¶ Pelican
Pelican ® is the ultimate, free game server control panel offering high flying security. It's a breeze to manage your servers with our sleek and user-friendly interface. And thanks to Docker, they all run in their own safe space.
¶ Pelican Panel/Wing Install Guide [PHP/NGNIX/LETSENCRYPT] - Ubuntu 22.04 fresh install
¶ PANEL
Panel is the UI to control all nodes and servers
https://images.linuxcontainers.org/images/ubuntu
Minimum Specs - ubuntu 22.04 (Jammy) | 2cpu | 2gb ram | 4gb disk
Recommended Specs - ubuntu 24.04 (Noble) | 4cpu | 4gb ram | 5gb disk
¶ Pre-requisits
- Ensure you have a compatible Ubuntu server/cloud installed on Bare-Metal/LXC/CT
- LETSENCRYPT | needed for certbot to establish acme challenge
- CloudFlare > DNS > panel > proxied: false
- CloudFlare > SSL/TLS > Overview > encryption: flexible
- Nginx > [http] [192.168.X.XXX] [80]
Websockets: true
Block Exploits: true
¶ Post-setup
apt update && apt upgrade -y
apt install openssh-server nano curl -y
sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
systemctl restart sshd
add-apt-repository ppa:ondrej/php # needed for php8.3, could take a min to find and load
bash <(curl -Ss https://raw.githubusercontent.com/pelican-installer/pelican-installer/Production/install.sh || wget -O - https://raw.githubusercontent.com/pelican-installer/pelican-installer/Production/install.sh) auto
¶ Post-install
- Ensure you have a compatible Ubuntu server/cloud installed on Bare-Metal/LXC/CT
- NGINX | needed to properly server from behind local proxy
- Cloudflare > DNS > panel > proxied: true
- Nginx > [https] [192.168.X.XXX] [443]
- Websockets: true
- Block Exploits: true
- Advanced
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_redirect off;
- proxy_buffering off;
- proxy_request_buffering off;
- proxy_set_header X-Real-IP $remote_addr;
¶ Pterodactyl
Pterodactyl ® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.
¶ Records
| Type | Name | Ipv4 Address | Proxy | TTL |
|---|---|---|---|---|
| A | mc | 123.456.8.90 | DNS only | Auto |
| Type | Name | Priority | Weight | TTL | Port | Target |
|---|---|---|---|---|---|---|
| SRV | _minecraft.tcp.mc | 5 | 0 | Auto | 123456 | mc.example.com |
¶ Ports
HTTP ports supported by Cloudflare
- 80
- 8080
- 8880
- 2052
- 2082
- 2086
- 2095
HTTPS ports supported by Cloudflare
- 443
- 2053
- 2083
- 2087
- 2096
- 8443
Ports supported by Cloudflare, but with caching disabled
- 2052
- 2053
- 2082
- 2083
- 2086
- 2087
- 2095
- 2096
- 8880
- 8443
¶ LXC/CT SETUP
¶ General
- CT ID: XXX
- Hostname: panel
- Unprivileged: true
- Nesting: true
- Password-root: changePassword
- [Advanced] Tags: pelican/ptero
¶ Template
- Storage: local
- Template: Ubuntu-Server-Jammy-ARM64-XXXX-xx-xx.tar.gz
¶ Disks
- Storage: local/Pool/Cluster
- Disk Size: 4GB-8GB
¶ CPU
- Cores: 2-4
¶ Memory
- Memory: 1024-4096MB
- Swap: 512MB
¶ Network
- Name: eth0
- MAC: <optional>
- Bridge: vmbr0
- VLAN Tag: <optional>
- IPv4: 192.168.X.XXX/24
- Gateway(IPv4): 192.168.X.1
¶ DNS
-
DNS domain: <optional>
-
DNS servers: <optional>
apt update && apt upgrade -y apt install openssh-server nano curl -y sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config systemctl restart sshdbash <(curl -s https://pterodactyl-installer.se)
opt 0- proceed 64bit prompt |
Y - Database name (panel): |
enter - Database username (pterodactyl): |
enter - Password (press enter to use randomly generated password): |
enter - List of valid timezones here https://www.php.net/manual/en/timezones.php
- Select timezone [Europe/Stockholm]: |
America/Chicago - Provide the email address that will be used to configure Let's Encrypt and Pterodactyl: |
[email protected] - Email address for the initial admin account: |
[email protected] - Username for the initial admin account: |
USERNAME - First name for the initial admin account: |
FNAME - Last name for the initial admin account: |
LNAME - Password for the initial admin account: |
****** - Set the FQDN of this panel (panel.example.com): |
panel.example.com - Do you want to automatically configure UFW (firewall)? (y/N): |
N - Do you want to automatically configure HTTPS using Let's Encrypt? (y/N): |
Y - I agree that this HTTPS request is performed (y/N): |
Y - If you are using Cloudflare, please disable the proxy or opt out from Let's Encrypt
- Proceed anyways (install will be broken if you don't know what you are doing)? (y/N): |
Y - Initial configuration completed. Continue with installation? (y/N): |
Y - Enable sending anonymous telemetry data? (yes/no) [yes]: |
N - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree? |Y
- proceed 64bit prompt |
¶ NGINX - SSL
First, remove the default NGINX configuration.
rm /etc/nginx/sites-enabled/default
Now, you should paste the contents of the file below, replacing <domain> with your domain name being used in a file called pterodactyl.conf and place the file in /etc/nginx/sites-available/, or — if on CentOS, /etc/nginx/conf.d/.
server_tokens off;
server {
listen 80;
server_name <domain>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name <domain>;
root /var/www/pterodactyl/public;
index index.php;
access_log /var/log/nginx/pterodactyl.app-access.log;
error_log /var/log/nginx/pterodactyl.app-error.log error;
# allow larger file uploads and longer script runtimes
client_max_body_size 100m;
client_body_timeout 120s;
sendfile off;
# SSL Configuration - Replace the example <domain> with your domain
ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;
# See https://hstspreload.org/ before uncommenting the line below.
# add_header Strict-Transport-Security "max-age=15768000; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header X-Frame-Options DENY;
add_header Referrer-Policy same-origin;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_PROXY "";
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
¶ Enabling Configuration
The final step is to enable your NGINX configuration and restart it.
# You do not need to symlink this file if you are using CentOS.
sudo ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
# You need to restart nginx regardless of OS.
sudo systemctl restart nginx
¶ [ CONFIG ]
- Location > new > us.atl.hive
- Nodes
"Name: <hive1-node1>
FQDN: <node.example.com>
SSL: Use SSL
Prox: Not Behind Proxy
Total Mem: 7800 MiB
Mem Over: 0
Total Disk: 20000 MiB
Disk Over: 0
Daemon Port: 8443 {8080 /default non cloudflare}
* Allocations
IP: <192.168.X.XXX> {node ip}
Ports: 27000-27099
nano /var/www/pterodactyl/.env > TRUSTED_PROXIES=*
- Nodes
¶ WINGS
Wings are the actual server people connect to
¶ Pre Install Script
- Enable Swap
On most systems, Docker will be unable to setup swap space by default. You can confirm this by running docker info and looking for the output of WARNING: No swap limit support near the bottom.
Enabling swap is entirely optional, but we recommended doing it if you will be hosting for others and to prevent OOM errors.
To enable swap, open /etc/default/grub as a root user and find the line starting with GRUB_CMDLINE_LINUX_DEFAULT. Make sure the line includes swapaccount=1 somewhere inside the double-quotes.
After that, run sudo update-grub followed by sudo reboot to restart the server and have swap enabled. Below is an example of what the line should look like, do not copy this line verbatim. It often has additional OS-specific parameters.
nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="swapaccount=1"
GRUB_CMDLINE_LINUX="" # ONLY USED FOR SOME LINUX DISTROS GRUB_CMDLINE_LINUX="swapaccount=1"
# exit & save file
update-grub
reboot -f now
- NGINX
- Scheme: http
- Host: 192.168.X.XX
- Port: 80
- WebSock: True
- Block Expl: True
- SSL
-- Cert: None
remove old certs > /etc/letsencrypt/archive keys/live
sudo su # running install script as root
bash <(curl -s https://pterodactyl-installer.se)
Menu Selections
- Input 0-6:
1 - Do you want to automatically configure UFW (firewall)? (y/N): |
enter- Do you want to automatically configure a user for database hosts? (y/N): |
enter -
- I agree that this HTTPS request is performed (y/N): |
Y
- I agree that this HTTPS request is performed (y/N): |
- Password (press enter to use randomly generated password): |
enter - Do you still want to automatically configure HTTPS using Let's Encrypt? (y/N): |
Y - Enter email address for Let's Encrypt: |
[email protected] - Proceed with installation? (y/N): |
Y
- Do you want to automatically configure a user for database hosts? (y/N): |
After Successfull installation and confirmation of Let's Encrypt
CloudFlare
---- DNS-Record
------ Proxy: true
¶ Init Wing Config
Grab the auto-deploy token
- Panel > Nodes > Configuration > Generate Token
cd /etc/pterodactyl && sudo wings configure --panel-url https://panel.example.com --token ptla_G0fafasdfasdfadfasdfasdfkNwAi --node 1
Alternatively you can copy the details of the conffig file and paste it
This file should be placed in your daemon's root directory (usually /etc/pterodactyl) in a file called config.yml
These sections are the biggest to check once you initalize the config.yml
port: 8443
ssl:
enabled: true
cert: /etc/letsencrypt/live/game.example.com/fullchain.pem
key: /etc/letsencrypt/live/game.example.com/privkey.pem
trusted_proxies:
- 192.168.5.123 #NGINX local ip/may not be needed
allowed_origins:
- panel.example.com
Now you should be ready to do a test connection
# You can then start Wings manually to verify that it's working, you may optionally add the --debug flag to run Wings in debug mode
sudo wings --debug
# Once you have verified that it is working, use CTRL+C and then start Wings as a service (runs in the background)
systemctl start wings
Then, run the commands below to reload systemd and start Wings.
systemctl enable --now wings
¶ [ PROXMOX CONFIG vm-2]
create CT
template > ubuntu jammy headless
hostname > panel.local
network > dhcp
bash <(curl -s https://pterodactyl-installer.se)
¶ [ UBUNTU SETUP vm-2]
su root
apt-get update -y && apt-get upgrade -y
apt install curl nano net-tools openssh-server docker-compose -y
curl -s https://raw.githubusercontent.com/FriendlyNGeeks/pi-hosted/master/install_docker.sh | bash
groupadd administrators
useradd -m johnDoe # (-m | makes dir /home/johnDoe)[ userdel johnDoe ]
passwd johnDoe
#gpasswd -d johnDoe administrators | remove user from group
usermod -aG administrators johnDoe # group added to ssh to prevent root ssh
usermod -aG sudo johnDoe # needed for SUDO cmds to work
chsh -s /bin/bash johnDoe # change shell terminal to bash
reboot -f now
su root
mkdir -p /srv/pterodactyl/panel
cd /srv/pterodactyl/panel
¶ [ SSH SETUP vm-2 ]
ONLY usefull if apt install openssh-server was ran
nano /etc/ssh/sshd_config
echo "AllowGroups administrators" >> /etc/ssh/sshd_config
### ONLY TEMPORARY ENABLE ROOT SSH
sed 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart ssh
¶ [ Configure Hostname ]
Proxmox > node > DNS > Hostname: dash
# check to make sure only one entry for 127.0.0.1 localhost | nano /etc/hosts
echo "us-atl-node1" > /etc/hostname | # nano /etc/hostname us-atl-node1
hostnamectl set-hostname us-atl-node1 --pretty # set hostname if not already set
hostnamectl # check that changes took effect
###################################################
DO NOT REBOOT WITHOUT CHECKING THE ABOVE FILES
###################################################
reboot -f now | required on Ubuntu < 20.04
¶ [ DOCKER vm-2]
docker pull portainer/portainer-ce:latest || error "Failed to pull latest Portainer docker image!"
docker run -d -p 9000:9000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest --logo "https://pi-hosted.com/pi-hosted-logo.png" || error "Failed to run Portainer docker image!"
App Templates > Custom > [name: pterodactyl-panel svg: https://pterodactyl.io/logos/pterry.svg yml:vscode]
Deploy the stack
Portainer > attached shell > sh
php artisan p:user:make
admin > yes
email > [email protected]
user > johndoetoe
first > John
last > Doe
pass > ****
¶ [ NGNIX vm-1]
docker pull portainer/portainer-ce:latest || error "Failed to pull latest Portainer docker image!"
docker run -d -p 9000:9000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest --logo "https://pi-hosted.com/pi-hosted-logo.png" || error "Failed to run Portainer docker image!"
curl -s https://raw.githubusercontent.com/FriendlyNGeeks/pi-hosted/master/tools/nginx-proxy-manager.sh | bash
portainer > stack > [ yml:vscode]
browse host on port 81 http://localhost:81
enter user/pass [email protected]/changeme
Add Proxy Host > Details[domain: 162.213.196.36 fwdport: 8080] > SSL[SSL Cert: generate ForceSSL: TRUE]
SOURCES | pterodactyl.io
¶ [ PROXMOX CONFIG vm-2]
create CT
Download rootfs.tar.xz from the linuxcontainers
save to local machine as: ubuntu-22.0.4-jammy-arm.YYYY-MM-DD.tar.xz
template > upload > Ubuntu-22.0.4-jammy-arm.YYYY-MM-DD.tar.xz
hostname > panel.local
network > dhcp or > static > 192.168.5.131/24 gateway 192.168.5.1
cpu >
¶ LETSENCRYPT
Cloudflare > DNS > panel > proxied = FALSE
Nginx > http [192.168.X.XXX] 80
Websockets true
Block Explo true
¶ Nginx > https [192.168.X.XXX] 443
Websockets true
Block Explo true
Advance >
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
¶ EGGS
Eggs are a substructure of "Nests" aka Game Categories
The jsons listed below will be tagged arm64-4c4t if they have been tested on raspberry pi4-5
egg-vanilla-bedrock-arm64.json
{
"_comment": "DO NOT EDIT: FILE GENERATED AUTOMATICALLY BY PTERODACTYL PANEL - PTERODACTYL.IO",
"meta": {
"version": "PTDL_v2",
"update_url": null
},
"exported_at": "2022-07-06T09:38:01+02:00",
"name": "Vanilla Bedrock ARM64",
"author": "[email protected]",
"description": "Bedrock Edition (also known as the Bedrock Version, Bedrock Codebase, Bedrock Engine or just Bedrock) refers to the multi-platform family of editions of Minecraft developed by Mojang AB, Microsoft Studios, 4J Studios, and SkyBox Labs. Prior to this term, as the engine originated with Pocket Edition, this entire product family was referred to as \"Pocket Edition\", \"MCPE\", or \"Pocket\/Windows 10 Edition\".",
"features": [
"pid_limit"
],
"docker_images": {
"quintenqvd\/pterodactyl_images:box64": "quintenqvd\/pterodactyl_images:box64"
},
"file_denylist": [],
"startup": "box64 .\/bedrock_server",
"config": {
"files": "{\r\n \"server.properties\": {\r\n \"parser\": \"properties\",\r\n \"find\": {\r\n \"server-port\": \"{{server.build.default.port}}\",\r\n \"server-name\": \"{{server.build.env.SERVERNAME}}\",\r\n \"gamemode\": \"{{server.build.env.GAMEMODE}}\",\r\n \"difficulty\": \"{{server.build.env.DIFFICULTY}}\",\r\n \"allow-cheats\": \"{{server.build.env.CHEATS}}\",\r\n \"max-threads\": \"2\"\r\n }\r\n }\r\n}",
"startup": "{\r\n \"done\": \"Server started\"\r\n}",
"logs": "{}",
"stop": "stop"
},
"scripts": {
"installation": {
"script": "#!\/bin\/bash\r\n\r\napt update\r\napt install -y zip unzip wget curl\r\n\r\nif [ ! -d \/mnt\/server\/ ]; then\r\n mkdir \/mnt\/server\/\r\nfi\r\n\r\ncd \/mnt\/server\r\n\r\n# Minecraft CDN Akamai blocks script user-agents\r\nRANDVERSION=$(echo $((1 + $RANDOM % 4000)))\r\n\r\nif [ -z \"${BEDROCK_VERSION}\" ] || [ \"${BEDROCK_VERSION}\" == \"latest\" ]; then\r\n echo -e \"\\n Downloading latest Bedrock server\"\r\n curl -L -A \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/90.0.$RANDVERSION.212 Safari\/537.36\" -H \"Accept-Language: en\" -H \"Accept-Encoding: gzip, deflate\" -o versions.html.gz https:\/\/www.minecraft.net\/en-us\/download\/server\/bedrock\r\n DOWNLOAD_URL=$(zgrep -o 'https:\/\/minecraft.azureedge.net\/bin-linux\/[^\"]*' versions.html.gz)\r\nelse \r\n echo -e \"\\n Downloading ${BEDROCK_VERSION} Bedrock server\"\r\n DOWNLOAD_URL=https:\/\/minecraft.azureedge.net\/bin-linux\/bedrock-server-$BEDROCK_VERSION.zip\r\nfi\r\n\r\nDOWNLOAD_FILE=$(echo ${DOWNLOAD_URL} | cut -d\"\/\" -f5) # Retrieve archive name\r\n\r\necho -e \"backing up config files\"\r\nrm *.bak versions.html.gz\r\ncp server.properties server.properties.bak\r\ncp permissions.json permissions.json.bak\r\ncp whitelist.json whitelist.json.bak\r\n\r\necho -e \"Downloading files from: $DOWNLOAD_URL\"\r\n\r\ncurl -L -A \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/90.0.$RANDVERSION.212 Safari\/537.36\" -H \"Accept-Language: en\" -o $DOWNLOAD_FILE $DOWNLOAD_URL\r\n\r\necho -e \"Unpacking server files\"\r\nunzip -o $DOWNLOAD_FILE\r\n\r\necho -e \"Cleaning up after installing\"\r\nrm $DOWNLOAD_FILE\r\n\r\necho 'emit-server-telemetry=true' >> server.properties\r\n\r\necho -e \"restoring backup config files - on first install there will be file not found errors which you can ignore.\"\r\ncp -rf server.properties.bak server.properties\r\ncp -rf permissions.json.bak permissions.json\r\ncp -rf whitelist.json.bak whitelist.json\r\n\r\nchmod +x bedrock_server\r\n\r\necho -e \"Install Completed\"",
"container": "debian:buster-slim",
"entrypoint": "bash"
}
},
"variables": [
{
"name": "Bedrock Version",
"description": "The version of bedrock. (Ex. 1.7.0.13)\r\n\r\nDefault version is latest.",
"env_variable": "BEDROCK_VERSION",
"default_value": "latest",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:20",
"field_type": "text"
},
{
"name": "ld lib path",
"description": "Dumb reasons to need this",
"env_variable": "LD_LIBRARY_PATH",
"default_value": ".",
"user_viewable": false,
"user_editable": false,
"rules": "required|string|max:20",
"field_type": "text"
},
{
"name": "Server Name",
"description": "The name for the server",
"env_variable": "SERVERNAME",
"default_value": "Bedrock Dedicated Server",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:50",
"field_type": "text"
},
{
"name": "Gamemode",
"description": "Allowed values: \"survival\", \"creative\", or \"adventure\"",
"env_variable": "GAMEMODE",
"default_value": "survival",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|in:survival,creative,adventure",
"field_type": "text"
},
{
"name": "Difficulty",
"description": "Allowed values: \"peaceful\", \"easy\", \"normal\", or \"hard\"",
"env_variable": "DIFFICULTY",
"default_value": "easy",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|in:peaceful,easy,normal,hard",
"field_type": "text"
},
{
"name": "Allow cheats",
"description": "If true then cheats like commands can be used.\r\n\r\nAllowed values: \"true\" or \"false\"",
"env_variable": "CHEATS",
"default_value": "false",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|in:true,false",
"field_type": "text"
}
]
}
Coming Soon!!!
egg-five-m-arm64.json
{
"_comment": "DO NOT EDIT: FILE GENERATED AUTOMATICALLY BY PTERODACTYL PANEL - PTERODACTYL.IO",
"meta": {
"version": "PTDL_v2",
"update_url": null
},
"exported_at": "2024-02-13T14:08:20+01:00",
"name": "FiveM ARM64",
"author": "[email protected]",
"description": "A FiveM egg for the latest builds due to recent changes in FiveM",
"features": null,
"docker_images": {
"quintenqvd\/pterodactyl_images:dev_fex": "quintenqvd\/pterodactyl_images:dev_fex"
},
"file_denylist": [],
"startup": "cd \/home\/container\/fivem; export HOME=\/home\/container; FEXInterpreter \/home\/container\/fivem\/alpine\/opt\/cfx-server\/ld-musl-x86_64.so.1 --library-path \"\/home\/container\/fivem\/alpine\/usr\/lib\/v8\/:\/home\/container\/fivem\/alpine\/lib\/:\/home\/container\/fivem\/alpine\/usr\/lib\/\" -- \/home\/container\/fivem\/alpine\/opt\/cfx-server\/FXServer +set citizen_dir \/home\/container\/fivem\/alpine\/opt\/cfx-server\/citizen\/ +set sv_licenseKey {{FIVEM_LICENSE}} +set steam_webApiKey {{STEAM_WEBAPIKEY}} +set sv_maxplayers {{MAX_PLAYERS}} +set serverProfile default +set txAdminPort {{TXADMIN_PORT}} $( [ \"$TXADMIN_ENABLE\" == \"1\" ] || printf %s '+exec server.cfg' )",
"config": {
"files": "{\r\n \"fivem\/server.cfg\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"endpoint_add_tcp\": \"endpoint_add_tcp \\\"0.0.0.0:{{server.build.default.port}}\\\"\",\r\n \"endpoint_add_udp\": \"endpoint_add_udp \\\"0.0.0.0:{{server.build.default.port}}\\\"\",\r\n \"sv_hostname\": \"sv_hostname \\\"{{server.build.env.SERVER_HOSTNAME}}\\\"\",\r\n \"set sv_licenseKey\": \"set sv_licenseKey {{server.build.env.FIVEM_LICENSE}}\",\r\n \"set steam_webApiKey\": \"set steam_webApiKey {{server.build.env.STEAM_WEBAPIKEY}}\",\r\n \"sv_maxclients\": \"sv_maxclients {{server.build.env.MAX_PLAYERS}}\"\r\n }\r\n }\r\n}",
"startup": "{\r\n \"done\": \"succeeded. Welcome!\"\r\n}",
"logs": "{}",
"stop": "quit"
},
"scripts": {
"installation": {
"script": "#!\/bin\/bash\r\n# FiveM Installation Script\r\n#\r\n# Server Files: \/mnt\/server\r\napt update\r\napt -y install tar xz-utils file jq curl git\r\n\r\nmkdir -p \/mnt\/server\/fivem\/resources\r\n\r\ncd \/mnt\/server\/fivem\/\r\n\r\necho \"updating citizenfx resource files\"\r\ngit clone https:\/\/github.com\/citizenfx\/cfx-server-data.git \/tmp\r\ncp -Rf \/tmp\/resources\/* resources\/\r\n\r\nRELEASE_PAGE=$(curl -sSL https:\/\/runtime.fivem.net\/artifacts\/fivem\/build_proot_linux\/master\/)\r\nCHANGELOGS_PAGE=$(curl -sSL https:\/\/changelogs-live.fivem.net\/api\/changelog\/versions\/linux\/server)\r\n\r\nif [[ \"${FIVEM_VERSION}\" == \"recommended\" ]] || [[ -z ${FIVEM_VERSION} ]]; then\r\n DOWNLOAD_LINK=$(echo $CHANGELOGS_PAGE | jq -r '.recommended_download')\r\nelif [[ \"${FIVEM_VERSION}\" == \"latest\" ]]; then\r\n DOWNLOAD_LINK=$(echo $CHANGELOGS_PAGE | jq -r '.latest_download')\r\nelse\r\n VERSION_LINK=$(echo -e \"${RELEASE_PAGE}\" | grep -Eo '\".*\/*.tar.xz\"' | grep -Eo '\".*\/*.tar.xz\"' | sed 's\/\\\"\/\/g' | sed 's\/\\.\\\/\/\/1' | grep -i \"${FIVEM_VERSION}\" | grep -o =.* | tr -d '=')\r\n if [[ \"${VERSION_LINK}\" == \"\" ]]; then\r\n echo -e \"defaulting to recommedned as the version requested was invalid.\"\r\n DOWNLOAD_LINK=$(echo $CHANGELOGS_PAGE | jq -r '.recommended_download')\r\n else\r\n DOWNLOAD_LINK=$(echo https:\/\/runtime.fivem.net\/artifacts\/fivem\/build_proot_linux\/master\/${VERSION_LINK})\r\n fi\r\nfi\r\n\r\nif [ ! -z \"${DOWNLOAD_URL}\" ]; then\r\n if curl --output \/dev\/null --silent --head --fail ${DOWNLOAD_URL}; then\r\n echo -e \"link is valid. setting download link to ${DOWNLOAD_URL}\"\r\n DOWNLOAD_LINK=${DOWNLOAD_URL}\r\n else\r\n echo -e \"link is invalid closing out\"\r\n exit 2\r\n fi\r\nfi\r\n\r\necho -e \"Running curl -sSL ${DOWNLOAD_LINK} -o ${DOWNLOAD_LINK##*\/}\"\r\n\r\ncurl -sSL ${DOWNLOAD_LINK} -o ${DOWNLOAD_LINK##*\/}\r\n\r\necho \"Extracting fivem files\"\r\n\r\nFILETYPE=$(file -F ',' ${DOWNLOAD_LINK##*\/} | cut -d',' -f2 | cut -d' ' -f2)\r\nif [ \"$FILETYPE\" == \"gzip\" ]; then\r\n tar xzvf ${DOWNLOAD_LINK##*\/}\r\nelif [ \"$FILETYPE\" == \"Zip\" ]; then\r\n unzip ${DOWNLOAD_LINK##*\/}\r\nelif [ \"$FILETYPE\" == \"XZ\" ]; then\r\n tar xvf ${DOWNLOAD_LINK##*\/}\r\nelse\r\n echo -e \"unknown filetype. Exiting\"\r\n exit 2\r\nfi\r\n\r\nrm -rf ${DOWNLOAD_LINK##*\/} run.sh\r\n\r\nif [ -e server.cfg ]; then\r\n echo \"Skipping downloading default server config file as one already exists\"\r\nelse\r\n echo \"Downloading default fivem config\"\r\n curl https:\/\/raw.githubusercontent.com\/parkervcp\/eggs\/master\/game_eggs\/gta\/fivem\/server.cfg >>server.cfg\r\nfi\r\n\r\nmkdir -p logs\/\r\n\r\necho \"install complete\"",
"container": "debian:bullseye-slim",
"entrypoint": "bash"
}
},
"variables": [
{
"name": "fivem license",
"description": "Required to start the service. Get your keys at https:\/\/keymaster.fivem.net\/",
"env_variable": "FIVEM_LICENSE",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:33",
"field_type": "text"
},
{
"name": "Max Players",
"description": "Set the fivem max play count",
"env_variable": "MAX_PLAYERS",
"default_value": "48",
"user_viewable": true,
"user_editable": false,
"rules": "required|integer|between:1,48",
"field_type": "text"
},
{
"name": "Server Hostname",
"description": "The name that shows up in the server browser",
"env_variable": "SERVER_HOSTNAME",
"default_value": "My new FXServer!",
"user_viewable": true,
"user_editable": true,
"rules": "required|string",
"field_type": "text"
},
{
"name": "fivem version",
"description": "The fivem version that is to be installed. Invalid versions will default to recommended.\r\n\r\nAn example is `6013-d8ae399d15680da569022f57ab7f2474d307c821`\r\n\r\nYou can get the latest version from here - https:\/\/runtime.fivem.net\/artifacts\/fivem\/build_proot_linux\/master\/",
"env_variable": "FIVEM_VERSION",
"default_value": "recommended",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:50",
"field_type": "text"
},
{
"name": "Download Link",
"description": "This is the link to download fivem from. This is only used in the install script.\r\n\r\nThe file you link to needs to be an fx.tar.zx file.\r\n\r\nExample:\r\nhttps:\/\/runtime.fivem.net\/artifacts\/fivem\/build_proot_linux\/master\/6013-d8ae399d15680da569022f57ab7f2474d307c821\/fx.tar.xz",
"env_variable": "DOWNLOAD_URL",
"default_value": "",
"user_viewable": false,
"user_editable": false,
"rules": "string|nullable",
"field_type": "text"
},
{
"name": "Steam Web Api Key",
"description": "Use your Steam WebApiKey or set to 'none'. Get your key at https:\/\/steamcommunity.com\/dev\/apikey\/",
"env_variable": "STEAM_WEBAPIKEY",
"default_value": "none",
"user_viewable": true,
"user_editable": true,
"rules": "required|string",
"field_type": "text"
},
{
"name": "txAdmin Port",
"description": "The port for the txAdmin panel",
"env_variable": "TXADMIN_PORT",
"default_value": "40120",
"user_viewable": true,
"user_editable": false,
"rules": "required|string|max:20",
"field_type": "text"
},
{
"name": "Enable txadmin",
"description": "Enables txadmin.\r\n\r\nset to 1 to enable. (default is 0 for false)",
"env_variable": "TXADMIN_ENABLE",
"default_value": "0",
"user_viewable": true,
"user_editable": true,
"rules": "required|boolean",
"field_type": "text"
},
{
"name": "FEX_ROOTFS_PATH",
"description": "If you want a custom (mounted) fex RootFS\r\nMust end in a \/\r\nExample: \/fex\/",
"env_variable": "FEX_ROOTFS_PATH",
"default_value": "",
"user_viewable": false,
"user_editable": false,
"rules": "nullable|string|max:32",
"field_type": "text"
}
]
}
Additional SQL database needed to support FiveM recipes/config [ mariadb <> MySQL ]
apt-get install mariadb-server
mysql_secure_installation
mariadb # access cmdlet
# MariaDB [(none)]>
GRANT ALL PRIVILEGES ON *.* TO 'FiveMdbUser'@'%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
SELECT User, Host FROM mysql.user WHERE Host <> 'localhost'; # check table
exit
nano /etc/mysql/mariadb.conf.d/50-server.cnf # (change bind address to 0.0.0.0 and press ctrl+O and enter and ctrl+X)
echo "[mysqld]" >> /etc/mysql/my.cnf # (adds section to bottom of file)
echo "bind-address=0.0.0.0" >> /etc/mysql/my.cnf # (binding any ip at local host)
systemctl restart mysql
mysqladmin -u FiveMdbUser -p version # enter password and see if version is deplayed confirming perms are correct
¶ ISSUES
¶ Symptom: System hangs on add-apt-repository ppa:ondrej/php
Solution:
- Check if ppa.launchpad.net is under maintenance | https://ubuntu.social/@launchpadstatus
- Check status of repository server | https://status.canonical.com/ > ppa.launchpad.net
- Wait until service is Operational | re-run install script/cmds
¶ Symptom: Missing php8.3
Solution:
- apt install net-tools, find whats using port 80
netstat -nap | egrep ':(80|443)\s.*LISTEN', stop it with ex.systemctl stop apache2then re-run Certbotcertbot -v --nginx --redirect --no-eff-email --email "[email protected]" -d "panel.example.com"
¶ Symptom: Request cert for panel.example failed to bind port 80
Solution:
- read log |
nano /var/log/letsencrypt/letsencrypt.log - install lib netstat |
apt install net-tools - find whats using port 80 |
netstat -nap | egrep ':(80|443)\s.*LISTEN' - stop that service |
systemctl stop apache2 - then re-run Certbot |
certbot -v --nginx --redirect --no-eff-email --email "[email protected]" -d "panel.example.com"
¶ Symptom: SSH connections dropped after network config
Solution:
- Confirm you are able to ping the node | `ping 192.168.X.XXX'
- Use Proxmox console to view the node and login and correct host files
Manual remove of maria-db DATABASE & USER
mariadb -u root -e "DROP DATABASE panel";
mariadb -u root -e "DROP USER IF EXISTS 'pelican'@'127.0.0.1'";