| Total Time Required | 2 Hours |
| Difficulty | Easy - Moderate |
| Required Knowledge | Docker Compose, DNS, Cloudflare Zero Trust, Linux Servers |
## What does this guide do?
This guide will help you set up Pelican panel and supporting applications.
In short, this guide will have you
* Create an API key in Cloudflare for
* Dynamic DNS
* Zero trust tunnels
* Crowdsec integration
* Set up Cloudflare Turnstile (Captcha)
* Set up your Cloudflare security rules
* Force captcha for potentially malicious IPs
* Blocking known malicious IPs
* Deploy your compose stacks with env files for
* Panel
* Node (can be repeated for multiple nodes)
* Configure Crowdsec
* Subscribe to IP lists
* Block brute force attacks
* Block known malicious addresses
* How to unblock IPs if required
* Set up your port ranges
* A port range for game servers (externally available)
* A port range for internal only services (such as a database)
I've had a focus on security and ease of use for these 2 stacks. Using the correct env values (covered later), these compose files will automatically build a strong and secure hosting environment for your game servers. I've done this by using initialization containers to build and download configuration files, and Crowdsec for security.
[My repository for the Crowdsec configurations](https://github.com/trentnbauer/HomelabPublic/tree/main/crowdsec)
| Container | Function | |
|---|---|---|
| Node / Wings | The software that hosts and manages game servers. You can connect multiple Wings nodes to a singular panel | |
| Panel / Pelican | The front-end UI, used to manage multiple nodes | |
| Dockflare | Dockflare is a IaC solution for managing Cloudflare Tunnel routes using Docker labels. If you are using Dockflare elsewhere in your homelab, I would highly advise changing the label prefix as you may experience issues with this compose file taking over other Dockflare tunnels | |
| Cloudflare Tunnel | The "bridge" between your internal network and Cloudflare servers. Web apps are tunnelled through this, allowing a public address to reach an internal resource. Access is secured with CF Zero Trust The tunnel is created by Dockflare outside of the compose file - you will need to manually delete it if you delete the compose stack | |
| Crowdsec Engine | Crowdsec is a crowdsourced cyber security tool. It monitors the Wings SFTP logs for brute force attempts adds the IP address to a 4 hour blocklist. It also adds known bad IPs to your Cloudflare firewall, forcing them to do a Captcha before accessing anything. | |
| Crowdsec Blocklist | This container will add some of Crowdsec Paid blocklists to your engine for free https://github.com/wolffcatskyy/crowdsec-blocklist-import | |
| Firewall Bouncer | This is the 'bridge' between the Crowdsec Engine container and the firewall on your machine | |
| Cloudflare Bouncer | This is the 'bridge' between Crowdsec Engine and your Cloudflare Security Rules |
| Data | Example | Explaination |
|---|---|---|
| Domain | example.com | The main domain hosting your game servers |
| Subdomain for Panel | panel | the subdomain your panel will be hosted on, eg panel.example.com |
| Subdomain for node | node1 * | The address your wings node will be available at. The panel will communicate with this address to manage it |
| Subdomain for game servers and SFTP | play *** | The DNS address that players will use to join your servers, eg play.example.com This uses a Cloudflare dynamic DNS container, so the IP is automatically updated. |
| Game server port range | 6600-6700 * | A port range that your players will join |
| Internal port range | 8600-8700 ** | A port range that internal services are hosted on |
| From email address | noreply@example.com | The email address that will send panel alerts from, eg password reset link |
| SFTP Port | 2022 * | The SFTP port admins can use to upload content to their servers. This is required due to the 100MB upload limit applied to Cloudflare tunnels |