# Pelican

> Welcome to the first 2026 guide!

{% hint style="info" %}
I'm in the process of creating a Crowdsec collection for monitoring the Panel for brute-force sign in attempts and block them at Cloudflare.

*If you're interested in this, please reach out.*
{% endhint %}

<table data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><strong>Total Time Required</strong></td><td>2 Hours</td></tr><tr><td><strong>Difficulty</strong></td><td>Easy - Moderate</td></tr><tr><td><strong>Required Knowledge</strong></td><td>Docker Compose, DNS, Cloudflare Zero Trust, Linux Servers</td></tr></tbody></table>

<img src="/files/GGNkELyeGRnbglQR71Bh" alt="" class="gitbook-drawing">

## What does this guide do?

This guide will help you set up Pelican panel and supporting applications.

In short, this guide will have you

* Create an API key in Cloudflare for
  * Dynamic DNS
  * Zero trust tunnels
  * Crowdsec integration
* Set up Cloudflare Turnstile (Captcha)
* Set up your Cloudflare security rules
  * Force captcha for potentially malicious IPs
  * Blocking known malicious IPs
* Deploy your compose stacks with env files for
  * Panel
  * Node (can be repeated for multiple nodes)
* Configure Crowdsec
  * Subscribe to IP lists
  * Block brute force attacks
  * Block known malicious addresses
  * How to unblock IPs if required
* Set up your port ranges
  * A port range for game servers (externally available)
  * A port range for internal only services (such as a database)

I've had a focus on security and ease of use for these 2 stacks. Using the correct env values (covered later), these compose files will automatically build a strong and secure hosting environment for your game servers. I've done this by using initialization containers to build and download configuration files, and Crowdsec for security.

[My repository for the Crowdsec configurations](https://github.com/trentnbauer/HomelabPublic/tree/main/crowdsec)

<table><thead><tr><th width="212">Container</th><th>Function</th><th data-hidden></th></tr></thead><tbody><tr><td>Node / Wings</td><td>The software that hosts and manages game servers. You can connect multiple Wings nodes to a singular panel</td><td></td></tr><tr><td>Panel / Pelican</td><td>The front-end UI, used to manage multiple nodes</td><td></td></tr><tr><td>Dockflare</td><td><p>Dockflare is a IaC solution for managing Cloudflare Tunnel routes using Docker labels. <br> This compose stack uses the dockflare label prefix <code>dfpelican</code></p><div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p>If you are using Dockflare elsewhere in your homelab, I would highly advise changing the label prefix as you may experience issues with this compose file taking over other Dockflare tunnels<br><br>The version of Dockflare used will grab ANY container with the <code>dockflare</code> or <code>cloudflare.tunnel</code>  labels, even though we've set the prefix</p></div></td><td></td></tr><tr><td>Cloudflare Tunnel</td><td>The "bridge" between your internal network and Cloudflare servers. Web apps are tunnelled through this, allowing a public address to reach an internal resource. Access is secured with CF Zero Trust<br><br><em>The tunnel is created by Dockflare outside of the compose file - you will need to manually delete it if you delete the compose stack</em></td><td></td></tr><tr><td>Crowdsec Engine</td><td><p>Crowdsec is a crowdsourced cyber security tool. It monitors the Wings SFTP logs for brute force attempts adds the IP address to a 4 hour blocklist.</p><p>It also adds known bad IPs to your Cloudflare firewall, forcing them to do a Captcha before accessing anything.<br><br>If a device is incorrectly blocked, refer to <a data-mention href="/pages/SfxKUnWiIUSSzQga747x#delete-a-false-positive">/pages/SfxKUnWiIUSSzQga747x#delete-a-false-positive</a></p></td><td></td></tr><tr><td>Crowdsec Blocklist</td><td>This container will add some of Crowdsec Paid blocklists to your engine for free<br><a href="https://github.com/wolffcatskyy/crowdsec-blocklist-import">https://github.com/wolffcatskyy/crowdsec-blocklist-import</a></td><td></td></tr><tr><td>Firewall Bouncer</td><td>This is the 'bridge' between the Crowdsec Engine container and the firewall on your machine</td><td></td></tr><tr><td>Cloudflare Bouncer</td><td>This is the 'bridge' between Crowdsec Engine and your Cloudflare Security Rules</td><td></td></tr></tbody></table>

## Prerequisites

Please ensure you meet these before continuing.

### Requirements

* [ ] A Linux based machine or VM with
  * [ ] [Docker installed](https://docs.docker.com/engine/install/ubuntu/)
* [ ] [A Domain that's managed by Cloudflare](/guides/other-guides/cloudflare/configure-domain.md)
* [ ] [Cloudflare Zero Trust tunnel](/guides/other-guides/cloudflare/cloudflare-zero-trust.md)
* [ ] A text editor
* [ ] Not behind a CGNat
* [ ] A dynamic IP is OK \*\*\*

### Recommended

* [ ] [Manage your Compose Files in GitHub](/guides/installation-guides/gitops.md) (this manages updates too)
* [ ] A decently spec'd machine to host the servers on
  * [ ] [High single thread passmark CPUs](https://www.cpubenchmark.net/cpu_list.php)
  * [ ] Lots of RAM
  * [ ] SSD storage
* [ ] [Gmail SMTP account](/guides/other-guides/google/gmail-smtp.md)
* [ ] [A free / community Crowdsec account](https://app.crowdsec.net/signup)
* [ ] Read [Guides](/guides/guides.md)

## Before you start,

You will need to select some subdomains and ports. Take note of the below table and note your information in a txt document.

<table><thead><tr><th width="217">Data</th><th width="211">Example</th><th>Explaination</th></tr></thead><tbody><tr><td>Domain</td><td>example.com</td><td>The main domain hosting your game servers</td></tr><tr><td>Subdomain for Panel</td><td>panel </td><td>the subdomain your panel will be hosted on, eg panel.example.com</td></tr><tr><td>Subdomain for node</td><td>node1 *</td><td>The address your wings node will be available at. The panel will communicate with this address to manage it</td></tr><tr><td>Subdomain for game servers and SFTP</td><td>play ***</td><td>The DNS address that players will use to join your servers, eg play.example.com<br><br>This uses a Cloudflare dynamic DNS container, so the IP is automatically updated.</td></tr><tr><td>Game server port range</td><td>6600-6700 *</td><td>A port range that your players will join</td></tr><tr><td>Internal port range</td><td>8600-8700 **</td><td>A port range that internal services are hosted on</td></tr><tr><td>From email address</td><td>noreply@example.com</td><td>The email address that will send panel alerts from, eg password reset link</td></tr><tr><td>SFTP Port</td><td>2022 *</td><td>The SFTP port admins can use to upload content to their servers. This is required due to the 100MB upload limit applied to Cloudflare tunnels</td></tr></tbody></table>

{% hint style="info" %}
\* If you are setting up multiple nodes, the subdomain and port range for each node must be unique. If your nodes are on the same Public IP, you will need a unique SFTP port per node.

\*\* Your internal port range must be higher than your game port range. This is because Pelican will default to the LOWEST available port when creating a server. I recommend setting it quite a bit higher (eg 1000) than the game port range.\
The internal port range does not need to be unique per node\
\
\*\*\* If your nodes have different public IPs you will need a different join / play subdomain
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.trentbauer.com/guides/installation-guides/pelican.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.