Skip to content

Add Cloudflared documentation for PR#1945 in pelican-dev/panel #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
k3vmcd wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add Cloudflared documentation for PR#1945 in pelican-dev/panel #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
19e8ce8
Add Cloudflare Tunnel deployment guide to documentation
k3vmcd Nov 29, 2025
2996087
Refine Cloudflare Tunnel deployment guide for clarity and completeness
k3vmcd Nov 29, 2025
e07d0fa
Enhance Cloudflare Tunnel deployment guide with LAN access details an…
k3vmcd Nov 29, 2025
0c07eb5
Update docs/panel/advanced/cloudflare-tunnel.mdx
k3vmcd Nov 29, 2025
3884142
Update link to Wings installation guide
k3vmcd Nov 29, 2025
328c017
Fix formatting error introduced by coderabbitai
k3vmcd Nov 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
153 changes: 153 additions & 0 deletions docs/panel/advanced/cloudflare-tunnel.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
---
title: Cloudflare Tunnel Deployment
description: Run Pelican Panel behind Cloudflare Tunnel using Docker Compose, Caddy, and cloudflared without exposing any ports.
---

Running Pelican Panel behind a Cloudflare Tunnel keeps your host firewalls closed while still benefiting from automatic HTTPS, DDoS protection, and identity-aware access. This guide walks through deploying the example stacks in `pelicanpanel/examples/cloudflare-tunnel` and `pelicanpanel/examples/cloudflare-tunnel-lan`.

## Prerequisites

- Docker Engine and Docker Compose plugin
- A domain managed in Cloudflare
- Cloudflare Zero Trust account (free tier is sufficient)

## Quick Start

### 1. Copy the Example

```bash
# For tunnel-only deployment (no LAN access):
cp -R pelicanpanel/examples/cloudflare-tunnel ~/pelican-deployment

# OR for LAN access fallback (recommended if local network access is needed):
cp -R pelicanpanel/examples/cloudflare-tunnel-lan ~/pelican-deployment

cd ~/pelican-deployment
cp .env.example .env
```

Edit `.env` and set:
- `PANEL_DOMAIN`: the hostname for your panel (e.g., `panel.example.com`)
- `ADMIN_EMAIL`: administrator email for system notifications
- `APP_URL`: normally `https://${PANEL_DOMAIN}`
- `CLOUDFLARE_TUNNEL_TOKEN`: (we'll get this in the next step)
- `LAN_BIND_ADDRESS`: (LAN variant only) your server's LAN IP (e.g., `192.168.1.50`)
Comment on lines +29 to +34
Copy link

@coderabbitai coderabbitai bot Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, find the example directories mentioned in the comment
find . -type d -name "cloudflare-tunnel*" 2>/dev/null | head -20

Repository: pelican-dev/docs

Length of output: 176

🏁 Script executed:

#!/bin/bash
# Also search for .env.example files in the repository
fd -type f -name ".env.example" 2>/dev/null

Repository: pelican-dev/docs

Length of output: 176

🌐 Web query:

PelicanPanel cloudflare-tunnel example .env configuration

💡 Result:

Below is a minimal example .env for running Pelican Panel behind a Cloudflare Tunnel (cloudflared). Adjust values (domain, ports, tokens) to your setup.

.env example
APP_NAME=PelicanPanel
APP_ENV=production
APP_KEY=base64:GENERATED_APP_KEY_HERE
APP_DEBUG=false
APP_URL=https://panel.example.com
ADMIN_EMAIL=admin@example.com

DB_CONNECTION=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=pelican
DB_USERNAME=pelican
DB_PASSWORD=secret

Cloudflare Tunnel (quick tunnel token / container-driven)

If using a container image that supports CF tunnel tokens (e.g. cloudflared quick tunneling),

set the token env var your image expects. Example name used by some projects:

CF_TUNNEL_TOKEN=your-cloudflared-token-here

If managing tunnels via Cloudflare API / dashboard (remotely-managed), point APP_URL to the hostname

created in Cloudflare and run cloudflared separately (no token in panel).

Optional: expose internal service port Pelican listens on:

PANEL_PORT=8000

Notes:

  • APP_URL must match the public hostname (the Cloudflare tunnel hostname) and include protocol. Pelican's Docker docs require APP_URL and ADMIN_EMAIL. [1]
  • How you pass the Cloudflare tunnel credential depends on your cloudflared setup:
    • For quick tunnels you supply the --token (often via CF_TUNNEL_TOKEN env var in many container images). [2][3]
    • For remotely-managed tunnels, create the hostname/routes in the Cloudflare dashboard and run cloudflared (or use a separate cloudflared container) without embedding tokens in the Pelican .env. [2]

Sources:

  • Pelican Panel Docker / env guidance. [1]
  • Cloudflare Tunnel creation & remotely-managed vs quick tunnels. [2]
  • Example projects using CF_TUNNEL_TOKEN env var for quick tunnels. [3]

If you want, tell me how you run cloudflared (separate container, sidecar, or managed tunnel) and I’ll produce a tailored docker-compose + .env snippet.

🌐 Web query:

pelicanpanel examples cloudflare-tunnel github

💡 Result:

Here are GitHub examples/repos and useful references for running Pelican Panel (panel/wings) behind a Cloudflare Tunnel:

  • Pelican Panel (official repo / docs). Start here for panel/wings config and Docker info. [1]
  • Pelinstaller — unofficial Pelican Panel installer (automates panel + wings setup; useful if you want a packaged install before adding a tunnel). [2]
  • container-cloudflare-tunnel — Docker Compose example for running a cloudflared tunnel (good reference for containerizing the tunnel). [3]
  • cloudflare-tunnel-example — Helm/cluster example showing cloudflared deployment (useful for k8s / Helm deployments). [4]
  • Gists with minimal cloudflared configs and ingress examples (cloudflare tunnel config and ingress examples you can adapt for Pelican Wings services). [5][6]
  • Tutorials demonstrating Pelican + Cloudflare Tunnel setup (video walkthroughs you can follow step-by-step). [7]

Sources:
[1] https://pelican.dev/ (Pelican official docs)
[2] https://github.com/Zinidia/Pelinstaller
[3] https://github.com/jonas-merkle/container-cloudflare-tunnel
[4] https://github.com/burakince/cloudflare-tunnel-example
[5] https://gist.github.com/sirkirby/b8536b3fd53232a5059e5185dd36bd55
[6] https://gist.github.com/sirkirby/ccc08ce95b7f52ecbecfa5438d24085b
[7] Example tutorial (video + writeups) showing Pelican Panel + Cloudflare Tunnel setups.

Want me to pull the exact cloudflared docker-compose / tunnel.yml snippets tailored for Pelican Wings (ingress hostnames, example services, systemd/docker run)?

🌐 Web query:

site:github.com pelican-dev pelicanpanel examples cloudflare-tunnel

💡 Result:

I couldn't find a GitHub repository matching "pelican-dev/pelicanpanel" with an examples/cloudflare-tunnel path. Related Cloudflare Tunnel example repositories on GitHub I found instead:

  • cloudflare-tunnel example for Raspberry Pi cluster (burakince). [1]
  • Cloudflare Worker → self-hosted MySQL via Cloudflare Tunnel (brettscott). [2]
  • Guacamole + Cloudflare Tunnel remote-access example (prakash-aryan). [3]
  • Traefik ↔ Cloudflare Zero-Trust tunnel bridge (hhftechnology/pangolin-cloudflare-tunnel). [4]
  • Misc. minimal/example gists and projects for Cloudflare tunnels and workers. [5][6][7]

If you want, I can (a) search more broadly for "pelicanpanel" or "pelican-dev" without the site: constraint, (b) search GitHub specifically for repositories named pelicanpanel, or (c) open any of the repositories above and show specific files/examples. Which would you prefer?

🌐 Web query:

site:github.com pelican-dev pelicanpanel examples .env.example

💡 Result:

I found examples of a .env.example for Pelican Panel:

  • Gist with a .env.example for deploying Pelican Panel (laGameTV). (gist.github.com)
  • pelican-dev/panel repository (project repo — check the repo for example env files). (github.com)
  • PizzabyteLLC/pelican-dev-setup repository includes a .env.example for development. (github.com)

Want me to open any of these and show the .env.example contents?

Citations:

🌐 Web query:

site:github.com/pelican-dev/panel .env.example raw content

💡 Result:

Here’s the .env.example raw content I found:

TIMEZONE=Europe/Berlin

Panel

PANEL_DEBUG=false

PANEL_ENV=production

PANEL_LOCALE=en

PANEL_EMAIL=pelican@example.org # Needs to be changed.
PANEL_URL_SCHEME=https # Needs to be changed.
PANEL_URL=pelican.example.org # Needs to be changed.

PostgreSQL

DATABASE_NAME=panel
DATABASE_USER=pelican
DATABASE_PASS=CHANGEME # Needs to be changed.

Sources: [1] [2]

[1] Gist containing .env.example content.
[2] Repository file listing on GitHub (pelican-dev/panel).

🌐 Web query:

site:raw.githubusercontent.com pelican-dev/panel .env.example

💡 Result:

I found the repository file .env.example in the pelican-dev/panel repo on GitHub (root of main branch). See the GitHub file and a mirror showing its contents. [1][2]

Sources:

  • pelican-dev/panel — .env.example (GitHub). [1]
  • Mirror view of .env.example (git.la-banquise.fr) showing file contents. [2]

🌐 Web query:

site:github.com/pelican-dev cloudflare tunnel examples docker-compose

💡 Result:

I couldn't find any GitHub results under the pelican-dev org matching "cloudflare tunnel examples docker-compose". No repos or gists from github.com/pelican-dev surfaced in the search.

Here are several relevant public examples elsewhere on GitHub you can use/adapt (docker-compose + cloudflared):

  • cloudflare worker/postgres demo with docker-compose + cloudflared. [1]
  • Example docker-compose for cloudflared (community image / instructions). [2]
  • Traefik + Cloudflare Tunnel docker-compose example. [3]
  • General cloudflared docker-compose setups and guides. [4]

If you want, I can:

  • broaden the search beyond pelican-dev and return more examples, or
  • look for a specific pattern (e.g., cloudflared + postgres, traefik, or pelican project examples).

Sources:
[1] https://github.com/cloudflare/worker-template-postgres.
[2] https://github.com/Erisa/cloudflared-docker.
[3] https://github.com/justmiles/traefik-cloudflare-tunnel.
[4] https://github.com/coding-to-music/postgres-cloudflare-docker.

🌐 Web query:

site:github.com/pelican-dev CLOUDFLARE_TUNNEL_TOKEN LAN_BIND_ADDRESS

💡 Result:

I searched GitHub for occurrences of CLOUDFLARE_TUNNEL_TOKEN and LAN_BIND_ADDRESS under the pelican-dev organization and found no matches in that org's repositories. [1]

Source:
[1] pelican-dev repository list / panel (example repo from the pelican-dev org). (github.com)

Citations:

🌐 Web query:

site:github.com/pelican-dev/docs cloudflare-tunnel examples

💡 Result:

I couldn’t find any Cloudflare Tunnel examples inside the pelican-dev/docs repository.

  • pelican-dev/docs repository (no cloudflare/tunnel examples found). [1]
  • If you need Cloudflare Tunnel examples elsewhere, see these example repos: brettscott/cloudflare-worker-tunnel-mysql-example (Cloudflared + Docker example). [2]
  • General Cloudflared instructions/templates (Unraid / tunnel examples). [3]

Would you like me to search other Pelican-related repositories or search GitHub broadly for Cloudflare Tunnel examples?

🌐 Web query:

site:github.com pelican-dev docs cloudflare-tunnel .env

💡 Result:

I searched GitHub for "pelican-dev docs cloudflare-tunnel .env". I found the pelican-dev/docs repository but no files in that repo referencing "cloudflare-tunnel" or a ".env" for a Cloudflare Tunnel. [1]

I did find multiple other GitHub projects that use a .env variable (e.g., CLOUDFLARE_TUNNEL_TOKEN / TUNNEL_TOKEN / CLOUDFLARE_API_TOKEN) for Cloudflare Tunnel examples and Docker setups — examples: jonas-merkle/container-cloudflare-tunnel, justmiles/traefik-cloudflare-tunnel, dynamic-stall/vaultwarden-docker. [2][3][4]

Sources:

  • pelican-dev/docs repository (no cloudflare-tunnel/.env matches). [1]
  • jonas-merkle/container-cloudflare-tunnel (example .env with CLOUDFLARE_TUNNEL_TOKEN). [2]
  • justmiles/traefik-cloudflare-tunnel (example .env and env variables). [3]
  • dynamic-stall/vaultwarden-docker (instructions to put TUNNEL_TOKEN in .env). [4]

Based on my verification, I've found significant issues with the documented .env variables. The example stacks referenced in the review do not exist in the pelican-dev repositories, and the documented variable names do not match the actual configuration used in pelican-dev/panel.

Documented .env variables contain incorrect names and reference non-existent example stacks.

The documented variables do not match the actual pelican-dev/panel configuration:

  • ADMIN_EMAIL should be PANEL_EMAIL
  • APP_URL should be PANEL_URL (with separate PANEL_URL_SCHEME)
  • PANEL_DOMAIN should be PANEL_URL
  • CLOUDFLARE_TUNNEL_TOKEN and LAN_BIND_ADDRESS do not exist in pelican-dev examples

The referenced example stacks (pelicanpanel/examples/cloudflare-tunnel and pelicanpanel/examples/cloudflare-tunnel-lan) do not exist in the pelican-dev organization. Verify the correct variable names against the actual .env.example in pelican-dev/panel and update documentation accordingly to prevent user configuration errors.

🤖 Prompt for AI Agents 
In docs/panel/advanced/cloudflare-tunnel.mdx around lines 29-34, the documented
.env variable names and example stack references are incorrect; update the
variables to match pelican-dev/panel's actual .env.example (use PANEL_EMAIL
instead of ADMIN_EMAIL, PANEL_URL instead of APP_URL and PANEL_DOMAIN, and
include PANEL_URL_SCHEME as applicable), remove references to non-existent
example stacks (pelicanpanel/examples/cloudflare-tunnel and ...-lan), and delete
any non-existent variables (CLOUDFLARE_TUNNEL_TOKEN and LAN_BIND_ADDRESS) or
replace them with the correct names if present in .env.example; verify all names
and example values directly against pelican-dev/panel/.env.example and adjust
the sample .env block accordingly.


### 2. Create a Cloudflare Tunnel

1. Open the [Cloudflare Zero Trust Dashboard](https://one.dash.cloudflare.com/)
2. Navigate to **Networks** → **Tunnels**
3. Click **Create a tunnel**
4. Select **Cloudflared** as the connector type
5. Give your tunnel a name (e.g., `pelican-panel`) and click **Save tunnel**
6. On the installation screen, copy the token from the command shown (the long string after `--token`)
7. Paste this token into `CLOUDFLARE_TUNNEL_TOKEN` in your `.env` file
8. Click **Next** (don't install the tunnel locally—Docker will run it)

### 3. Configure the Tunnel Route

Still in the Cloudflare dashboard:

1. Under **Public Hostname**, click **Add a public hostname**
2. Configure:
- **Subdomain**: `panel` (or whatever matches your `PANEL_DOMAIN`)
- **Domain**: select your domain from the dropdown
- **Service Type**: `HTTP`
- **URL**: `panel:80` (this is the Docker service name and internal port)
3. Click **Save hostname**
Comment on lines +47 to +57
Copy link

@coderabbitai coderabbitai bot Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Cloudflare Zero Trust Tunnels public hostname configuration 2025

💡 Result:

Short summary — as of Cloudflare’s Sept 18, 2025 release, Cloudflare Tunnel supports hostname/domain-based routing (including public hostnames) so you can bind a public hostname or whole domain to a specific Tunnel and route traffic by hostname instead of IP/CIDR. This enables hostname-based Zero Trust policies and precise egress/source-IP control for third‑party allowlists. [1][2][3]

Key points and how to configure

  • Feature announced: hostname & domain routing for Tunnels (public + private hostnames). Released Sep 18, 2025. [1][3]
  • What it does: bind a hostname (e.g., bank.example.com) or domain (*.example.local) to a specific Tunnel so Cloudflare sends traffic for that hostname through that Tunnel. Useful for applying Access/Gateway policies and ensuring a dedicated source IP. [1][3]
  • Where to configure: Zero Trust dashboard → Tunnels (create/edit a Tunnel) → add a hostname/domain route (public hostname for Internet‑facing apps). Docs and Tunnels changelog show the new dashboard flow. [1][2][4]
  • Requirements / notes:
    • Ensure DNS for the public hostname is managed/points through Cloudflare (the dashboard may create the necessary records when adding a public hostname).
    • For private hostname routing, cloudflared minimum versions are documented (private hostname support listed from cloudflared 2025.7.0); public hostname routing uses the Tunnel/Zero Trust dashboard features described in the blog and docs. [2]
    • Use Cloudflare Access / Gateway policies to enforce user/group access and to control egress. Hostname routing lets you avoid maintaining dynamic IP allowlists. [1][3]

Useful links

  • Announcement / feature blog (Sep 18, 2025). [1]
  • Zero Trust docs on connecting hostnames and Tunnel guidance (private & public hostname details). [2][3]
  • Tunnel changelog entry. [4]

References
[1] Cloudflare blog: “Connect and secure any private or public app by hostname, not IP” (Sep 18, 2025).
[2] Cloudflare Zero Trust docs — “Connect a private hostname” (cloudflared guidance).
[3] Cloudflare Zero Trust docs — “Secure a private IP or hostname” (Access application guidance).
[4] Cloudflare Tunnel changelog (Sep 18, 2025).

🌐 Web query:

Cloudflare Zero Trust Tunnels "public hostname" HTTP service type configuration steps

💡 Result:

Steps — configure a Cloudflare Zero Trust Tunnel with a public hostname using the HTTP service type:

  1. In the Zero Trust dashboard go to Networks → Tunnels and Create a tunnel. Choose Cloudflared, name the tunnel and Save. Install/run the generated cloudflared command on your connector host so the connector appears as active. [1][2]

  2. In the tunnel view open the Public Hostnames (or Published application routes) tab and click Add a public hostname. [1][2]

  3. Enter the subdomain and select the Cloudflare-managed domain (this creates the public DNS entry). If you use a multi-level subdomain you may need an Advanced Certificate. [1]

  4. Under Service choose the service type (HTTP) and set the origin URL where cloudflared should forward traffic, e.g. http://localhost:8000 or https://localhost:443 (include port if needed). Optionally set path matching, origin SNI, origin CA, or other origin settings. [1][3]

  5. Configure any additional application settings (e.g., session affinity, originServerName/CA for TLS to origin, health checks, Access policies) and Save/Complete setup. The public hostname now routes through Cloudflare to your service via the tunnel. [1][3]

  6. (Alternative/CLI) You can create and run a tunnel with a hostname in one command:
    cloudflared tunnel --hostname example.yourdomain.com --url http://localhost:3000 --name my-tunnel
    This creates the DNS record and routes traffic to the local service. [8]

  7. For locally-managed tunnels using a config file, add ingress rules mapping hostname → service and include a final catch‑all rule (e.g., service: http_status:404). Example ingress snippet:

References:
[1] Cloudflare — Create a Cloudflare Tunnel / Add public hostname (Zero Trust documentation).
[2] Cloudflare — Create a tunnel (dashboard) (Zero Trust docs).
[3] Cloudflare — Tunnel configuration file / ingress rules (examples).

🌐 Web query:

Cloudflare Tunnel origin URL format Docker service name panel:80

💡 Result:

Use the Docker service name as the hostname with the scheme and port, e.g.:

You can put that either in your cloudflared config ingress rule (service: http://panel:80) or in the Cloudflare Tunnel “Public Hostname” URL field. cloudflared must be on the same Docker network so the service name resolves. [1][2][3]

Sources:
[1] Cloudflare Tunnel configuration file (ingress examples).
[2] Origin configuration parameters (how cloudflared treats origin URLs/hosts).
[3] Example Docker Compose / Cloudflare Tunnel usage showing service-name URLs.

Fix the origin URL format to include the HTTP scheme.

The Cloudflare Zero Trust configuration steps are current and accurate. However, the origin URL should include the scheme. The documented format panel:80 is incomplete; it should be http://panel:80 to match Cloudflare's required format for Docker service names in the Public Hostname URL field.

Update line 54 from:

  • **URL**: panel:80 (this is the Docker service name and internal port)

to:

  • **URL**: http://panel:80` (this is the Docker service name and internal port, with http scheme)`
🤖 Prompt for AI Agents 
In docs/panel/advanced/cloudflare-tunnel.mdx around lines 47 to 57, the example
origin URL for the Cloudflare Public Hostname is missing the HTTP scheme; update
the line that currently shows `panel:80` to include the scheme so it reads
`http://panel:80` and adjust the parenthetical note to mention that the URL
includes the http scheme (e.g., "`http://panel:80` (this is the Docker service
name and internal port, with http scheme)").


### 4. Start the Stack

```bash
docker compose up -d
```

Verify both containers are running:

```bash
docker compose logs -f cloudflared
# Should show "Connection registered" and tunnel status as connected

docker compose logs panel
# Will print "Generated app key:" on first boot—save this securely
```

### 5. Complete Installation

Once the tunnel shows **Connected** in Cloudflare, visit `https://panel.example.com/installer` (using your actual domain) and follow the wizard. Recommended settings for single-server deployments:

- **Cache Driver**: Filesystem
- **Database Driver**: SQLite (or external database if you prefer)
- **Queue Driver**: Database
- **Session Driver**: Filesystem

## How It Works

The example stack consists of:

- **`panel` service**: Pelican Panel container with integrated Caddy web server, persistent volumes, and environment variables for `APP_URL`/`ADMIN_EMAIL`
- **`cloudflared` service**: maintains an outbound connection to Cloudflare's edge network using your tunnel token
- **Docker network**: isolated `pelican` network (172.21.0.0/16) with no published ports (or port 443 bound to LAN IP in the LAN variant)

Traffic flow:
- **Remote access**: `User → Cloudflare → Tunnel → panel:80 → Caddy → Pelican Panel`
- **LAN access** (LAN variant only): `User → LAN IP:443 → Caddy → Pelican Panel`

Cloudflare handles SSL/TLS termination automatically, and your server IP remains hidden. The `Caddyfile` trusts the Docker subnet for forwarded headers and raises PHP upload limits to 256 MB. The LAN variant additionally serves HTTPS on port 443 using Caddy's internal CA, enabling local access when your internet connection is unavailable or for reduced latency on the same network.


## Troubleshooting

**Tunnel shows "Connected" but site is unreachable:**
- Verify the public hostname in Cloudflare points to `panel:80` (not `localhost:80`)
- Check both containers are on the same network: `docker network inspect pelican`
- Ensure DNS for your domain is proxied (orange cloud) in Cloudflare

**"Unable to reach origin service" error:**
- Confirm the panel container is running: `docker ps`
- Check `APP_URL` matches your configured Cloudflare hostname
- Review panel logs for errors: `docker compose logs panel`

**Upload failures or timeouts:**
- The `Caddyfile` sets 256 MB upload limits; edit if you need more
- Check your Cloudflare dashboard for any HTTP upload size or body size limits configured for your zone/plan, and raise them if needed

**LAN access shows certificate warnings (LAN variant only):**
- Caddy generates a self-signed internal CA certificate on first run
- Your browser will show a warning until you trust the certificate
- The panel remains fully functional; click through the warning or add a security exception
- For production use, consider using a real certificate or internal PKI

**Can't access panel on LAN (LAN variant only):**
- Verify port 443 is bound: `docker ps` should show `192.168.1.50:443->443/tcp` (with your LAN IP)
- Check firewall rules on the host aren't blocking port 443
- Ensure you're using `https://` when accessing via LAN
- Visit your `APP_URL` hostname, not the raw IP address, for proper routing

## Security Recommendations

- **Protect `.env`**: never commit it to version control; add it to `.gitignore`
- **Save the app key**: store the generated encryption key outside Docker volumes
- **Use Cloudflare Access** (optional): add an authentication layer before the installer/admin area by creating an Access application in Zero Trust
- **Limit tunnel scope**: only expose the panel through the tunnel; keep Wings nodes on separate infrastructure

## Cleanup

Stop services (data persists):
```bash
docker compose down
```

Remove everything including volumes (irreversible):
```bash
docker compose down -v
```

## Next Steps

After installation completes:
1. Set up Wings (the node daemon) on your game server hosts
2. Configure node allocations in the panel
3. Create your first game server

For Wings deployment, see the [Wings installation guide](/docs/wings/install).
1 change: 1 addition & 0 deletions sidebars.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ const sidebars: SidebarsConfig = {
'panel/advanced/mysql',
'panel/advanced/artisan',
'panel/advanced/docker',
'panel/advanced/cloudflare-tunnel',
]
}
],
Expand Down