# CentOS 7

In this guide we will install Pterodactyl — including all of it's dependencies — and configure our webserver to serve it using SSL.

TIP

This guide is based off the official installation documentation but is tailored specifically for CentOS 7.

# Install Requirements and Additional Utilities

We will install all of Pterodactyl's required dependencies and a few aditional utilities.

TIP

If you run sestatus and it shows SELinux status: enabled you should install the following packages for later

# SELinux tools

yum install -y policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

# MariaDB

## Install Repos
cat <<EOF > /etc/yum.repos.d/mariadb.repo
# MariaDB 10.2 CentOS repository list - created 2017-07-14 12:40 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

## Get yum updates
yum update -y

## Install MariaDB 10.2
yum install -y MariaDB-common MariaDB-server

## Start maraidb
systemctl start mariadb
systemctl enable mariadb

# PHP 7.3

We recommend the remi repo to get the latest php packages.

## Install Repos
yum install -y epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73

## Get yum updates
yum update -y

## Install PHP 7.3
yum install -y php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache

# Composer

yum install -y zip unzip # Required for Composer
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

# Install Utility Packages

# Nginx

yum install -y nginx

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent 
firewall-cmd --reload

# Redis

yum install -y --enablerepo=remi redis

systemctl start redis
systemctl enable redis

# SELinux commands

The following command will allow nginx to work with redis and

setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_unified 1

# Server Configuration

This following section covers the configuration of parts of the server to run the panel.

# Configuring MariaDB

The fastest way to set up mariadb is to use the mysql_secure_installation command and follow prompts

mysql_secure_installation

The following are safe defaults.

Change to your own secure password
Set root password? [Y/n] Y

Get rid of users that could access the db by default
Remove anonymous users? [Y/n] Y

Keep root off the external interfaces
Disallow root login remotely? [Y/n] Y

Extra databases that aren't needed
Remove test database and access to it? [Y/n] Y

Clears and sets all the changes made
Reload privilege tables now? [Y/n] Y

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

# Adding MariaDB user

To add your first user to the database, see our tutorial on setting up MySQL.

# Setup PHP

Place the contents below in a file inside the /etc/php-fpm.d folder. The file can be named anything, but a good standard is www-pterodactyl.conf. This config will match the nginx config later in the guide.

[pterodactyl]

user = nginx
group = nginx

listen = /var/run/php-fpm/pterodactyl.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0750

pm = ondemand
pm.max_children = 9
pm.process_idle_timeout = 10s
pm.max_requests = 200

Start and enable php-fpm on the system.

systemctl enable php-fpm
systemctl start php-fpm

# Nginx

Please check our tutorial on generating SSL certificates for more information.

# SSL Configuration





 





 














 
 







































server_tokens off;

server {
    listen 80;
    server_name <domain>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name <domain>;

    root /var/www/pterodactyl/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;
    
    sendfile off;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

# Redis Setup

The default Redis install is perfectly fine for the panel. If you have Redis already in use you may want to look into running another Redis instance.

# Installing the Panel

Excellent, we now have all of the required dependencies installed and configured. From here, follow the official Panel installation documentation.