Skip to content

HexZoNetwork/HexTyl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

218 Commits
.github
.github
 
 
HexWings
HexWings
 
 
app
app
 
 
bootstrap
bootstrap
 
 
config
config
 
 
database
database
 
 
docs
docs
 
 
public
public
 
 
resources
resources
 
 
routes
routes
 
 
scripts
scripts
 
 
storage
storage
 
 
tests
tests
 
 
.editorconfig
.editorconfig
 
 
.env.example
.env.example
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
.prettierrc.json
.prettierrc.json
 
 
BUILDING.md
BUILDING.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Report.md
Report.md
 
 
SECURITY.md
SECURITY.md
 
 
SUPPORT.md
SUPPORT.md
 
 
artisan
artisan
 
 
babel.config.js
babel.config.js
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
docker-compose.example.yml
docker-compose.example.yml
 
 
dump.rdb
dump.rdb
 
 
hexz-security.sh
hexz-security.sh
 
 
installantiddos.sh
installantiddos.sh
 
 
jest.config.js
jest.config.js
 
 
package.json
package.json
 
 
phpstan.neon
phpstan.neon
 
 
postcss.config.js
postcss.config.js
 
 
setup.sh
setup.sh
 
 
tailwind.config.js
tailwind.config.js
 
 
tsconfig.json
tsconfig.json
 
 
webpack.config.js
webpack.config.js
 
 
x.sh
x.sh
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

HexTyl Panel

HexTyl adalah panel berbasis Pterodactyl yang difokuskan untuk operasi aman (security-first), termasuk hardening API, root application API, anti-DDoS baseline, dan alur IDE gateway.

Status Dokumen

  • Last verified: 2026-02-28
  • Source of truth untuk installer: setup.sh --help
  • Jika ada selisih antara README dan script, ikuti output setup.sh --help

Requirements

  • OS: Ubuntu 22.04 / 24.04
  • PHP: 8.2+ (project saat ini memakai Laravel 11)
  • Node.js: 22+ (lihat package.json)
  • Akses root/sudo
  • Domain yang mengarah ke server
  • Port publik minimal: 80, 443

Quick Install

1) Non-interactive (disarankan untuk server baru)

sudo bash setup.sh \
  --domain panel.example.com \
  --db-name hextyl \
  --db-user hextyl \
  --db-pass 'STRONG_DB_PASS' \
  --ssl y \
  --email admin@example.com \
  --strict-options y

2) Interactive

sudo bash setup.sh

Standalone Install Modes

Kalau kamu tidak mau full-stack install, komponen bisa dipasang terpisah.

1) Wings only (tanpa IDE gateway, tanpa hardening lain)

sudo bash setup.sh \
  --domain panel.example.com \
  --db-name hextyl \
  --db-user hextyl \
  --db-pass 'STRONG_DB_PASS' \
  --build-frontend n \
  --install-wings y \
  --install-antiddos n \
  --install-waf n \
  --install-flood-guard n \
  --install-pressure-guard n \
  --install-ide-wings n \
  --install-ide-gateway n

2) IDE Wings only (code-server pada node, tanpa IDE gateway)

sudo bash setup.sh \
  --domain panel.example.com \
  --db-name hextyl \
  --db-user hextyl \
  --db-pass 'STRONG_DB_PASS' \
  --install-wings y \
  --install-ide-wings y \
  --install-ide-gateway n

3) IDE Gateway only (standalone script)

Gunakan script dedicated:

sudo bash scripts/install_ide_gateway.sh \
  --ide-domain ide.example.com \
  --panel-url https://panel.example.com \
  --root-api-token PTLR_xxx

Opsional auto-generate token dari panel lokal:

sudo bash scripts/install_ide_gateway.sh \
  --ide-domain ide.example.com \
  --panel-url https://panel.example.com \
  --auto-ptlr y \
  --panel-app-dir /var/www/pterodactyl

Opsi setup.sh (ringkas)

Jalankan sudo bash setup.sh --help untuk daftar lengkap terbaru.

Core install

  • --app-dir <path> lokasi install panel
  • --domain <fqdn> domain panel
  • --db-name <name> nama database
  • --db-user <user> user database
  • --db-pass <pass> password database
  • --ssl <y|n> aktifkan certbot/HTTPS
  • --email <email> email certbot
  • --build-frontend <y|n> build asset frontend

Wings & infra security

  • --install-wings <y|n> install Docker + Wings
  • --install-antiddos <y|n> baseline anti-DDoS (nginx + fail2ban)
  • --install-waf <y|n> ModSecurity + OWASP CRS
  • --install-flood-guard <y|n> flood detector + auto-ban
  • --install-pressure-guard <y|n> CPU/RAM pressure guard

IDE stack

  • --install-ide-wings <y|n> enable Wings-native IDE flow
  • --install-ide-gateway <y|n> install IDE gateway service
  • --ide-domain <fqdn|url> domain IDE gateway
  • --auto-ptlr <y|n> auto-generate PTLR token untuk IDE gateway
  • --ide-root-api-token <token> gunakan token root API existing
  • --ide-node-map <pairs> mapping node ke URL IDE
  • --ide-node-port <port> default 18080 (8080/2022 reserved)

Proxy / advanced

  • --behind-proxy <y|n> jika panel di belakang proxy/CDN
  • --panel-origin <fqdn|url> origin domain untuk wings/internal traffic
  • --nginx-site-name <name> nama file site nginx
  • --strict-options <y|n> fail jika ada opsi tidak dikenal

Setelah Install

1) Cek service utama

sudo systemctl status nginx php8.3-fpm mariadb redis-server

2) Jika Wings diinstall

sudo systemctl status wings
docker info

3) Verifikasi route penting

php artisan route:list --path=api/rootapplication
php artisan route:list --path=root
php artisan route:list --path=admin/api/root

Wings (Node Daemon)

Lokasi & service

  • Binary: /usr/local/bin/wings
  • Config: /etc/pterodactyl/config.yml
  • Service: wings

Verifikasi cepat

sudo systemctl status wings
sudo test -f /etc/pterodactyl/config.yml && echo "config ok" || echo "config missing"
docker info

Jika config belum ada

  1. Buat node dari panel.
  2. Ambil generated config Wings dari panel.
  3. Simpan ke /etc/pterodactyl/config.yml.
  4. Jalankan:
sudo systemctl restart wings

Bootstrap Wings non-interactive (opsional saat install)

Gunakan flag ini saat setup.sh:

  • --wings-panel-url <url>
  • --wings-node-id <id>
  • --wings-node-ids <csv> untuk multi node, contoh 1,2,3
  • --wings-api-token <token>
  • --wings-auto-token <y|n> auto-generate Application API token bootstrap
  • --wings-allow-insecure <y|n>

Jika --wings-node-ids berisi lebih dari satu ID, installer akan:

  • bootstrap node pertama di host saat ini
  • generate helper script /root/.hextyl/wings_multi_node_bootstrap.sh untuk node lainnya

IDE Stack (Wings-native + Gateway)

HexTyl punya 2 bagian IDE:

  • IDE Wings: menjalankan code-server per node.
  • IDE Gateway: endpoint validasi/session untuk panel.

Quick Map: Role vs API vs IDE

  • Root role: bisa akses /root/*, ubah setting root security, dan kelola root account.
  • Admin role: akses /admin/* sesuai scope (mis. user.read, server.update), tidak bisa root-only settings.
  • User role: hanya client panel, tidak punya akses admin/root.
  • PTLR (Root Application API token): dipakai server-to-server/automation (mis. installer IDE gateway), bukan dipakai browser user.
  • IDE session token: token sementara per launch IDE dari panel (mengikuti IDE Session TTL), ini yang dipakai URL IDE user.

Service & port penting

  • code-server service: hextyl-code-server
  • default port node IDE: 18080
  • port 8080 dan 2022 reserved (tidak dipakai untuk IDE)

Verifikasi IDE Wings

sudo systemctl status hextyl-code-server
ss -ltnp | rg 18080

Verifikasi IDE Gateway

sudo systemctl status nginx
sudo nginx -t

Jika auto-generate token aktif (--auto-ptlr y), token root API untuk gateway disimpan di:

  • /root/.hextyl/ide_root_api_token

Flag utama IDE saat install

  • --install-ide-wings <y|n>
  • --install-ide-gateway <y|n>
  • --ide-domain <fqdn|url>
  • --ide-root-api-token <token>
  • --ide-code-server-url <url>
  • --ide-node-map <pairs>
  • --ide-auto-node-fqdn <y|n>
  • --ide-node-scheme <http|https>
  • --ide-node-port <port>

Security & DDoS Operations

Ganti profil infra (nginx/fail2ban)

sudo bash scripts/set_antiddos_profile.sh normal /var/www/HexTyl
sudo bash scripts/set_antiddos_profile.sh elevated /var/www/HexTyl
sudo DDOS_WHITELIST_IPS="YOUR.IP/32,127.0.0.1,::1" bash scripts/set_antiddos_profile.sh under_attack /var/www/HexTyl

Ganti profil aplikasi (Laravel)

php artisan security:ddos-profile normal
php artisan security:ddos-profile elevated
php artisan security:ddos-profile under_attack

Runtime settings API (root application)

Endpoint:

  • POST /api/rootapplication/security/settings

Contoh key:

  • ddos_lockdown_mode
  • ddos_whitelist_ips
  • ddos_rate_web_per_minute
  • ddos_rate_api_per_minute
  • ddos_rate_login_per_minute
  • ddos_rate_write_per_minute
  • ddos_burst_threshold_10s
  • ddos_temp_block_minutes

Panel Routes (operasional)

  • Docs UI: /doc, /documentation
  • Root panel: /root
  • Root API key management: /admin/api/root
  • Root application API: /api/rootapplication/*

Development (local)

cp .env.example .env
composer install
yarn install
php artisan key:generate
php artisan migrate --seed
yarn run build:production
php artisan serve

Untuk frontend build detail: lihat BUILDING.md.

Troubleshooting

Cache / config / route bermasalah

php artisan optimize:clear
php artisan view:clear

Migration error

php artisan migrate --force

Frontend build error

yarn install
yarn run build:production

Nginx error

sudo nginx -t
sudo systemctl restart nginx

Wings & IDE error

sudo journalctl -u wings -n 200 --no-pager
sudo journalctl -u hextyl-code-server -n 200 --no-pager
sudo systemctl restart wings
sudo systemctl restart hextyl-code-server

Contributing

Lihat CONTRIBUTING.md.

Security

Lihat SECURITY.md.

Support

Lihat SUPPORT.md.

Credits

Built on top of Pterodactyl Panel.

License

Lihat LICENSE.

About

Harta Tahta Gratisan

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages