router-link-active"><img src="/logos/pterry.svg" class="logo"> <span class="site-name hidden md:inline can-hide">Pterodactyl</span></a></div> <div class="w-full"><div class="flex"><div class="search-box"><input aria-label="Search" placeholder="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links flex-no-shrink hidden md:flex"><div class="nav-item"><a href="/project/introduction.html" class="nav-link">Documentation
</a></div><div class="nav-item"><a href="/community/about.html" class="nav-link">Community Guides
</a></div><div class="nav-item"><a href="https://discord.gg/pterodactyl" target="_blank" rel="noopener noreferrer" class="nav-link external">
Get Help
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://dashflo.net/docs/api/pterodactyl/v1/" target="_blank" rel="noopener noreferrer" class="nav-link external">
API
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <div class="nav-item"><a href="https://github.com/pterodactyl/panel" target="_blank" rel="noopener noreferrer" class="nav-link">
GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div></nav></div></div></header> <div class="sidebar-mask"></div> <div class="sidebar"><nav class="nav-links flex-no-shrink block md:hidden"><div class="nav-item"><a href="/project/introduction.html" class="nav-link">Documentation
</a></div><div class="nav-item"><a href="/community/about.html" class="nav-link">Community Guides
</a></div><div class="nav-item"><a href="https://discord.gg/pterodactyl" target="_blank" rel="noopener noreferrer" class="nav-link external">
Get Help
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://dashflo.net/docs/api/pterodactyl/v1/" target="_blank" rel="noopener noreferrer" class="nav-link external">
API
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <div class="nav-item"><a href="https://github.com/pterodactyl/panel" target="_blank" rel="noopener noreferrer" class="nav-link">
GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div></nav> <ul class="sidebar-links"><li><div class="sidebar-group first"><p class="sidebar-heading open"><span>Project Information</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/project/introduction.html" class="sidebar-link">Introduction</a></li><li><a href="/project/about.html" class="sidebar-link">About</a></li><li><a href="/project/terms.html" class="sidebar-link">Terminology</a></li><li><a href="/project/community.html" class="sidebar-link">Community Standards</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Panel</span> <!----> <div tabindex="0" class="version-select custom-select float-right"><div class="selected"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div> <span class="arrow"></span></div> <div class="items hidden"><div class="item"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div></div></div></div></p> <ul class="sidebar-group-items"><li><a href="/panel/1.0/getting_started.html" class="sidebar-link">Getting Started</a></li><li><a href="/panel/1.0/webserver_configuration.html" class="sidebar-link">Webserver Configuration</a></li><li><a href="/panel/1.0/additional_configuration.html" class="sidebar-link">Additional Configuration</a></li><li><a href="/panel/1.0/updating.html" class="sidebar-link">Updating the Panel</a></li><li><a href="/panel/1.0/troubleshooting.html" class="sidebar-link">Troubleshooting</a></li><li><a href="/panel/1.0/legacy_upgrade.html" class="sidebar-link">Legacy Upgrades</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Wings</span> <!----> <div tabindex="0" class="version-select custom-select float-right"><div class="selected"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div> <span class="arrow"></span></div> <div class="items hidden"><div class="item"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div></div></div></div></p> <ul class="sidebar-group-items"><li><a href="/wings/1.0/installing.html" class="sidebar-link">Installing Wings</a></li><li><a href="/wings/1.0/upgrading.html" class="sidebar-link">Upgrading Wings</a></li><li><a href="/wings/1.0/migrating.html" class="sidebar-link">Migrating to Wings</a></li><li><a href="/wings/1.0/configuration.html" class="sidebar-link">Additional Configuration</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Tutorials</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/tutorials/mysql_setup.html" class="sidebar-link">Setting up MySQL</a></li><li><a href="/tutorials/creating_ssl_certificates.html" class="sidebar-link">Creating SSL Certificates</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Guides</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/guides/mounts.html" class="sidebar-link">Using Mounts</a></li></ul></div></li></ul> </div> <div class="page"> <div class="content content__default"><h1 id="additional-configuration"><a href="#additional-configuration" class="header-anchor">#</a> Additional Configuration</h1> <div class="custom-block danger"><p class="custom-block-title">This Software is Abandoned</p> <p>This documentation is for <strong>abandoned software</strong> which does not recieve any security updates or support
from the community. This documentation has been left accessible for historial reasons.</p> <p>You should be installing and using <a href="/wings/1.0/installing.html">Wings</a> in production environments with
<a href="/panel/1.0/getting_started.html">Pterodactyl Panel 1.0</a>.</p></div> <p></p><div class="table-of-contents"><ul><li><a href="#output-throttles">Output Throttles</a></li><li><a href="#custom-network-interfaces">Custom Network Interfaces</a></li><li><a href="#private-registries">Private Registries</a></li><li><a href="#security-policies">Security Policies</a></li><li><a href="#container-policy">Container Policy</a><ul><li><a href="#default-security-opts-array">Default Security Opts Array</a></li><li><a href="#default-capabilities-drop-array">Default Capabilities Drop Array</a></li></ul></li><li><a href="#enabling-cloudflare">Enabling Cloudflare</a></li></ul></div><p></p> <div class="custom-block warning"><p class="custom-block-title">WARNING</p> <p>These are advanced configurations for the daemon. You risk breaking your daemon and making containers un-usable if
you modify something incorrectly. Proceed at your own risk, and only if you know what each configuration value does.</p></div> <p>The documentation below uses dot-notated JSON to explain where each setting should live. You will need to manually
expand this syntax when adding to the <code>core.json</code> file for the Daemon. For example, something like <code>internals.throttle.enabled</code>
would be expanded to the JSON below.</p> <div class="language-json extra-class"><pre class="language-json"><code><span class="token punctuation">{</span>
<span class="token property">&quot;internals&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;throttle&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;enabled&quot;</span><span class="token operator">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div><h2 id="output-throttles"><a href="#output-throttles" class="header-anchor">#</a> Output Throttles</h2> <p>There are a few throttle limits built into the Daemon to keep people from causing issues with data volume and CPU usage.
Under normal circumstances users should not encounter these limits. You might see the occasional data throttling
warning while starting a server or when there is a sudden spike in data output.</p> <p>If you're seeing more servers than you expected being killed as a result of the Daemon throttler, you can make
adjustments to the settings below. Please note the configs below are in JSON dot-notation and should be expanded
out into a normal JSON object.</p> <table><thead><tr><th>Setting Path</th> <th>Default Value</th> <th>Notes</th></tr></thead> <tbody><tr><td><code>enabled</code></td> <td>true</td> <td>Determines if the throttle (and associated values below) should be used.</td></tr> <tr><td><code>kill_at_count</code></td> <td>5</td> <td>The number of warnings that can accumulate for a particular instance before the server process is killed. The decay time below affects how quickly this value is decreased.</td></tr> <tr><td><code>decay</code></td> <td>10</td> <td>The number of seconds that a server process must go without triggering a data throttle warning before the throttle count begins decreasing. This loop is processed every 5 seconds and will decrement the throttle count by one when the process goes more than this number of seconds without a data throttle occurring.</td></tr> <tr><td><code>bytes</code></td> <td>30720</td> <td>⚠️ <em>(removed in v0.5.5)</em> The maximum number of bytes of data that can be output in the defined interval before a warning occurs.</td></tr> <tr><td><code>lines</code></td> <td>1000</td> <td>⚠️ <em>(added in v0.5.6)</em> The number of lines that can be output by the server process in the defined check interval time. By default, 5,000 lines in ~500ms results in a server process kill.</td></tr> <tr><td><code>check_interval_ms</code></td> <td>100</td> <td>The number of milliseconds between the throttle resetting the used bytes or line count.</td></tr></tbody></table> <p>Please note that all of the settings above are in the <code>internals.throttle.X</code> path. So, <code>enabled</code> is actually <code>internals.throttle.enabled</code>.</p> <h2 id="custom-network-interfaces"><a href="#custom-network-interfaces" class="header-anchor">#</a> Custom Network Interfaces</h2> <p>If for whatever reason you need to modify the network interfaces used for Pterodactyl's local Docker network you
can do so by modifying the <code>core.json</code> file for the daemon. In most cases you'll just be modifying the network
name to allow your servers to use the host network stack. To do so, just change <code>docker.network.name</code> to be <code>host</code>
rather than <code>pterodactyl_nw</code> as shown below.</p> <div class="custom-block warning"><p class="custom-block-title">WARNING</p> <p>While changing to the host network stack does allow servers running on Pterodactyl to have direct access to local
interfaces and bind to specific IP addresses (required for some Steam games), it is not recommended on public
installations of Pterodactyl (where you have other users running servers).</p> <p>Using the <code>host</code> stack removes many network specific protections afforded by Docker, and will allow server processes
to access anything on the host, as well as bind to any IP or Port they wish.</p></div> <div class="custom-block danger"><p class="custom-block-title">DANGER</p> <p>Any changes to the network after the daemon has been started will require you to remove the docker network and restart the daemon. Any servers on the host need to be stopped before and most likely rebuilt.</p> <p>The following will stop the daemon, remove the network, and start the daemon again. Run at your own risk.<br> <code>systemctl stop wings &amp;&amp; docker network rm pterodactyl_nw &amp;&amp; systemctl start wings</code></p></div> <div class="language-json extra-class"><div class="highlight-lines"><br><br><br><br><div class="highlighted"> </div><br><br><br><br><br><br><br><br><br><br></div><pre class="language-json"><code><span class="token property">&quot;docker&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;socket&quot;</span><span class="token operator">:</span> <span class="token string">&quot;/var/run/docker.sock&quot;</span><span class="token punctuation">,</span>
<span class="token property">&quot;autoupdate_images&quot;</span><span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token property">&quot;network&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;name&quot;</span><span class="token operator">:</span> <span class="token string">&quot;pterodactyl_nw&quot;</span><span class="token punctuation">,</span>
<span class="token property">&quot;interfaces&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;v4&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
<span class="token property">&quot;subnet&quot;</span><span class="token operator">:</span> <span class="token string">&quot;172.18.0.0/16&quot;</span><span class="token punctuation">,</span>
<span class="token property">&quot;gateway&quot;</span><span class="token operator">:</span> <span class="token string">&quot;172.18.0.1&quot;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span><span class="token punctuation">,</span>
<span class="token property">&quot;interface&quot;</span><span class="token operator">:</span> <span class="token string">&quot;172.18.0.1&quot;</span>
<span class="token punctuation">}</span><span class="token punctuation">,</span>
</code></pre></div><h2 id="private-registries"><a href="#private-registries" class="header-anchor">#</a> Private Registries</h2> <table><thead><tr><th>Setting Path</th> <th>Default Value</th> <th>Notes</th></tr></thead> <tbody><tr><td><code>username</code></td> <td><em>none</em></td> <td>The username to use when connecting to the registry.</td></tr> <tr><td><code>password</code></td> <td><em>none</em></td> <td>The password associated with the account.</td></tr> <tr><td><code>images</code></td> <td><em>none</em></td> <td>An array of images that are associated with the private registry.</td></tr> <tr><td><code>auth</code></td> <td><em>none</em></td> <td></td></tr> <tr><td><code>email</code></td> <td><em>none</em></td> <td></td></tr> <tr><td><code>serveraddress</code></td> <td><em>none</em></td> <td>The address to the server the registry is located on.</td></tr> <tr><td><code>key</code></td> <td><em>none</em></td> <td>A pre-generated base64 encoded authentication string. If provided none of the above options are required.</td></tr></tbody></table> <p>Please note that all of the settings above are in the <code>docker.registry.X</code> path. So, <code>username</code> is actually <code>docker.registry.username</code>.</p> <h2 id="security-policies"><a href="#security-policies" class="header-anchor">#</a> Security Policies</h2> <p>This daemon ships with a very strict security configuration designed to limit access to the host system, and mitigate
a large range of potential attack vectors. However, some users might need to tweak these settings, or are running on
a private instance and are willing to decrease some of the security measures.</p> <table><thead><tr><th>Setting Path</th> <th>Default Value</th> <th>Notes</th></tr></thead> <tbody><tr><td><code>ipv6</code></td> <td>true</td> <td>Set this to false to disable IPv6 networking on the pterodactyl0 interface.</td></tr> <tr><td><code>internal</code></td> <td>false</td> <td>Set this to true to prevent any external network access to all containers on the pterodactyl0 interface.</td></tr> <tr><td><code>enable_icc</code></td> <td>true</td> <td>Set this to false to disallow containers to access services running on the host system's non-public IP addresses. Setting this to false does make it impossible to connect (from a container) to MySQL/Redis/etc. running on the host system without using the public IP address.</td></tr> <tr><td><code>enable_ip_masquerade</code></td> <td>true</td> <td>Set this to false to disable IP Masquerading on the pterodactyl0 interface.</td></tr></tbody></table> <p>Please note that all of the settings above are in the <code>docker.policy.network.X</code> path. So, <code>ipv6</code> is actually <code>docker.policy.network.ipv6</code>.</p> <h2 id="container-policy"><a href="#container-policy" class="header-anchor">#</a> Container Policy</h2> <table><thead><tr><th>Setting Path</th> <th>Default Value</th> <th>Notes</th></tr></thead> <tbody><tr><td><code>tmpfs</code></td> <td><code>rw,exec,nosuid,size=50M</code></td> <td>These are the arguments used for mounting a <code>tmpfs</code> directory into containers to allow certain programs to run.</td></tr> <tr><td><code>log_driver</code></td> <td>none</td> <td>⚠️ This option was <strong>removed</strong> in <code>v0.6</code> and is forcibly set to <code>json-file</code>. The log driver to use for containers. We default to <code>none</code> to mitigate a potential DoS attack vector if a server were to spam log output.</td></tr> <tr><td><code>log_opts</code></td> <td>array</td> <td></td></tr> <tr><td><code>log_opts.max_size</code></td> <td><code>5m</code></td> <td>The maximum size of the server output log file created by Docker.</td></tr> <tr><td><code>log_opts.max_files</code></td> <td><code>1</code></td> <td>The maximum number of files that Docker will create with output from the server.</td></tr> <tr><td><code>readonly_root</code></td> <td>true</td> <td>Determines if the root filesystem of the container should be readonly.</td></tr> <tr><td><code>securityopts</code></td> <td>array</td> <td>An array of security options to apply to a container. The default array is provided below.</td></tr> <tr><td><code>cap_drop</code></td> <td>array</td> <td>An array of linux capabilities to drop from the container (in addition to ones <a href="https://docs.docker.com/engine/security/security/#linux-kernel-capabilities" target="_blank" rel="noopener noreferrer">dropped by docker already<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>. A listing of the default array is below.</td></tr></tbody></table> <p>Please note that all of the settings above are in the <code>docker.policy.container.X</code> path. So, <code>tmpfs</code> is actually <code>docker.policy.container.tmpfs</code>.</p> <h3 id="default-security-opts-array"><a href="#default-security-opts-array" class="header-anchor">#</a> Default Security Opts Array</h3> <div class="language-json extra-class"><pre class="language-json"><code><span class="token punctuation">[</span>
'no-new-privileges'<span class="token punctuation">,</span>
<span class="token punctuation">]</span>
</code></pre></div><h3 id="default-capabilities-drop-array"><a href="#default-capabilities-drop-array" class="header-anchor">#</a> Default Capabilities Drop Array</h3> <div class="custom-block warning"><p class="custom-block-title">WARNING</p> <p>Starting with <code>v0.6</code> of the Daemon, the following previously <em>dropped</em> capabilities are available in containers: <code>chown</code>, <code>kill</code>, <code>setgid</code>, and <code>setuid</code>.</p></div> <div class="language-json extra-class"><pre class="language-json"><code><span class="token punctuation">[</span>
'setpcap'<span class="token punctuation">,</span>
'mknod'<span class="token punctuation">,</span>
'audit_write'<span class="token punctuation">,</span>
'net_raw'<span class="token punctuation">,</span>
'dac_override'<span class="token punctuation">,</span>
'fowner'<span class="token punctuation">,</span>
'fsetid'<span class="token punctuation">,</span>
'net_bind_service'<span class="token punctuation">,</span>
'sys_chroot'<span class="token punctuation">,</span>
'setfcap'<span class="token punctuation">,</span>
<span class="token punctuation">]</span>
</code></pre></div><h2 id="enabling-cloudflare"><a href="#enabling-cloudflare" class="header-anchor">#</a> Enabling Cloudflare</h2> <p>Enabling Cloudflare on the daemon isn't particularly useful since users do not connect directly to the daemon port, and users need an unproxied hostname to access any servers on the node. As a result it's not possible to conceal the IP address of your node machine, but some people want to enable it regardless.</p> <p>Cloudflare only proxies the default daemon port (8080) when using HTTP. In order to get the daemon to work with Cloudflare when HTTPS is enabled you must change the daemon port to one that Cloudflare will proxy such as 8443. Since Cloudflare only proxies HTTP/HTTPS traffic for non-enterprise plans you cannot proxy the SFTP port.</p></div> <div class="page-edit"><div class="edit-link"><a href="https://github.com/pterodactyl/documentation/edit/master/daemon/0.6/configuration.md" target="_blank" rel="noopener noreferrer">Help us improve this page.</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <!----></div> <!----> </div></div></div><div class="global-ui"></div></div>
<script src="/assets/js/app.31544372.js" defer></script><script src="/assets/js/4.17b22ac2.js" defer></script><script src="/assets/js/1.19e16341.js" defer></script><script src="/assets/js/48.b52bf3e1.js" defer></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink