Game Servers
How to Install Pterodactyl Panel Securely
Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. This guide installs it on Ubuntu 24.04 LTS with a dedicated least-privilege database user, free TLS, and a firewall that exposes only what is needed. The web server should never be run as root.
Install Dependencies
Install PHP 8.3 (shipped with Ubuntu 24.04), MariaDB, Redis, Nginx, and the tools the installer needs.
sudo apt update
# PHP 8.3 is the version packaged with Ubuntu 24.04 LTS
sudo apt install -y php8.3 php8.3-{cli,gd,mysql,pdo,mbstring,tokenizer,bcmath,xml,fpm,curl,zip} \
mariadb-server nginx tar unzip git redis-serverInstall Composer
Install Composer for PHP dependency management into a system path.
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer composer --version # verify it runs
Create a Least-Privilege Database User
Create a dedicated database and a user whose rights are limited to that one database. Never let the panel use the MariaDB root account. Use a long random password.
sudo mysql -- Run inside the MariaDB prompt: CREATE DATABASE panel; -- Bind the user to 127.0.0.1 and give it a strong, unique password CREATE USER 'pterodactyl'@'127.0.0.1' IDENTIFIED BY 'CHANGE_ME_long_random_password'; -- Grant privileges ONLY on the panel database, nothing server-wide GRANT ALL PRIVILEGES ON panel.* TO 'pterodactyl'@'127.0.0.1'; FLUSH PRIVILEGES; EXIT;
Download Pterodactyl
Create the web root, download the latest release, and set ownership to the web server user so nothing runs as root.
sudo mkdir -p /var/www/pterodactyl cd /var/www/pterodactyl sudo curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/latest/download/panel.tar.gz sudo tar -xzvf panel.tar.gz sudo chmod -R 755 storage/* bootstrap/cache/
Install and Configure the Panel
Copy the environment file, install dependencies without dev tools, generate the app key, and run the guided setup.
sudo cp .env.example .env sudo composer install --no-dev --optimize-autoloader sudo php artisan key:generate --force # generates the unique APP_KEY; never share it sudo php artisan p:environment:setup sudo php artisan p:environment:database sudo php artisan migrate --seed --force sudo php artisan p:user:make # create the first admin user # Hand the files to the web server user so the app never runs as root sudo chown -R www-data:www-data /var/www/pterodactyl
Configure Nginx with HTTPS
Add the server block, enable it, then issue a free Let's Encrypt certificate so the panel is only reachable over TLS.
sudo nano /etc/nginx/sites-available/pterodactyl.conf # paste the official Pterodactyl Nginx block sudo ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl restart nginx # Free TLS certificate, auto-configured for Nginx: sudo apt install -y certbot python3-certbot-nginx sudo certbot --nginx -d panel.yourdomain.com
Open Only the Needed Ports and Add the Cron Job
Allow SSH and HTTPS only, then register the scheduler. Keep the panel and the system updated regularly.
sudo ufw allow OpenSSH sudo ufw allow 'Nginx Full' sudo ufw enable # Scheduler: runs Pterodactyl's queued tasks every minute sudo crontab -e # Add this line: * * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1
Pterodactyl is installed with a least-privilege database user, runs as www-data rather than root, is served only over HTTPS, and is firewalled to SSH and web traffic. Keep the panel, PHP, and your OS patched on a regular schedule.