search

Pelican

circle-info

I'm in the process of creating a Crowdsec collection for monitoring the Panel for brute-force sign in attempts and block them at Cloudflare.

If you're interested in this, please reach out.

Welcome to the first 2026 guide!

Pelican is a fork of Pterodactyl that is currently in beta. It has some pretty cool features like OAuth and supports plugins.

You can view a comparison of Pelican vs Pterodactyl herearrow-up-right

Total Time Required

2 Hours

Difficulty

Moderate

Required Knowledge

Docker Compose, DNS, Cloudflare Zero Trust, Linux Servers

Drawing

hashtag
What does this guide do?

This guide will help you set up Pelican panel and supporting applications.

In short, this guide will have you

  • Create an API key in Cloudflare for

    • Dynamic DNS

    • Zero trust tunnels

    • Crowdsec integration

  • Set up Cloudflare Turnstile (Captcha)

  • Set up your Cloudflare security rules

    • Force captcha for potentially malicious IPs

    • Blocking known malicious IPs

  • Deploy your compose stacks with env files for

    • Panel

    • Node (can be repeated for multiple nodes)

  • Configure Crowdsec

    • Subscribe to IP lists

    • Block brute force attacks

    • Block known malicious addresses

    • How to unblock IPs if required

  • Set up your port ranges

    • A port range for game servers (externaly available)

    • A port range for internal only services (eg a database)

I've had a focus on security and ease of use for these 2 stacks. Using the correct env values (covered later), these compose files will automatically build a strong and secure hosting environment for your game servers. I've done this by using initialization containers to build and download configuration files, and Crowdsec for security.

My repository for the Crowdsec configurationsarrow-up-right

Container
Function

Node / Wings

The software that hosts and manages game servers. You can connect multiple Wings nodes to a singular panel

Panel / Pelican

The front end UI used to manage multiple nodes

Dockflare

Dockflare is a IaC solution for managing Cloudflare Tunnel routes using Docker labels. This compose stack uses the dockflare label prefix dfpelican

circle-exclamation

If you are using Dockflare elsewhere in your homelab, I would highly advise changing the label prefix as you may experience issues with this compose file taking over other Dockflare tunnels The version of Dockflare used will grab ANY container with the dockflare or cloudflare.tunnel labels, even though we've set the prefix

Cloudflare Tunnel

The "bridge" between your internal network and Cloudflare servers. Web apps are tunnelled through this, allowing a public address to reach an internal resource. Access is secured with CF Zero Trust The tunnel is created by Dockflare outside of the compose file - you will need to manually delete it if you delete the compose stack

Crowdsec Engine

Crowdsec is a crowdsourced cyber security tool. It monitors the Wings SFTP logs for brute force attempts adds the IP address to a 4 hour blocklist.

It also adds known bad IPs to your Cloudflare firewall, forcing them to do a Captcha before accessing anything. If a device is incorrectly blocked, refer to Crowdsec key

Firewall Bouncer

This is the 'bridge' between the Crowdsec Engine container and the firewall on your machine

Cloudflare Bouncer

This is the 'bridge' between Crowdsec Engine and your Cloudflare Security Rules

hashtag
Prerequisites

Please ensure you meet these before continuing.

hashtag
Requirements

hashtag
Recommended

hashtag
Before you start,

You will need to select some subdomains and ports. Take note of the below table and note your information in a txt document.

Data
Example
Explaination

Domain

example.com

The main domain hosting your game servers

Subdomain for Panel

panel

the subdomain your panel will be hosted on, eg panel.example.com

Subdomain for node

node1 *

The address your wings node will be available at. The panel will communicate with this address to manage it

Subdomain for game servers and SFTP

play ***

The DNS address that players will use to join your servers, eg play.example.com This uses a Cloudflare dynamic DNS container, so the IP is automatically updated.

Game server port range

6600-6700 *

A port range that your players will join

Internal port range

8600-8700 **

A port range that internal services are hosted on

From email address

[email protected]

The email address that will send panel alerts from, eg password reset link

SFTP Port

2022 *

The SFTP port admins can use to upload content to their servers. This is required due to the 100MB upload limit applied to Cloudflare tunnels

circle-info

* If you are setting up multiple nodes, the subdomain and port range for each node must be unique. If your nodes are on the same Public IP, you will need a unique SFTP port per node.

** Your internal port range must be higher than your game port range. This is because Pelican will default to the LOWEST available port when creating a server. I recommend setting it quite a bit higher (eg 1000) than the game port range. The internal port range does not need to be unique per node *** If your nodes have different public IPs you will need a different join / play subdomain

PreviousTroubleshootingNextCloudflare

Last updated