Getting 500 everytime i do something that requires to call node's API

[o-be-one]

Hello all,

I'm new to Pterodactyl (i mean, i know it since the beginning, i am game hosting customer since ~10y, but first time i really host it).

• panel is hosted on server named d1, use Docker and is hosted behind Traefik + CloudFlare with proxy set to on (CNAME entry)
• wings is hosted on server named g1, use Docker and is hosted behind Traefik + CloudFlare with proxy set to off (A entry)

Both servers, d1 and g1 use 1.1.1.1 to resolve DNS.

My panel is able to get reporting from my wings, well at least we have server information and a green heart icon.

Issue is, when i do anything related to a node (test to create game server, delete game server, edit unregistered node, edit registered node) i get a 500 error. Only logs i get is related to supervisord complaning about http without authentification while settings are to use linux socket.

I've already asked on official Pterodactyl Discord and got some hints / advices from parkervcp (thanks a lot!). I would like to ask for your help as well as officially Pterodactyl doesn't provide support to Traefik so this make our usecase with Traefik + CloudFlare more "unique". Any advice to check or whatever would be welcome.

While waiting for an answer i will continue to dig. In case i find something i'll update my issue so people can have more troubleshooting stories.

[EdyTheCow]

1. Does the wings "heart" in panel turn red as if it went offline when this happens?
2. Is your panel's domain using https inside wings config file? (In some cases wings had set the url to http for me in the past)
3. Does this happen sometimes, or every single time any action is made on wings?

[o-be-one]

Thanks for your quick answer EdyTheCow,

1. no
2. all domains are https
3. every time an action from the panel tries to reach wings API

Be aware same issue happens even if there is no real wings behind: i've tried to add a fake wings and even if i click edit, do some changes and then click save, the panel go 500.

[EdyTheCow]

Could you provide logs if any from your browser's DevTools console? This seems like it's panel related issue.

[o-be-one]

Sure, what kind of log would you like and would be relevant enough? From console i only get a: Status 500 POST https://panel.domain.tld/admin/nodes/view/6/settings

[EdyTheCow]

I was hoping it would display more than that... One other thing I can think of is the trusted proxies:

https://github.com/EdyTheCow/docker-pterodactyl/blob/8164cf6b3a7b6ee48878de2553ce216dfc1f439b/panel/compose/docker-compose.yml#L77

Do you have this set in your panel's compose file? Additionally, in Cloudflare dashboard under "SSL/TLS" make sure it's set to "Full" and not "Flexible".

[o-be-one]

Yes i have the TRUSTED_PROXIES: "*", i've simply copied your compose. Note i always remove the http part as CloudFlare will anyway redirect to https. My Traefik already works over CloudFlare with success for several services like BookStack; not meaning cause it works it will works for pterodactyl, but maybe this information could be relevant.

Cloudflare is set to Full (Strict) (Traefik set to use CloudFlare API to proceed a dns check).

[EdyTheCow]

Note i always remove the http part as CloudFlare will anyway redirect to https.

Do you mean the labels that redirect from http to https? If that's the case, you should at least try adding those back and testing if it changes anything. I wouldn't use "Full (Strict)" either when testing, try setting it to "Full" instead, at least until you get everything working.

[o-be-one]

So i've switch CloudFlare to just Full and i've update my labels to support HTTP, still error 500 :(.

[EdyTheCow]

Weird, I can try helping you over discord for faster debugging rather than github issues. You can join https://singlbit.com/discord and private message me from there.

[o-be-one]

Thank you EdyTheCow, i just joined :).

[phrostbit]

Was there a resolution for this? I'm facing the same issue. I did figure out a few things with the panel running behind a separate Traefik instance with Oauth and a few other things if you want to see how I bypassed Oauth for wings to communicate with the panel. Still facing the 500 response issue.

[o-be-one]

Was there a resolution for this?

Nothing yet. EdyTheCow is really busy right now so we didn't checked the issue and i haven't spent time on it since. Did you found anything?

[6ixfalls]

This may be a potential fix for the issue (I haven't seen this issue occur since doing this): Set the trusted_hosts inside the wings config yaml to the subnet of the network with traefik. For example, for docker-pterodactyl, you can add 172.20.0.0/16 to the list.

api:
  trusted_proxies:
    - 172.20.0.0/16