Enhancing Your Pangolin Deployment with Middleware Manager

profucius · April 30, 2025, 4:26pm

I’ve carefully implemented the change, but for some reason I’m still getting a “404 page not found” from Pangolin after restarting the VPS. It seems that it all comes down to that one line in my previous comment (filename: /etc/traefik/dynamic_config.yml), if I leave it present then Pangolin works, but if I comment it out or replace it with the two lines from your comment (the directory and the watch lines), then Pangolin gives me a 404. And I have already copied the dynamic_config.yml file into the /root/config/traefik/rules dir.

What could I be missing?

hhf.technoloy · April 30, 2025, 4:29pm

either you are missing files in the folder or the dir in compose file. ping on cord

german · April 30, 2025, 6:45pm

Can you explain how to Secure it from the Outside h4xx0r

mandopatriot · May 4, 2025, 9:40pm

Thanks for this. Took a bit to install correctly because there seem to be some differences from the initial post and what’s in the comments, but so far I think I have it working ok. In terms of the templates, should we use what is posted on GitHub or here? And how do we confirm that they are in use besides saying “Protected” in the webui? For example, with rate limiting and security headers.

hhf.technoloy · May 5, 2025, 2:24am

anything repo or issues goes on github. and help, here or cord

mandopatriot · May 5, 2025, 8:15pm

Thanks, are you saying I should post this to the GitHub? Just want to clarify.

hhf.technoloy · May 6, 2025, 3:51am

yes if it’s related to technical issue or feature update where we have to look into code then GitHub is the best place. any setup help, you can raise here or on our cord where you feel comfortable.

athkoub · May 7, 2025, 8:46am

i can not make it work . when i try to access http://<external_ip>:3456 i get a blank page and a console error saying TypeError: n is null
W Dashboard.js:64
React 8
k scheduler.production.min.js:13
T scheduler.production.min.js:14
react-dom.production.min.js:188:119

hhf.technoloy · May 7, 2025, 9:02am

share your compose file

athkoub · May 7, 2025, 9:26am

name: pangolin
services:
  pangolin:
    image: fosrl/pangolin:1.3.1
    container_name: pangolin
    restart: unless-stopped
    volumes:
      - ./config:/app/config
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "10s"
      timeout: "10s"
      retries: 15

  gerbil:
    image: fosrl/gerbil:1.0.0
    container_name: gerbil
    restart: unless-stopped
    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --reachableAt=http://gerbil:3003
      - --generateAndSaveKeyTo=/var/config/key
      - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
      - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
    volumes:
      - ./config/:/var/config
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    ports:
      - 51820:51820/udp
      - 443:443 # Port for traefik because of the network_mode
      - 80:80 # Port for traefik because of the network_mode

  traefik:
    image: traefik:v3.3.6
    container_name: traefik
    restart: unless-stopped

    network_mode: service:gerbil # Ports appear on the gerbil service

    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --configFile=/etc/traefik/traefik_config.yml
    volumes:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
      - ./config/traefik/rules:/rules  # Add this line

  middleware-manager:
    image: hhftechnology/middleware-manager:latest
    container_name: middleware-manager
    restart: unless-stopped
    volumes:
      - ./data:/data
      - ./config/traefik/rules:/conf
      - ./config/middleware-manager/templates.yaml:/app/config/templates.yaml  # Optional for custom templates
    environment:
      - PANGOLIN_API_URL=http://pangolin:3001/api/v1
      #- PANGOLIN_API_URL=http://localhost:3001/api/v1
      - TRAEFIK_CONF_DIR=/conf
      - DB_PATH=/data/middleware.db
      - PORT=3456
    ports:
      - "3456:3456"

networks:
  default:
    driver: bridge
    name: pangolin

hhf.technoloy · May 7, 2025, 9:37am

did you create the template.yml file. it doesn’t auto create

athkoub · May 7, 2025, 9:47am

i created templates.yaml , not yml , and the content is

middlewares:
  - id: "rate-limit"
    name: "Basic Rate Limiting"
    type: "rateLimit"
    config:
      average: 100
      burst: 50

  - id: "security-headers"
    name: "Strong Security Headers"
    type: "headers"
    config:
      customResponseHeaders:
        Server: ""
        X-Powered-By: ""
      browserXSSFilter: true
      contentTypeNosniff: true
      customFrameOptionsValue: "SAMEORIGIN"
      forceSTSHeader: true
      stsIncludeSubdomains: true
      stsSeconds: 63072000

Mattercoder · May 7, 2025, 10:26am

Check your logs. Run

docker logs middleware-manager

Are there any errors?

athkoub · May 7, 2025, 10:48am

logs show

2025/05/07 10:47:12 Starting Middleware Manager...
2025/05/07 10:47:14 Connected to database at /data/middleware.db
2025/05/07 10:47:14 Migrations completed successfully
2025/05/07 10:47:14 Resource watcher started, checking every 30s
2025/05/07 10:47:14 Checking for resources using configured data source...
2025/05/07 10:47:14 Config generator started, checking every 10s
2025/05/07 10:47:14 Generating Traefik configuration...
2025/05/07 10:47:14 API server listening on :3456
2025/05/07 10:47:14 Generated new Traefik configuration at /conf/resource-overrides.yml
2025/05/07 10:47:14 Initial resource check failed: failed to fetch resources: HTTP request failed: Get "http://pangolin:3001/api/v1/traefik-config": dial tcp 172.18.0.2:3001: connect: connection refused
2025/05/07 10:47:24 Generating Traefik configuration...
2025/05/07 10:47:24 Configuration unchanged, skipping file write
2025/05/07 10:47:34 Generating Traefik configuration...
2025/05/07 10:47:34 Configuration unchanged, skipping file write
2025/05/07 10:47:44 Checking for resources using configured data source...
2025/05/07 10:47:44 Generating Traefik configuration...
2025/05/07 10:47:44 Configuration unchanged, skipping file write
2025/05/07 10:47:44 Fetched 0 resources from Pangolin API
2025/05/07 10:47:44 No resources found in data source
2025/05/07 10:47:54 Generating Traefik configuration...
2025/05/07 10:47:54 Configuration unchanged, skipping file write

Mattercoder · May 7, 2025, 11:46am

Ok
Looks like middleware manager has started correctly. Assuming pangolin in working create a new site (must be local) and create a resource and point it at localhost:3456 . Give it a subdomain name. Then try to access the middleware manager on that subdomain

A4ali · May 9, 2025, 6:14pm

@hhf.technoloy Does the middleware manager v2.0 need templates.yml mandatory? moreover, what all should one need if crowdsec is pre-installed with pangolin?

hhf.technoloy · May 9, 2025, 6:15pm

use templates.yml as much as possible

A4ali · May 15, 2025, 4:23pm

@hhf.technoloy

      middlewares:
        - security-headers
        - crowdsec@file

setting security-headers of pangolin host can be configured or one should not define - security-headers here?

A4ali · May 15, 2025, 4:24pm

Just asking about the routers > middleware in dynamic_config.yaml