search

pterodactyl / panel

Pterodactyl® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.
https://pterodactyl.io
Other
6.69k stars 1.7k forks source link

Node configuration changes remote to http behind reverse proxy with SSL termination #3995

Closed Ionic97 closed 2 years ago

Ionic97 commented 2 years ago

Current Behavior

I'm running 2 machines: Panel (play.example.com) & seperate Wing (Wing01.example.com) both behind a NGINX reverse proxy with SSL termination. Panel & Wing communicate over SSL, the panel webserver is set up without SSL.

The following is modified in /var/www/pterodactyl/.env: APP_URL="https://play.example.com" (note https instead of http)

When creating a node in the panel the following settings were choosen:

Communicate Over SSL: true
Behind Proxy: true

The resulting configuration looks like the following:

debug: false
uuid: ---
token_id: ---
token: ---
api:
  host: 0.0.0.0
  port: 8080
  ssl:
    enabled: false
    cert: /etc/letsencrypt/live/ptwings01.gslabnet.org/fullchain.pem
    key: /etc/letsencrypt/live/ptwings01.gslabnet.org/privkey.pem
  upload_limit: 100
system:
  data: /var/lib/pterodactyl/volumes
  sftp:
    bind_port: 2022
allowed_mounts: []
remote: 'http://play.example.com'

If changed in the config.yml, updating the node settings via the panel, it also overwrites the remote location back to http://play.example.com

Expected Behavior

remote: should reflect the setting of the Pterodactyl panel environment and be correctly applied with https via panel settings and in the configuration file template. Alternatively, modifications of the remote: line in config.yml shouldn't be overwritten when using the panel settings.

Steps to Reproduce

see above

Panel Version

1.7.0

Wings Version

1.6.1

Games and/or Eggs Affected

No response

Docker Image

No response

Error Logs

No response

Is there an existing issue for this?

Software-Noob commented 2 years ago

That's what the Node behind proxy option does. It skips checking for certificates for your proxy to handle it all.

As for the remote url, it should not touch it and simply syncs with the Panel if I remember right.

Ionic97 commented 2 years ago

So it sounds like you agree with me, that changing the node settings through the panel shouldnt touch the "remote" line in the yaml. Sadly it does, even though there is no setting for "remote" in the panel.

From which setting does actually pull the data (http url) it sets?

matthewpi commented 2 years ago

https://github.com/pterodactyl/panel/blob/develop/app/Models/Node.php#L171 it doesn't set it to http when behind proxy is enabled. Something is wrong somewhere else either with your setup or in the code. This might be related to another issue but I have not been able to find it.

VinGal0 commented 2 years ago

https://github.com/pterodactyl/panel/blob/develop/app/Models/Node.php#L171 it doesn't set it to http when behind proxy is enabled. Something is wrong somewhere else either with your setup or in the code. This might be related to another issue but I have not been able to find it.

Isn't "remote" somewhat connected to the environment settings? I would just double check your .env on your panel server to see if the APP_URL is https and not http (doesn't hurt to check). You can also do this with the php artisan command below whilst in the panel directory,

php artisan p:environment:setup

Ionic97 commented 2 years ago

Isn't "remote" somewhat connected to the environment settings? I would just double check your .env on your panel server to see if the APP_URL is https and not http (doesn't hurt to check). You can also do this with the php artisan command below whilst in the panel directory,

php artisan p:environment:setup

The APP_URL is/was actually set to https. I expected the panel to pull the data from it though. The webserver for the panel is running http, as I'm terminating SSL before proxying to it, but there is no URL set (catch all on port 80).

DaneEveritt commented 2 years ago

Remote is set based on the Panel's understanding of the proxy — however you're connecting to the Panel in the browser is how remote is generated.

If it isn't doing that, then you have something setup wrong with the proxy or are trying to do something the Panel doesn't know how to handle. I'm not going to be investigating this — proxies are notoriously annoying for us to debug, and are more often than not issues caused by individual user configurations.