Leaving ports open on your server might seem harmless at first, but it’s like leaving the front door unlocked—you’re inviting trouble. Open ports are a common entry point for unauthorized access, which can leave your server vulnerable to security threats. That’s where Tailscale comes in. By setting up your Pterodactyl panel behind Tailscale, you can ditch risky open ports and secure your server with a simple, private mesh VPN. In this guide, I’ll walk you through the process step by step, so you can improve the security of your server without overcomplicating things.
Initial Setup
For this guide, I will be using Ubuntu Server 24.04 LTS with a community-made Pterodactyl install script. This guide assumes that you have some knowledge of managing Linux servers as well as using Pterodactyl. If you already have Pterodactyl set up or prefer not to use the script, don’t worry—I’ll include alternative instructions as well.
Tailscale Setup
If you already have Tailscale installed on your server machine, you can skip this step. Otherwise, you will have to start by creating a free Tailscale account. Once you have an account, you need to add your server computer to your Tailnet by selecting the ‘Add Device’ button on the Machines page. Select the ‘Linux Server’ option and then scroll down to generate an install script.
Once you have your install script, paste it into the terminal on your server machine and it will automatically be added to your Tailnet. If you plan on running the panel (webserver) on one machine, and the wings (game server daemon) on another, you will need to perform this step on each machine.
Lastly, keep note of your machine’s Tailnet IP, you will need this for the next steps. The Tailnet IP can be found next to the server’s name on the ‘Machines’ page in your Tailscale admin panel.
Using the Pterodactyl Install Script
If you already have Pterodactyl running or if you would prefer not to use the install script, you can move to the ‘Node Setup’ step. Using the community-made Pterodactyl install script is straightforward, and you can customize most of the settings to your liking. Keep an eye out for when the install script asks for your panel’s FQDN (fully qualified domain name), this is where you will put your server machine’s Tailnet IP:
* Set the FQDN of this panel (panel.example.com): [Your machine's Tailnet IP goes here]
When asked whether or not you would like to automatically configure HTTPS using Let’s Encrypt, choose ‘no’:
* Do you want to automatically configure HTTPS using Let's Encrypt? (y/N): n
Once you have finished running through the install script, your panel should be available from your machine’s Tailnet IP.
Reconfiguring an Existing Pterodactyl Instance
If you just installed Pterodactyl in the previous step, skip to the ‘Node Setup’ step. To reconfigure your existing Pterodactyl panel install to run behind Tailscale, you just need to edit one Nginx configuration file. Depending on your Linux distribution, you may need to look up where Nginx config files are stored. For an Ubuntu install, navigate to /etc/nginx/sites-available and edit pterodactyl.conf. Find the line starting with server_name and change it to the Tailnet IP that you noted down earlier:
server_name [your machine's Tailnet IP here];
Save the modified pterodactyl.conf and restart Nginx:
systemctl restart nginx
Your panel should now be available from your machine’s Tailnet IP.
Node Setup
Whether you used the install script or reconfigured an existing instance, you will need to set up your panel to point at your node through Tailscale. To do this, you need to set the ‘Fully Qualified Domain Name’ option for your node to be your machine’s Tailnet IP. ‘Communicate Over SSL’ for your node will have to be set to ‘Use HTTP Connection’.
Additional Enhancements
There are many other enhancements you can use to make your Tailnet and Pterodactyl panel even more secure such as:
- Using Tailscale’s Tailnet name DNS feature to access your panel through a URL instead of an IP
- Provisioning HTTPS certificates through Tailscale for your machine
- Sharing your machine with your friends through Tailscale. This allows your friends to join your game servers without opening any ports at all. You can also give your friends access to your panel by sharing your machine
These enhancements will not be covered in this post, but may be covered in a future Tailscale series.