Pterodactyl Panel — The Free and Open-Source Self-Hosted Game Control Panel

@OmegaJT22 We don’t have any pre-defined images to setup Forge servers currently, but there is one being worked on. For now you’d just have to manually upload the server and modpack to run it.

1 Like

haha i feel so dumb
i want to use it but no clue how to xD wiki shows linux tutorial xD

This is only supported on Ubuntu/Cent/Debian systems, so those are the only tutorials we have. :slight_smile:

As part of our continued efforts to improve Pterodactyl Panel, we’re embarking on a major theme overhaul to accomidate new features in the future, and set us apart from the competition. On our path to Panel@0.6.0 we’re adding some major backend features and upgrading large parts of our codebase. Aside from this new theme, we’re implementing an events system to allow external modules to hook into the panel without having to touch our files, as well as a much improved services system. One of the biggest changes we’ve made is centralizing service configuration to the panel. Nodes now connect to the panel to require updated configurations for services, allowing you to upgrade your entire herd of daemons at once with a quick reboot.


I know this reply is late, but how would I manually upload a server / modpack?

You can just upload the files through the file manager after making the server @OmegaJT22

Wanted to let everyone know that our most awaited feature is finally shipping down the pipeline: support for packs! You’ll notice they aren’t called Modpacks, and this is because these packs can be used for any game type, and allow you to have a pre-configured set of files to be installed on servers when they are installed.

These packs are all stored and controlled from the panel itself, and daemons contact the panel to get information about the packs and then cache them locally until they are no longer valid, then the daemon re-downloads a corrected version of the pack. This means that you can now offer modpacks to users for Minecraft, as well as have pre-downloaded SRCDS setups to automatically install on your systems to save time.

We’re super excited about these changes, so be on the lookout for a pre-release build in the coming days.

This is pretty awesome I was writing my own scripts and using docker for my network. Are you using docker compose in this?

We do not use docker compose. The daemon handles all docker related interaction and configuration for containers.

I’ll have to try this out on my network, I’d be very interested in contributing. I’m glad I ran across this thread!

1 Like

TL;DR — Authentication verification code was evaluating true wrongly, which allowed users who were able to guess, or previously knew a servers (s)UUID to access the overview page. No sensitive information was disclosed, nor were users who did not already have approved access able to see or do anything with the server.

Security Vulnerability Disclosure

Sunday, February 5th, 2016, 02:20 GMT

Affected Versions: v0.5.0-pre.3 through v0.5.6


Today (06/02/2016) at approximately 02:20 GMT we became aware of a flaw in a core authentication validation function within our software. This flaw allows users who know the UUID or Short-UUID (sUUID) for a server to modify the application’s URL and view the server overview page, even when they do not have permissions to do so.

This security flaw was introduced in commit 125856d [1] and is present in all versions of Pterodactyl Panel from v0.5.0-pre.3 through v0.5.6. The cause of this flaw was a minor change to core validation code [2] which was intended to allow validating against either a UUID or sUUID for servers. Unfortunately, this change modified the SQL statement to be in a different order than it was previously, and caused our statement to always evaluate to true.

The SQL query that was intended is:

select * from `servers` where (`uuidShort` = ? or `uuid` = ?) and `id` in (?, ?, ?) and `servers`.`deleted_at` is null limit 1

The SQL query that was being built was:

select * from `servers` where (`uuidShort` = ? or `uuid` = ? and `id` in (?, ?, ?)) and `servers`.`deleted_at` is null limit 1

For the less SQL inclined, effectively this check was validating as true immediately because the sUUID (uuidShort) was matching within the parenthesis and the rest of the checking was terminated.

It is important to note that this vulnerability did not disclose any sensitive information to users who did not already have permission to access the server. Unapproved users were able to view the console overview page and see the server name, however due to our additional layers of application security they were not authenticated against the daemon, and were therefore unable to see the console, send commands, or otherwise control the server or daemon. Additional permission layers in the panel prevented users from being able to access any other server-specific pages.

We have addressed this vulnerability as of 4a320c2 [3] in our mainline release branch and 0d61417 [4] in our new-feature branch which will be merged into the development branch.

This notice was posted as part of our continued commitment to our product’s security. Please do not hesitate to get in contact with us via Discord or email ( if you should have any comments, questions, or concerns about the content of this notification.

[1] -

[2] -

[3] -

[4] -

1 Like


Panel@0.6.0-pre.1 (codename Courageous Carniadactylus) and Daemon@0.4.0-pre.1 (codename Candid Comodactylus) have now been released for pre-release testing. You should only update if you are using a development system and can stand to encounter potential breaking bugs, data loss, or downtime. :chicken:

Upgrade Guides:

Update Notes:


I just got 2 HP Proliant G380 G7 servers which I plan to turn one of them into a Minecraft server using pterodactyl panel.

Here are the stats for each: (both are the same)
2 Xeon E5620 quad-core @ 2.4 GHz
64 GB of RAM
4 300 GB drives
4 146 GB drives

1 Like

Progress Updates!

I’ve just finished the re-implementation of service and service options in the panel with our newly implemented theme. Along with some front-end polish, there has been a lot of back-end code refactoring and re-writing to make use of more Laravel features, as well as generally make things more extensible in the future. Since 0.6.0 is focusing primarily on scalability of the panel and making management significantly easier for large multi-server networks and hosts I’ll show off some of those changes here.

Previously, services and options worked well to define what a server was running, however it was notoriously difficult to add new services, especially if you have limited or no knowledge of Docker images. What I set out to fix in this release was allowing new services and options using more generic Docker images, as well as making it all controllable from the panel, and allowing nodes to be updated with a quick daemon reboot (which has no effect on servers).

The image above shows this new configuration management, and while still somewhat complex, it does allow people who have learned the system to easily extend, customize, and implement new services and options very easily. I’ve also significantly improved option variable setup and display with our new theme, and the validation is now done using Laravel validation rules, rather than pure regex, which should make everyone’s lives easier.

Also highly requested and now implemented is the ability to allocate more than one IP and Port at server creation time, as shown in the picture below. As always, this is also possible through our API, which is being improved to return more relevant data and reduce the number of calls you need to make, and reduce the ambiguity in data.

Finally, I thought it might be a good time to showcase some positive reviews we’ve been receiving on Discord, in a spoiler because there are a ton.


Choo choo! Thats the pre-release train barreling into the station, this time with a fresh release of Panel@0.6.0-pre.5 and Daemon@0.4.0-pre.2. These two pre-releases address a host of bugs in prior pre-releases, and also add a fresh new theme to the entire panel, as well as significantly cleaned up code and backend logic! For those of you on pre.4, our upgrade guides have been updated to get you onto this newest version.

For those of you looking for stability and wanting to move from 0.5.7, this latest release is getting there, but you should still chose wisely between known stability and a new theme and features.

Panel: :|: Upgrade Docs:
Daemon: :|: Upgrade Docs:

For those of you who are waiting to upgrade, enjoy some teaser photos of the new interface and features:

Note: The API for this release is not functional due to major backend changes that were not passed back up to the API. This will be addressed in the next release. Sorry.

I am currently trying to install composer, but I keep getting this error.

[root@xxxx html]$ composer setup
Do not run Composer as root/super user! See for details

composer install --ansi --no-dev
sh: composer: command not found
Script composer install --ansi --no-dev handling the setup event returned with error code 127

any ideas?

I believe this was resolved in Discord, and due to using an unsupported OS.

A bit late on this announcement, but we released v0.6.0 last week, and so far everyone is loving the improved experience! If you’ve been waiting to try this panel, I’d recommend giving this version a spin, I guarantee you’ll be amazed by its power, flexibility, speed, and great looks.

We also have some new community forums if you’re looking for help in a different manner, or want to join the community!

what made you move away from nodebb?

It wasn’t running NodeBB, it was using Flarum which has fallen behind in development, and didn’t provide as much as we were looking for from the software. I’ve owned an IPB license for quite awhile now, and it has always been stable and flexible software, so we decided to switch over and keep using that for our forums.

1 Like

As part of our efforts to reach out and involve the community in more of our development, we are announcing Pterocasts, a weekly live-stream on Saturdays at 16:00 CST that allow the community a chance to ask questions, and hear directly from the Project and Support team about different facets of this software.

Please check out our announcement on our forums ( for more information about this, and how to submit topics for discussion, as well as a link for easy timezone conversion.

These Pterocasts will also be live-streamed, and recorded and posted to YouTube, so if you can’t make it, no fret.