Adding Multiple Domains to Your Pangolin Stack

This is a new feature that allows you to manage resources across different domains from a single Pangolin instance.

Method 1: Using the Automated Script (Recommended)

For easier domain management, you can use this automated script that handles all the formatting and placement issues for you.

Step 1: Download the Domain Management Script

https://asciinema.org/a/GtaSZrbPsQb096LexZQbvgCfL

1. Download a new file called add_domain.sh in your Pangolin installation directory:

curl -o add_domain.sh https://gist.githubusercontent.com/hhftechnology/40627e4c5054e7846555cb5379ea46cf/raw/73f01dd48f7c450fc72d881f730e2aa66aeec860/add_domain.sh

2. Make the script executable:

chmod +x add_domain.sh

Step 2: Using the Script to Add Domains

The script provides a simple command-line interface to add domains to your Pangolin configuration. Here’s how to use it:

1. To add a domain with the default Let’s Encrypt certificate resolver:

   ./add_domain.sh example.com
   

with proper ip propagated1126×578 143 KB

with proper ip propagated

with ip not propagated1013×578 142 KB

with ip not propagated

image720×396 17.8 KB

image1225×640 16.1 KB

• Once the stack is restated automatically with the script you can refresh your UI and you will see the domains in the UI.

image634×578 56 KB

2. To add a domain with a specific certificate resolver (dont use this unless you know what you are doing):

   ./add_domain.sh example.com customresolver
   

The script will:

• Validate the domain format
• Check if the domain is properly configured in DNS (and warn you if not)
• Add the domain to the correct section in the configuration file
• Automatically fix any misplaced domain entries (with your permission)
• Offer to restart the Pangolin stack for you

Script Benefits

The script provides several advantages over manual editing:

1. DNS Validation: Warns you if your domain doesn’t resolve to an IP address
2. Automated Backup: Creates a backup of your config file before making changes
3. Proper Formatting: Ensures proper YAML indentation and structure
4. Smart Placement: Adds domains in the correct location in the config file
5. Error Handling: Detects and fixes common configuration errors
6. Stack Restart: Optionally restarts your stack with progress monitoring

Step 3: Ensure DNS Records are Configured

For each domain you add, make sure you have appropriate DNS records pointing to your Pangolin server:

1. Create A records for both base domains pointing to your server’s IP address
2. If you’re using wildcard subdomains, create wildcard DNS records (*.your-domain.com) for each domain

Step 4: Creating Resources on Different Domains

Now you can create resources on different domains through the Pangolin UI:

1. Go to the Resources tab and click “Add Resource”
2. When creating a new resource, you’ll see a dropdown allowing you to select which domain to use
3. Enter the subdomain name and select the appropriate base domain
4. Complete the resource creation process as usual

Verification

After creating resources on different domains, verify that:

1. SSL certificates are being issued correctly for each domain
2. Your resources are accessible via their respective domains
3. Authentication and access control work properly across all domains

Method 2: Manually Edit the Configuration File

Step 1: Edit the Pangolin Configuration File

First, you’ll need to edit the config.yml file located in your Pangolin configuration directory (usually at ./config/config.yml).

1. Access your server and navigate to the Pangolin installation directory

2. Open the config file for editing:

   nano ./config/config.yml
   

3. Look for the app section and ensure your main dashboard URL is configured correctly

4. Add a new domains section (if it doesn’t exist) with entries for each domain:

domains:
  domain1:
    base_domain: "your-primary-domain.com"
    cert_resolver: "letsencrypt"
  domain2:
    base_domain: "your-secondary-domain.com"
    cert_resolver: "letsencrypt"

For example, your config might look similar to this:

app:
  dashboard_url: "https://pangolin.your-primary-domain.com"
  base_domain: "your-primary-domain.com"
  log_level: "info"
  save_logs: false

domains:
  domain1:
    base_domain: "your-primary-domain.com"
    cert_resolver: "letsencrypt"
  domain2:
    base_domain: "your-secondary-domain.com"
    cert_resolver: "letsencrypt"

Remember to restart your stack after making configuration changes to ensure they take effect! on manual changes.

If you encounter any issues, check the Traefik and Pangolin logs for specific error messages.

Common Issues and Troubleshooting

• SSL Certificate Errors: If certificates aren’t being issued, check that your DNS is properly configured and that ports 80 and 443 are open
• Domain Not in Dropdown: If a domain doesn’t appear in the UI dropdown, restart the Pangolin stack after adding domains
• Misplaced Domains: If domains appear in the wrong sections in your config, use the script to fix them automatically

Notes

• Each domain will need its own SSL certificate, which will be handled automatically by Traefik and Let’s Encrypt
• Consider using wildcard certificates if you have many subdomains for each base domain
• Make sure all required ports (80, 443, 51820) are open in your firewall for each domain
• The script automatically backs up your config file to ./config/config.yml.bak before making changes

Just added 2 more domains that i wanted from time ago, thanks! quick and easy

Thanks for this tutorial.

I can’t seem to get it to work with 2 domains using wildcard certificates (on both) and with a different domain provider each.

I tried editing the cert_resolver part on config.yml for my second domain so it matches a second entry I made in the certificatesResolvers part of the traefik_config.yml I added with the correct provider. I also added the API key to traefik.

I got the wildcard cert for my second domain, but Pangolin doesn’t seem to route traffic to it correctly, any ideas of what else I’m missing?

This is how it looks:

domains:
    domain1:
        base_domain: "domain1.com"
        cert_resolver: "letsencrypt"
    domain2:
        base_domain: "domain2.com"
        cert_resolver: "letsencrypt-2"

certificatesResolvers:
  letsencrypt:
    acme:
      dnsChallenge:
        provider: "porkbun"
      caServer: https://acme-v02.api.letsencrypt.org/directory
      email: some@email.com
      storage: /letsencrypt/acme.json
  letsencrypt-2:
    acme:
      dnsChallenge:
        provider: "cloudflare"
      caServer: https://acme-v02.api.letsencrypt.org/directory
      email: some@email.com
      storage: /letsencrypt/acme-cloudflare.json

Thanks.

when you use Cloudflare dns validation

  letsencrypt:
    acme:
      email: "discourse@hhf.technology"
      storage: "/letsencrypt/acme.json"
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      # Choose one challenge method (DNS challenge is best with Cloudflare)
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 30
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

If you are using cf proxy, then apply cf ips respectively.

thank you!! I could add a second domain in less than one minute with your script.
BTW, I see traefik should be updated, when I checked logs, is there any recommendation to do that? or a simple update I will be ok?

yes, it will be okay. i use the same script for many deployments.

This tutorial is very helpful but I have a question. Is this strictly for HTTP-01 challenge or can this work with DNS-01 challenge for multiple domain’s?

If multiple different base and wildcard domains with DNS-01 challenge is possible where would I put the second domains “CLOUDFLARE_DNS_API_TOKEN” environment?

I’m trying to see if I can replace my local nginx proxy manager with a local pangolin instance as my local reverse proxy at home.

I have the 1st domain and its wildcard (local.domain.com and *.local.domain.com) working perfectly with its CLOUDFLARE_DNS_API_TOKEN placed in docker-compose/ traefik/ environments section and the other parameters adjusted per (Wildcard Domains - Pangolin Docs) on the local instance of pangolin but cant figure out where to put the 2nd domain’s cloudflare api token.

thank you

It is for only HTTP-01 challenge .