Automating TCP and UDP Port Configuration in Pangolin stack

Networking
, , ,
1

Managing port configurations in a containerized environment can be a tedious and error-prone task. Today, we’ll explore how to automate this process using a powerful shell script that handles everything from port validation to service restart. This automation tool is especially useful for Pangolin setups that require frequent port configuration changes.

The Challenge

When running services in Pangolin, you often need to expose new ports for various protocols. This typically involves:

  1. Modifying the docker-compose.yml file to expose the port
  2. Updating Traefik’s configuration to handle the new port
  3. Configuring firewall rules
  4. Restarting affected services
  5. Validating the changes

Doing this manually is time-consuming and risks introducing configuration errors. Our solution automates this entire process while implementing proper error handling and backup procedures.

The Solution: configure-port.sh

Our script, configure-port.sh, streamlines the port configuration process by handling all necessary steps automatically. Let’s break down its key features and how to use it.

Key Features

  • Input Validation: Ensures port numbers and types are valid before making any changes
  • Automatic Backup: Creates backup copies of configuration files before modifications
  • Firewall Integration: Automatically configures UFW (Uncomplicated Firewall) if installed
  • Idempotency: Checks for existing configurations to prevent duplicates
  • Service Management: Handles necessary service restarts
  • Error Handling: Provides clear error messages and exits gracefully on failures

Installation and Usage

  1. Save the script in your Pangolin installation directory:

    wget https://gist.githubusercontent.com/hhftechnology/9967264e34d2a8b8f4a739216d26e908/raw/bb40323717db11894fc35c944173d17c38422200/configure-port.sh
chmod +x configure-port.sh

  2. Run the script with your desired port and protocol:

    ./configure-port.sh -p 1704 -t udp  # For UDP port 1704
./configure-port.sh -p 1602 -t tcp  # For TCP port 1602

Best Practices and Safety Features

The script implements several safety measures:

  1. Configuration Backups: Creates backup files before making changes:

    cp "$DOCKER_COMPOSE_PATH" "${DOCKER_COMPOSE_PATH}.backup"
cp "$TRAEFIK_CONFIG_PATH" "${TRAEFIK_CONFIG_PATH}.backup"

  2. Existence Checks: Prevents duplicate configurations:

    check_existing_port() {
    if grep -q "$port:$port/$type" "$DOCKER_COMPOSE_PATH"; then
        echo "Port $port/$type is already configured"
        exit 1
    fi
}

  3. Strict Error Handling: Uses set -e to stop execution on any error:

    set -e  # Exit on any error

Future Enhancements

Consider these potential improvements for the script:

  1. Add support for port ranges
  2. Implement configuration validation before applying changes
  3. Add rollback functionality for failed configurations
  4. Include support for additional firewall systems
  5. Add logging capabilities for auditing purposes

Conclusion

The configure-port.sh script transforms a multi-step, error-prone process into a single command. By automating port configuration, we reduce human error, save time, and ensure consistency across our Pangolin setup. The script’s modular design also makes it easy to extend and customize for specific needs.

Remember to always test new port configurations in a development environment before applying them to production systems. Happy automating!

Note: This script assumes a standard Pangolin installation structure. You may need to modify paths and commands based on your specific setup.