diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..335b2b8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +panel/data/panel/logs/ +panel/data/database/ \ No newline at end of file diff --git a/README.md b/README.md index 4667d9f..3aff47e 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Navigate to `panel/compose/docker-compose.yml` and set these variables |-|:-:|-| | MYSQL_ROOT_PASSWORD | - | Use a password generator to create a strong password | | MYSQL_PASSWORD | - | Don't reuse your root's password for this, generate a new one | -| APP_URL | https://panel.example.com | Same as `PANEL_DOMAIN` but with `https://` included| +| APP_URL | https://localhost | Same as `PANEL_DOMAIN` but with `https://` included| Rest of the variables can be set as desired, these three are required for panel's basic functionality. @@ -61,6 +61,85 @@ Inside of `panel/compose` run ``` docker-compose up -d ``` +Generates a new encryption key for the APP. +``` +docker-compose run --rm panel php artisan key:generate +``` +Create the pterodactyl configuration file +``` +docker-compose run --rm panel cat > /etc/nginx/conf.d/pterodactyl.conf +``` +Paste the settings in the console: change the `````` +```xml +server_tokens off; + +server { + listen 80; + server_name ; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + server_name ; + + root /var/www/pterodactyl/public; + index index.php; + + access_log /var/log/nginx/pterodactyl.app-access.log; + error_log /var/log/nginx/pterodactyl.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_max_body_size 100m; + client_body_timeout 120s; + + sendfile off; + + # SSL Configuration - Replace the example with your domain + ssl_certificate /etc/letsencrypt/live//fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + ssl_prefer_server_ciphers on; + + # See https://hstspreload.org/ before uncommenting the line below. + # add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header X-Frame-Options DENY; + add_header Referrer-Policy same-origin; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + } + + location ~ /\.ht { + deny all; + } +} +``` +CTL + C para salvar + Navigate to the domain you've set for `PANEL_DOMAIN` earlier and make sure panel is up and running. Create a new user
diff --git a/panel/data/panel/nginx/pterodactyl.conf b/panel/data/panel/nginx/pterodactyl.conf new file mode 100644 index 0000000..a5ea0d9 --- /dev/null +++ b/panel/data/panel/nginx/pterodactyl.conf @@ -0,0 +1,65 @@ +server_tokens off; + +server { + listen 80; + server_name localhost; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + server_name localhost; + + root /var/www/pterodactyl/public; + index index.php; + + access_log /var/log/nginx/pterodactyl.app-access.log; + error_log /var/log/nginx/pterodactyl.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_max_body_size 100m; + client_body_timeout 120s; + + sendfile off; + + # SSL Configuration - Replace the example localhost with your domain + ssl_certificate /etc/letsencrypt/live/localhost/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/localhost/privkey.pem; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + ssl_prefer_server_ciphers on; + + # See https://hstspreload.org/ before uncommenting the line below. + # add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header X-Frame-Options DENY; + add_header Referrer-Policy same-origin; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + } + + location ~ /\.ht { + deny all; + } diff --git a/panel/data/panel/var/.env b/panel/data/panel/var/.env index e69de29..1da3b36 100644 --- a/panel/data/panel/var/.env +++ b/panel/data/panel/var/.env @@ -0,0 +1 @@ +APP_KEY=base64:BEuB/rCl2ceN3vmGLT2iQuIIeLqRbc++R6o6CSYPRaY= \ No newline at end of file