B
Blueprint16mo ago
Incendiary

Fresh install using docker compose does not create a webserver on the https port.

Using the docker-compose.yml found here https://github.com/BlueprintFramework/docker/blob/Master/docker-compose.yml, I am not able to access https://myip:443 or any port I try and replace it with, i.e. 25443:443, 25575:443. However, I can access through http://myip:80 or any port replacing the 80 port. I have changed the msql passwords, the app url is pointed to my reverse proxy url, https://pterodactyl.mydomain.org, the reverse proxy is set up correctly, but there is n server found on the port I am specifying in the docker compose. So the only changes made are: x-common.database.MYSQL_PASSWORD x-common.database.MYSQL_ROOT_PASSWORD x-common.panel.APP_URL x-common.panel.APP_SERVICE_AUTHOR x-common.services.panel.ports (Removed 80:80 and changed 443:443 to 25575:443) If you need any logs let me know and I can grab them.
11 Replies
Loki
Loki16mo ago
Show all the related configs and your panel.conf file.
Incendiary
IncendiaryOP16mo ago
assuming this is the panel.conf you want 
# If using Ubuntu this file should be placed in:
#                       /etc/nginx/sites-available/
#
server {
    listen 80;
    server_name pterodactyl.redacted.org;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pterodactyl.redacted.org;

    root /app/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # strengthen ssl security
    ssl_certificate /etc/letsencrypt/live/pterodactyl.redacted.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pterodactyl.redacted.org/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-S>
    # See the link below for more SSL information:
    #     https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    #
    # ssl_dhparam /etc/ssl/certs/dhparam.pem;

    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
}
# If using Ubuntu this file should be placed in:
#                       /etc/nginx/sites-available/
#
server {
    listen 80;
    server_name pterodactyl.redacted.org;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pterodactyl.redacted.org;

    root /app/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # strengthen ssl security
    ssl_certificate /etc/letsencrypt/live/pterodactyl.redacted.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pterodactyl.redacted.org/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-S>
    # See the link below for more SSL information:
    #     https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    #
    # ssl_dhparam /etc/ssl/certs/dhparam.pem;

    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
}
I have no other config changes than what was mentioned above. I simply created this file and ran docker compose up -d --force-recreate. Have yet to even make a user 
version: '3.8'
x-common:
  database:
    &db-environment
    # Do not remove the "&db-password" from the end of the line below, it is important
    # for Panel functionality.
    MYSQL_PASSWORD: &db-password "redacted"
    MYSQL_ROOT_PASSWORD: "redacted"
  panel:
    &panel-environment
    APP_URL: "https://pterodactyl.redacted.org"
    # A list of valid timezones can be found here: http://php.net/manual/en/timezones.php
    APP_TIMEZONE: "UTC"
    APP_SERVICE_AUTHOR: "redacted"
    # Uncomment the line below and set to a non-empty value if you want to use Let's Encrypt
    # to generate an SSL certificate for the Panel.
    # LE_EMAIL: ""
  mail:
    &mail-environment
    MAIL_FROM: "noreply@example.com"
    MAIL_DRIVER: "smtp"
    MAIL_HOST: "mail"
    MAIL_PORT: "1025"
    MAIL_USERNAME: ""
    MAIL_PASSWORD: ""
    MAIL_ENCRYPTION: "true"

#
# ------------------------------------------------------------------------------------------
# DANGER ZONE BELOW
#
# The remainder of this file likely does not need to be changed. Please only make modifications
# below if you understand what you are doing.
#
services:
  database:
    image: mariadb:10.5
    restart: always
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - "/srv/pterodactyl/database:/var/lib/mysql"
    environment:
      <<: *db-environment
      MYSQL_DATABASE: "panel"
      MYSQL_USER: "pterodactyl"
  cache:
    image: redis:alpine
    restart: always
  panel:
    image: ghcr.io/blueprintframework/blueprint:v1.11.7
    restart: always
    ports:
      - "25575:443"
    links:
      - database
      - cache
    volumes:
      - "/srv/pterodactyl/var/:/app/var/"
      - "/srv/pterodactyl/nginx/:/etc/nginx/http.d/"
      - "/srv/pterodactyl/certs/:/etc/letsencrypt/"
      - "/srv/pterodactyl/logs/:/app/storage/logs"
      - "/srv/pterodactyl/extensions/:/blueprint_extensions"
      - "app:/app"
    environment:
      <<: [*panel-environment, *mail-environment]
      DB_PASSWORD: *db-password
      APP_ENV: "production"
      APP_ENVIRONMENT_ONLY: "false"
      CACHE_DRIVER: "redis"
      SESSION_DRIVER: "redis"
      QUEUE_DRIVER: "redis"
      REDIS_HOST: "cache"
      DB_HOST: "database"
      DB_PORT: "3306"
networks:
  default:
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  app:
version: '3.8'
x-common:
  database:
    &db-environment
    # Do not remove the "&db-password" from the end of the line below, it is important
    # for Panel functionality.
    MYSQL_PASSWORD: &db-password "redacted"
    MYSQL_ROOT_PASSWORD: "redacted"
  panel:
    &panel-environment
    APP_URL: "https://pterodactyl.redacted.org"
    # A list of valid timezones can be found here: http://php.net/manual/en/timezones.php
    APP_TIMEZONE: "UTC"
    APP_SERVICE_AUTHOR: "redacted"
    # Uncomment the line below and set to a non-empty value if you want to use Let's Encrypt
    # to generate an SSL certificate for the Panel.
    # LE_EMAIL: ""
  mail:
    &mail-environment
    MAIL_FROM: "noreply@example.com"
    MAIL_DRIVER: "smtp"
    MAIL_HOST: "mail"
    MAIL_PORT: "1025"
    MAIL_USERNAME: ""
    MAIL_PASSWORD: ""
    MAIL_ENCRYPTION: "true"

#
# ------------------------------------------------------------------------------------------
# DANGER ZONE BELOW
#
# The remainder of this file likely does not need to be changed. Please only make modifications
# below if you understand what you are doing.
#
services:
  database:
    image: mariadb:10.5
    restart: always
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - "/srv/pterodactyl/database:/var/lib/mysql"
    environment:
      <<: *db-environment
      MYSQL_DATABASE: "panel"
      MYSQL_USER: "pterodactyl"
  cache:
    image: redis:alpine
    restart: always
  panel:
    image: ghcr.io/blueprintframework/blueprint:v1.11.7
    restart: always
    ports:
      - "25575:443"
    links:
      - database
      - cache
    volumes:
      - "/srv/pterodactyl/var/:/app/var/"
      - "/srv/pterodactyl/nginx/:/etc/nginx/http.d/"
      - "/srv/pterodactyl/certs/:/etc/letsencrypt/"
      - "/srv/pterodactyl/logs/:/app/storage/logs"
      - "/srv/pterodactyl/extensions/:/blueprint_extensions"
      - "app:/app"
    environment:
      <<: [*panel-environment, *mail-environment]
      DB_PASSWORD: *db-password
      APP_ENV: "production"
      APP_ENVIRONMENT_ONLY: "false"
      CACHE_DRIVER: "redis"
      SESSION_DRIVER: "redis"
      QUEUE_DRIVER: "redis"
      REDIS_HOST: "cache"
      DB_HOST: "database"
      DB_PORT: "3306"
networks:
  default:
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  app:
Incendiary
IncendiaryOP16mo ago
Incendiary
IncendiaryOP16mo ago
Nothing stands out to me from them, except the no application key, but in my .env, my APP_KEY is there
Loki
Loki16mo ago
I'd try deleting the folders on the host system and spinning it down and up again; regenerate everything.
Incendiary
IncendiaryOP16mo ago
If that would mean doing rm /srv/ -r I have done that multiple times, I do not know of any other places
Loki
Loki16mo ago
What does your browser say when you go to https://pterodactyl.redacted.org:25575 ? Use a private/incognito tab; take cache out of the equation.
Incendiary
IncendiaryOP16mo ago
No description
Incendiary
IncendiaryOP16mo ago
I am using haproxy for this, with other subdomains pointing to the same internal ip, so I am confident the proxy is not to blame And judging by it resolving to a 503, i believe it is trying to send it to the correct place
Loki
Loki16mo ago
Go back to the official image at https://github.com/pterodactyl/panel/blob/develop/docker-compose.example.yml until you can get the site working; that way you get support in the Pterodactyl Panel Discord. Once it works, you can add the volumes back and swap out the images. I'm out of ideas.
Incendiary
IncendiaryOP16mo ago
Aight it was a longshot that yall could help, I started out without blueprint, so i doubt it is an issue with blueprint unfortunately, it does not seem that anyone wants to help in the pterodactyl server, so I wanted to try this out

Did you find this page helpful?