Wings

Generate your Wings configuration file

Navigate to your panel URL
Log in with administrator credentials
Click on the profile picture in the top right, then select admin
On the left, click on Nodes
Click on the + in the top right hand corner
Field Name
Data
Domain Name
the URL for the Wings node
Port
443
Display Name
Whatever you want!
Communicate over SSL
HTTPS Reverse Proxy
Port
8080
Click on the next arrow and set the below
Field Name
Data
Upload Limit
99 (this limit is set by Cloudflare Zero Trust free)
SFTP Port
The SFTP port you selected earlier
SFTP Alias
The domain your players will join SFTP does not have the 99mb upload limit
Set your memory, disk and CPU allocations if wanted
Click on the + symbol in the bottom right to create the config file
Click on the 'Auto Deploy Command' button and take note of
1. Token
2. Node ID
Close the auto deploy command panel, then click on Save
On the left, click on Nodes

You will see your node listed with an orange / red heart

Deploy the Compose File

Combine the Shared env file with below and fill the blanks

# --- Wings Configuration ---
NODE_SUBDOMAIN=
PANEL_TOKEN=
NODE_ID=
SFTP_PORT=

# --- Crowdsec Configuration ---
CROWDSEC_KEY=AGreatSpotToPutAUniquePassphrase123
CROWDSEC_PORT=8080

# --- Domain addresses ---
JOIN_SUBDOMAIN=join

https://github.com/trentnbauer/HomelabPublic/blob/main/docker-compose/pelican-wings.yml

services:
  wings:
    image: ghcr.io/pelican-dev/wings:v1.0.0-beta22
    deploy:
      restart_policy:
        condition: on-failure
        delay: 30s
        max_attempts: 999
        window: 30s
      resources:
        limits:
          cpus: ${WINGS_CPULIMIT:-2}
          #memory: 50M
    restart: unless-stopped
    networks:
      Management:
        aliases:
          - wings
    ports:
      - ${SFTP_PORT:-2022}:${SFTP_PORT:-2022}
    tty: true
    environment:
      TZ: ${TZ:-UTC}
      WINGS_UID: 988
      WINGS_GID: 988
      WINGS_USERNAME: pelican
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/containers/:/var/lib/docker/containers/
      - /etc/pelican/:/etc/pelican/
      - /var/lib/pelican/:/var/lib/pelican/
      - logs:/var/log/pelican/
      - /tmp/pelican/:/tmp/pelican/
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "3"
    labels:
      - dfwings${NODE_SUBDOMAIN}.enable=true
      - dfwings${NODE_SUBDOMAIN}.0.hostname=${NODE_SUBDOMAIN}.${DOMAIN}
      - dfwings${NODE_SUBDOMAIN}.0.service=http://wings:8080
      - dfwings${NODE_SUBDOMAIN}.0.access.policy=bypass
      - dfwings${NODE_SUBDOMAIN}.0.zonename=${DOMAIN}
      - ah-wings=true

  dockflare:
    image: alplat/dockflare:v2.0.4
    restart: unless-stopped
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      resources:
        limits:
          cpus: ${DOCKFLARE_CPULIMIT:-2}
    networks:
      Management:
        aliases:
          - dockflare
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:5000 -O /dev/null || exit 1
      interval: 30s
      retries: 3
      start_period: 30s
      timeout: 20s 
    environment:
      - TUNNEL_NAME=wings-${NODE_SUBDOMAIN}
      - LABEL_PREFIX=dfwings${NODE_SUBDOMAIN}
      - CLOUDFLARED_NETWORK_NAME=wings-mgmt
      - CLOUDFLARED_IMAGE=cloudflare/cloudflared:latest
      - TZ=${TZ:-Australia/Melbourne}
      - CF_API_TOKEN=${CF_APITOKEN}
      - CF_ACCOUNT_ID=${CF_ACCOUNTID}
      - AGENT_STATUS_UPDATE_INTERVAL_SECONDS=5
      - SYNC_ALL_CLOUDFLARE_POLICIES=true
      - TZ=${TZ:-UTC}
      - GRACE_PERIOD_SECONDS=28800
      - CLEANUP_INTERVAL_SECONDS=900
      - SCAN_ALL_NETWORKS=false
      - MAX_CONCURRENT_DNS_OPS=${DOCKFLARE_DNSOPS:-2}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare:/app/data
    labels:
      - ah-wings=true
      
  ddns:
    image: favonia/cloudflare-ddns:1.15.1
    deploy:
      restart_policy:
        condition: on-failure
        delay: 30s
        max_attempts: 5
        window: 120s
      resources:
        limits:
          cpus: 0.25
    networks:
      - Management
    restart: always
    user: "1000:1000"
    read_only: true 
    cap_drop: [all] 
    security_opt: [no-new-privileges:true] 
    environment:
      - CLOUDFLARE_API_TOKEN=${CF_APITOKEN}
      - DOMAINS=${JOIN_SUBDOMAIN:-join}.${DOMAIN}
      - PROXIED=${PROXIED-false}
      - DETECTION_TIMEOUT=15s
      - UPDATE_CRON=@every ${UPDATE_CRON:-5m}
      - DELETE_ON_STOP=${DELETE_ON_STOP:-false}
      - UPDATE_ON_START=${UPDATE_ON_START:-true}
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "3"
        
  crowdsec-engine:
    image: crowdsecurity/crowdsec:v1.7.6@sha256:63b595fef92de1778573b375897a45dd226637ee9a3d3db9f57ac7355c369493
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      resources:
        limits:
          cpus: ${CROWDSEC_CPULIMIT:-2}
    restart: unless-stopped
    ports:
      - ${CROWDSEC_PORT:-8080}:8080
    depends_on:
      init-crowdsec:
        condition: service_completed_successfully
    environment:
      - COLLECTIONS=lourys/pterodactyl
      - ENROLL_INSTANCE_NAME=WingsSFTP-${NODE_SUBDOMAIN}
      - BOUNCER_KEY_FIREWALL=${CROWDSEC_KEY}
      - DISABLE_LOCAL_API=false
      - DISABLE_ONLINE_API=false
      - ENROLL_KEY=${CROWDSEC_ENROLL_KEY}
    volumes:
      - crowdsec-data:/var/lib/crowdsec/data
      - crowdsec-config:/etc/crowdsec
      - bouncer:/etc/bouncer-shared
      - logs:/var/log/pelican:ro
    healthcheck:  
      test: ["CMD", "cscli", "version"]
    labels:
      - PelicanAutoheal=true
    networks:
      Management:
        aliases:
          - crowdsec

  crowdsec-bouncer-fw:
    image: ghcr.io/shgew/cs-firewall-bouncer-docker:v0.0.34@sha256:ff1b5b0972ea0cfe39a4f10728effc38f6185a88b742fc4ad5a53d5dca80aca1
    deploy:
      restart_policy:
        condition: on-failure
        delay: 30s
        max_attempts: 6
        window: 60s
      resources:
        limits:
          cpus: ${CROWDSEC_CPULIMIT:-2}
    restart: unless-stopped
    network_mode: host
    depends_on:
      crowdsec-engine:
        condition: service_healthy
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - no-new-privileges:true
    environment:
      - API_URL=http://localhost:${CROWDSEC_PORT:-8080}/
      - API_KEY=${CROWDSEC_KEY}
    volumes:
      - bouncer:/config:rw
      - /etc/localtime:/etc/localtime:ro

  autoheal:
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 30s
        max_attempts: 5
        window: 120s
    environment:
      AUTOHEAL_CONTAINER_LABEL: ah-wings
      AUTOHEAL_INTERVAL: 60
      AUTOHEAL_START_PERIOD: 240
      AUTOHEAL_DEFAULT_STOP_TIMEOUT: 60
      WEBHOOK_URL: ${AUTOHEAL_WEBHOOK:-}
    image: willfarrell/autoheal@sha256:67a34cce77f542547892ed9c5e8565476bfa2d75a024ad6b654f8a8bc550ff8a
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock

  init-wings:
    image: ghcr.io/pelican-dev/wings:v1.0.0-beta22
    command: /usr/bin/wings configure --panel-url https://${PANEL_SUBDOMAIN:-panel}.${DOMAIN} --token ${PANEL_TOKEN} --node ${NODE_ID} --override
    networks:
      Management:
    tty: true
    environment:
      TZ: ${TZ:-UTC}
      WINGS_UID: 988
      WINGS_GID: 988
      WINGS_USERNAME: pelican
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/containers/:/var/lib/docker/containers/
      - /etc/pelican/:/etc/pelican/
      - /var/lib/pelican/:/var/lib/pelican/
      - logs:/var/log/pelican/
      - /tmp/pelican/:/tmp/pelican/
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "3"
    labels:
      - ah-wings=true
      
  init-crowdsec:
    image: alpine:latest
    volumes:
      - crowdsec-config:/etc/crowdsec
      - bouncer:/etc/crowdsec/bouncers
    command: >
      sh -c "apk add --no-cache wget ca-certificates &&
             mkdir -p /etc/crowdsec/acquisitions.d /etc/crowdsec/bouncers &&
             wget -qO /etc/crowdsec/acquis.yaml https://raw.githubusercontent.com/trentnbauer/HomelabPublic/main/crowdsec/pterodactyl.yaml &&
             wget -qO /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml https://raw.githubusercontent.com/trentnbauer/HomelabPublic/main/crowdsec/crowdsec-cloudflare-bouncer.yaml &&
             wget -qO /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml https://raw.githubusercontent.com/trentnbauer/HomelabPublic/main/crowdsec/crowdsec-firewall-bouncer.yaml"
             
volumes:
  config:
  logs:
  temp:
  dockflare:
  crowdsec-data:
  crowdsec-config:
  bouncer:
  
networks:
  Management:
    name: wings-mgmt
  wings:
    name: pelican_nw

Confirm the config has applied

Check the logs for you init-wings container and look for

Successfully configured wings.

Common errors

panic: invalid character '<' looking for beginning of value

Your Dockflare container has not generated the public bypass app for the wings address. Assuming that Dockflare is OK (refer to its logs),

Stop the Wings stack
Delete the dockflare volume
Start the stack

Unable to resolve or DNS error

Wait half an hour for DNS to update
Start the init container

You may need to do this a few times

Open your Wings container and look for

                     ____
__ Pelican _____/___/_______ _______ ______
\_____\    \/\/    /   /       /  __   /   ___/
   \___\          /   /   /   /  /_/  /___   /
        \___/\___/___/___/___/___    /______/
                            /_______/ 1.0.0-beta21
Copyright © 2018 - 2026 Dane Everitt & Contributors
Website:  https://pelican.dev
 Source:  https://github.com/pelican-dev/wings
License:  https://github.com/pelican-dev/wings/blob/main/LICENSE
This software is made available under the terms of the MIT license.
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 INFO: [Jan 17 10:43:55.736] loading configuration from file config_file=/etc/pelican/config.yml
 INFO: [Jan 17 10:43:55.745] configured wings with system timezone timezone=Australia/Melbourne
 INFO: [Jan 17 10:43:55.746] configured system user successfully gid=988 uid=988 username=pelican
 INFO: [Jan 17 10:43:55.748] fetching list of servers from API

Wait 10-15 minutes for Wings and the Panel to sync - Your node WILL show as is disconnected for this time. Go have a coffee, take the dog for a walk. Do something else for a bit.

If the health is still red

Refer to Wings Errors and come back here once sorted

Add Ports to the server

Log into the administrator panel with the administrator account
Click on Nodes
Click on the edit pen next to your node
Scroll down to allocations and click on the + symbol
1. Play / Join subdomain
  IP Address
  0.0.0.0
  Alias
  the domain players will use to join your server. If defaults, play.yourdomain.com This address:port will be shown to anyone with access to the panel
  Port
  The port ranges you chose earlier, eg 6600-7700
2. Internal port range
  IP Address
  0.0.0.0
  Alias
  Internal
  Port
  The port ranges you chose earlier, eg 8600-8700
Click on Create

PreviousPanel NextCrowdsec enrollment

Last updated 7 days ago

hashtagGenerate your Wings configuration file

hashtagDeploy the Compose File

hashtagConfirm the config has applied

hashtagCheck the logs for you init-wings container and look for

hashtagCommon errors

hashtagOpen your Wings container and look for

hashtagIf the health is still red

hashtagAdd Ports to the server

Generate your Wings configuration file

Deploy the Compose File

Confirm the config has applied

Check the logs for you init-wings container and look for

Common errors

Open your Wings container and look for

If the health is still red

Add Ports to the server