mirror of
https://github.com/pterodactyl/documentation.git
synced 2025-12-10 10:44:43 -06:00
1 line
14 KiB
JavaScript
1 line
14 KiB
JavaScript
(window.webpackJsonp=window.webpackJsonp||[]).push([[58],{321:function(e,t,a){"use strict";a.r(t);var n=a(15),r=Object(n.a)({},(function(){var e=this,t=e._self._c;return t("ContentSlotsDistributor",{attrs:{"slot-key":e.$parent.slotKey}},[t("h1",{attrs:{id:"webserver-configuration"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#webserver-configuration"}},[e._v("#")]),e._v(" Webserver Configuration")]),e._v(" "),t("div",{staticClass:"custom-block danger"},[t("p",{staticClass:"custom-block-title"},[e._v("This Version is End-of-Life")]),e._v(" "),t("p",[e._v("This documentation is for "),t("strong",[e._v("end-of-life software")]),e._v(" which does not recieve any security updates or support\nfrom the community. This documentation has been left accessible for historial reasons.")]),e._v(" "),t("p",[e._v("You should be installing and using "),t("RouterLink",{attrs:{to:"/panel/1.0/getting_started.html"}},[e._v("Pterodactyl Panel 1.0")]),e._v(" in production environments.")],1)]),e._v(" "),t("p"),t("div",{staticClass:"table-of-contents"},[t("ul",[t("li",[t("a",{attrs:{href:"#nginx"}},[e._v("NGINX")]),t("ul",[t("li",[t("a",{attrs:{href:"#nginx-with-ssl"}},[e._v("NGINX With SSL")])]),t("li",[t("a",{attrs:{href:"#nginx-without-ssl"}},[e._v("NGINX Without SSL")])]),t("li",[t("a",{attrs:{href:"#enabling-configuration"}},[e._v("Enabling Configuration")])])])]),t("li",[t("a",{attrs:{href:"#apache"}},[e._v("Apache")]),t("ul",[t("li",[t("a",{attrs:{href:"#apache-with-ssl"}},[e._v("Apache With SSL")])]),t("li",[t("a",{attrs:{href:"#apache-without-ssl"}},[e._v("Apache Without SSL")])]),t("li",[t("a",{attrs:{href:"#enabling-configuration"}},[e._v("Enabling Configuration")])])])])])]),t("p"),e._v(" "),t("div",{staticClass:"custom-block danger"},[t("p",{staticClass:"custom-block-title"},[e._v("DANGER")]),e._v(" "),t("p",[e._v("You should remove the default Apache or NGINX configuration as it will expose application secrets to malicious\nusers by default.")])]),e._v(" "),t("h2",{attrs:{id:"nginx"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#nginx"}},[e._v("#")]),e._v(" NGINX")]),e._v(" "),t("p",[e._v("You should paste the contents of the file below, replacing "),t("code",[e._v("<domain>")]),e._v(" with your domain name being used in a file called\n"),t("code",[e._v("pterodactyl.conf")]),e._v(" and place it in "),t("code",[e._v("/etc/nginx/sites-available/")]),e._v(", or — if on CentOS, "),t("code",[e._v("/etc/nginx/conf.d/")]),e._v(".")]),e._v(" "),t("h3",{attrs:{id:"nginx-with-ssl"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#nginx-with-ssl"}},[e._v("#")]),e._v(" NGINX With SSL")]),e._v(" "),t("p",[e._v("This configuration assumes that you will be using SSL on both the Panel and Daemons for significantly improved communication\nsecurity between users and the Panel. You will need to get a valid SSL certificate which can be done for free by using\nLet's Encrypt.")]),e._v(" "),t("div",{staticClass:"custom-block warning"},[t("p",{staticClass:"custom-block-title"},[e._v("WARNING")]),e._v(" "),t("p",[e._v("When using the SSL configuration you MUST create SSL certificates, otherwise your NGINX will fail to start. See "),t("RouterLink",{attrs:{to:"/tutorials/creating_ssl_certificates.html"}},[e._v("Creating SSL Certificates")]),e._v(" documentation page for how to create these certificates before continuing.")],1)]),e._v(" "),t("div",{staticClass:"language-conf extra-class"},[t("div",{staticClass:"highlight-lines"},[t("br"),t("br"),t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br")]),t("pre",{pre:!0,attrs:{class:"language-text"}},[t("code",[e._v('server_tokens off;\n\nserver {\n listen 80;\n server_name <domain>;\n return 301 https://$server_name$request_uri;\n}\n\nserver {\n listen 443 ssl http2;\n server_name <domain>;\n\n root /var/www/pterodactyl/public;\n index index.php;\n\n access_log /var/log/nginx/pterodactyl.app-access.log;\n error_log /var/log/nginx/pterodactyl.app-error.log error;\n\n # allow larger file uploads and longer script runtimes\n client_max_body_size 100m;\n client_body_timeout 120s;\n\n sendfile off;\n\n # SSL Configuration\n ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;\n ssl_session_cache shared:SSL:10m;\n ssl_protocols TLSv1.2 TLSv1.3;\n ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";\n ssl_prefer_server_ciphers on;\n\n # See https://hstspreload.org/ before uncommenting the line below.\n # add_header Strict-Transport-Security "max-age=15768000; preload;";\n add_header X-Content-Type-Options nosniff;\n add_header X-XSS-Protection "1; mode=block";\n add_header X-Robots-Tag none;\n add_header Content-Security-Policy "frame-ancestors \'self\'";\n add_header X-Frame-Options DENY;\n add_header Referrer-Policy same-origin;\n\n location / {\n try_files $uri $uri/ /index.php?$query_string;\n }\n\n location ~ \\.php$ {\n fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n fastcgi_pass unix:/run/php/php7.2-fpm.sock;\n fastcgi_index index.php;\n include fastcgi_params;\n fastcgi_param PHP_VALUE "upload_max_filesize = 100M \\n post_max_size=100M";\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_param HTTP_PROXY "";\n fastcgi_intercept_errors off;\n fastcgi_buffer_size 16k;\n fastcgi_buffers 4 16k;\n fastcgi_connect_timeout 300;\n fastcgi_send_timeout 300;\n fastcgi_read_timeout 300;\n include /etc/nginx/fastcgi_params;\n }\n\n location ~ /\\.ht {\n deny all;\n }\n}\n')])])]),t("p",[e._v("Continue reading to the bottom of this section for the final steps with NGINX!")]),e._v(" "),t("h3",{attrs:{id:"nginx-without-ssl"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#nginx-without-ssl"}},[e._v("#")]),e._v(" NGINX Without SSL")]),e._v(" "),t("div",{staticClass:"language-conf extra-class"},[t("div",{staticClass:"highlight-lines"},[t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br")]),t("pre",{pre:!0,attrs:{class:"language-text"}},[t("code",[e._v('server {\n listen 80;\n server_name <domain>;\n\n root /var/www/pterodactyl/public;\n index index.html index.htm index.php;\n charset utf-8;\n\n location / {\n try_files $uri $uri/ /index.php?$query_string;\n }\n\n location = /favicon.ico { access_log off; log_not_found off; }\n location = /robots.txt { access_log off; log_not_found off; }\n\n access_log off;\n error_log /var/log/nginx/pterodactyl.app-error.log error;\n\n # allow larger file uploads and longer script runtimes\n client_max_body_size 100m;\n client_body_timeout 120s;\n\n sendfile off;\n\n location ~ \\.php$ {\n fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n fastcgi_pass unix:/run/php/php7.2-fpm.sock;\n fastcgi_index index.php;\n include fastcgi_params;\n fastcgi_param PHP_VALUE "upload_max_filesize = 100M \\n post_max_size=100M";\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_param HTTP_PROXY "";\n fastcgi_intercept_errors off;\n fastcgi_buffer_size 16k;\n fastcgi_buffers 4 16k;\n fastcgi_connect_timeout 300;\n fastcgi_send_timeout 300;\n fastcgi_read_timeout 300;\n }\n\n location ~ /\\.ht {\n deny all;\n }\n}\n')])])]),t("h3",{attrs:{id:"enabling-configuration"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#enabling-configuration"}},[e._v("#")]),e._v(" Enabling Configuration")]),e._v(" "),t("p",[e._v("The final step is to enable your NGINX configuration and restart it.")]),e._v(" "),t("div",{staticClass:"language-bash extra-class"},[t("pre",{pre:!0,attrs:{class:"language-bash"}},[t("code",[t("span",{pre:!0,attrs:{class:"token comment"}},[e._v("# You do not need to symlink this file if you are using CentOS.")]),e._v("\n"),t("span",{pre:!0,attrs:{class:"token function"}},[e._v("sudo")]),e._v(" "),t("span",{pre:!0,attrs:{class:"token function"}},[e._v("ln")]),e._v(" "),t("span",{pre:!0,attrs:{class:"token parameter variable"}},[e._v("-s")]),e._v(" /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf\n\n"),t("span",{pre:!0,attrs:{class:"token comment"}},[e._v("# You need to restart nginx regardless of OS.")]),e._v("\nsystemctl restart nginx\n")])])]),t("h2",{attrs:{id:"apache"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#apache"}},[e._v("#")]),e._v(" Apache")]),e._v(" "),t("p",[e._v("You should paste the contents of the file below, replacing "),t("code",[e._v("<domain>")]),e._v(" with your domain name being used in a file called\n"),t("code",[e._v("pterodactyl.conf")]),e._v(" and place it in "),t("code",[e._v("/etc/apache2/sites-available")]),e._v(", or — if on CentOS, "),t("code",[e._v("/etc/httpd/conf.d/")]),e._v(".")]),e._v(" "),t("p",[e._v("Note: When using Apache, make sure you have the "),t("code",[e._v("libapache2-mod-php")]),e._v(" package installed or else PHP will not display on your webserver.")]),e._v(" "),t("h3",{attrs:{id:"apache-with-ssl"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#apache-with-ssl"}},[e._v("#")]),e._v(" Apache With SSL")]),e._v(" "),t("p",[e._v("Like the nginx configuration, this assumes you will be using SSL on both the Panel and Daemons for improved security.")]),e._v(" "),t("div",{staticClass:"custom-block warning"},[t("p",{staticClass:"custom-block-title"},[e._v("WARNING")]),e._v(" "),t("p",[e._v("When using the SSL configuration you MUST create SSL certificates, otherwise your Apache will fail to start. See "),t("RouterLink",{attrs:{to:"/tutorials/creating_ssl_certificates.html"}},[e._v("Creating SSL Certificates")]),e._v(" documentation page for how to create these certificates before continuing.")],1)]),e._v(" "),t("div",{staticClass:"language-conf extra-class"},[t("div",{staticClass:"highlight-lines"},[t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br")]),t("pre",{pre:!0,attrs:{class:"language-text"}},[t("code",[e._v('<VirtualHost *:80>\n # Replace the example <domain> with your domain name or IP address\n ServerName <domain>\n\n RewriteEngine On\n RewriteCond %{HTTPS} !=on\n RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] \n</VirtualHost>\n\n<VirtualHost *:443>\n # Replace the example <domain> with your domain name or IP address\n ServerName <domain>\n DocumentRoot "/var/www/pterodactyl/public"\n\n AllowEncodedSlashes On\n\n php_value upload_max_filesize 100M\n php_value post_max_size 100M\n\n <Directory "/var/www/pterodactyl/public">\n Require all granted\n AllowOverride all\n </Directory>\n\n SSLEngine on\n SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem\n SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem\n</VirtualHost> \n')])])]),t("h3",{attrs:{id:"apache-without-ssl"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#apache-without-ssl"}},[e._v("#")]),e._v(" Apache Without SSL")]),e._v(" "),t("div",{staticClass:"language-conf extra-class"},[t("div",{staticClass:"highlight-lines"},[t("br"),t("div",{staticClass:"highlighted"},[e._v(" ")]),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("br")]),t("pre",{pre:!0,attrs:{class:"language-text"}},[t("code",[e._v('<VirtualHost *:80>\n # Replace the example <domain> with your domain name or IP address\n ServerName <domain>\n DocumentRoot "/var/www/pterodactyl/public"\n \n AllowEncodedSlashes On\n \n php_value upload_max_filesize 100M\n php_value post_max_size 100M\n \n <Directory "/var/www/pterodactyl/public">\n AllowOverride all\n Require all granted\n </Directory>\n</VirtualHost>\n')])])]),t("h3",{attrs:{id:"enabling-configuration-2"}},[t("a",{staticClass:"header-anchor",attrs:{href:"#enabling-configuration-2"}},[e._v("#")]),e._v(" Enabling Configuration")]),e._v(" "),t("p",[e._v("Once you've created the file above, simply run the commands below. If you are on CentOS "),t("em",[e._v("you do not need to run the commands\nbelow!")]),e._v(" You only need to run "),t("code",[e._v("systemctl restart httpd")]),e._v(".")]),e._v(" "),t("div",{staticClass:"language-bash extra-class"},[t("pre",{pre:!0,attrs:{class:"language-bash"}},[t("code",[t("span",{pre:!0,attrs:{class:"token comment"}},[e._v("# You do not need to run any of these commands on CentOS")]),e._v("\n"),t("span",{pre:!0,attrs:{class:"token function"}},[e._v("sudo")]),e._v(" "),t("span",{pre:!0,attrs:{class:"token function"}},[e._v("ln")]),e._v(" "),t("span",{pre:!0,attrs:{class:"token parameter variable"}},[e._v("-s")]),e._v(" /etc/apache2/sites-available/pterodactyl.conf /etc/apache2/sites-enabled/pterodactyl.conf\n"),t("span",{pre:!0,attrs:{class:"token function"}},[e._v("sudo")]),e._v(" a2enmod rewrite\nsystemctl restart apache2\n")])])])])}),[],!1,null,null,null);t.default=r.exports}}]); |