How to Setup PhantomBot with NGINX as a Reverse Proxy and Cloudflare

nginx
proxy
cloudflare
ssl

#1

This guide will show you how to setup PhantomBot with NGINX’s reverse proxy feature and also have it behind Cloudflare’s proxy and CDN. This guide will not show you how to setup NGINX or Cloudflare, there are many guides online already on how to do this.

Why Would you do This?

If you have a domain name, this would allow you to access PhantomBot’s control panel via that domain name and not via your server’s IP address and a port number. An example of this would look like this https://bot.domain.com/panel.

Getting Cloudflare Ready

What you can do now is, setup a new CNAME that will be used to access PhantomBot’s control panel later on. We suggest something like bot.domain.com since it’s easy to remember, but it can be anything.

If you are using Cloudflare SSL, be sure to have it set on FULL and not Flexible as this will cause redirect errors.

Do note that Cloudflare only accepts SSL traffic through ports 443, 2053, 2083, 2087, 2096, 8443, so you will have to make sure that PhantomBot’s websockets are using those points, and not the default 25003 (for the YouTube player) and 25004 (for the panel) or it will not work. Port 443 is used by NGINX, so you cannot use that one. You can change the panel websocket port by adding panelsocketport=PORT_NUMBER to your botlogin.txt file and you can change the YouTube player websocket port by adding ytsocketport=PORT_NUMBER to your botlogin.txt file. These websockets cannot use the same ports and other bots cannot use them as well.

Getting SSL Working with PhantomBot

We already have a guide setup for getting an SSL certificate on the forums, this example was used using a certificate from Let’s Encrypt, you can check it out here:

NGINX Configuration

You can now create a new config file for your domain or sub domain and paste the following content in it. Be sure to edit the server names and place the location of the SSL certificate that you used for PhantomBot.

# Server that handles sending non-SSL traffic to SSL.
server {
    listen 80;
    listen [::]:80;
    server_name bot.domain.com;
   
    return 301 https://bot.domain.com$request_uri;
}

# Server that handles proxy passing to PhantomBot.
server {
    listen 443;
    listen [::]:443;
    server_name bot.domain.com;
    
    # Enable SSL for all locations.
    ssl on;
    ssl_certificate /etc/path/to/bot.domain.com/fullchain.pem;
    ssl_certificate_key /etc/path/to/bot.domain.com/privkey.pem;

    # Handles proxying the requests.
    location / {
        proxy_pass https://localhost:25000;
    }
}

Once you save that file and restart NGINX, you should be able to access PhantomBot’s panel over at https://bot.domain.com/panel!


Phantombot over SSL giving: WebSocket Disconnected - Retrying Connection Every 5 Seconds