Install pterodactyl on Debian 9

This guide covers the installation of the requirements for a panel with SSL enabled.

Install Requirements

The panel requirements can be found here

MariaDB

apt install -y software-properties-common dirmngr

## get MariaDB gpg keys
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8

## install the MariaDB repo
add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.jaleco.com/mariadb/repo/10.1/debian stretch main'

## Get apt updates
apt update

## Install MariaDB 10.1
apt install -y mariadb-common mariadb-server mariadb-client

## Start maraidb
systemctl start mariadb
systemctl enable mariadb

PHP 7.2

## Install the PHP 7.2 repo for debian
apt install -y ca-certificates apt-transport-https
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
echo "deb https://packages.sury.org/php/ stretch main" | tee /etc/apt/sources.list.d/php.list

## Get apt updates
apt update

## Install PHP 7.2
apt install -y php7.2 php7.2-cli php7.2-gd php7.2-mysql php7.2-pdo php7.2-mbstring php7.2-tokenizer php7.2-bcmath php7.2-xml php7.2-fpm php7.2-curl php7.2-zip

nginx

apt install -y nginx

Redis

apt install -y redis-server

systemctl start redis-server
systemctl enable redis-server

utilities

certbot

apt install -y certbot curl

composer

curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

Server Configuration

This following section covers the configuration of parts of the server to run the panel.

MariaDB

The fastest way to set up mariadb is to use the mysql_secure_installation command and follow prompts

mysql_secure_installation

The following are safe defaults.

Change to your own secure password
Set root password? [Y/n] Y

Get rid of users that could access the db by default
Remove anonymous users? [Y/n] Y

Keep root off the external interfaces
Disallow root login remotely? [Y/n] Y

Extra databases that aren't needed
Remove test database and access to it? [Y/n] Y

Clears and sets all the changes made
Reload privilege tables now? [Y/n] Y

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Adding MariaDB user

We have a tutorial in the tutorial section
Setting up MySQL

PHP

The default php-fpm configuration is good to use.

Start and enable php-fpm on the system.

systemctl enable php7.2-fpm
systemctl start php7.2-fpm

nginx

follow the tutorial on generating an SSL cert to use.

ssl config





 





 














 
 








































server_tokens off;

server {
    listen 80;
    server_name <domain>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name <domain>;

    root /var/www/pterodactyl/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

Redis

The default Redis install is perfectly fine for the panel.

If you have Redis already in use you may want to look into running another Redis instance similar to this guide

Installing the panel

Follow the regular guide to install the panel