Pangolin Configuration script to easily add domains and configure ports

Pangolin Configuration script to easily add domains and configure ports

The Pangolin Domain and Port Manager is an all-in-one tool for managing your Pangolin deployment with new domain and ports. It simplifies common administration tasks like adding domains, configuring ports, and running CrowdSec diagnostics through an easy-to-use menu interface.

Installation

  1. Download the script to your Pangolin installation directory:

    cd ~/pangolin      # Or wherever your Pangolin installation is located
    
    wget -O pangolin-domain-port-manager.sh https://gist.githubusercontent.com/hhftechnology/daf76135b89e3f12d0a6cc38c77f1b5d/raw/fb5802365402a6dcced11ff0f94b23cb83abe2bb/pangolin-domain-port-manager.sh
    
  2. Make the script executable:

    chmod +x pangolin-domain-port-manager.sh
    
  3. Run the script:

    ./pangolin-domain-port-manager.sh
    

Main Menu

When you start the script, you’ll see the main menu:

======================================================================
              PANGOLIN CONFIGURATION MANAGER                         
======================================================================

1. Add Domain
2. Configure Port
3. Restart Pangolin Stack
4. CrowdSec Diagnostics
0. Exit

Enter your choice [0-4]:

Adding a Domain

Follow these steps to add a new domain to your Pangolin instance:

  1. From the main menu, select option 1 to add a domain.

  2. Enter the domain name when prompted:

    Enter domain name (e.g., example.com): mydomain.com
    
  3. The script will automatically check if your domain is properly configured in DNS:

    • If your domain resolves to an IP address, you’ll see a success message.
    • If not, you’ll receive a warning but can choose to proceed anyway.
  4. Enter a certificate resolver or press Enter to use the default letsencrypt:

    Certificate resolver (default: letsencrypt):
    Press Enter to use default, or type a custom resolver name.
    >
    
  5. Choose whether to skip the automatic restart prompt:

    Skip automatic restart? (y/n): n
    
  6. Review your settings and confirm:

    Ready to add domain with these settings:
      Domain name: mydomain.com
      Certificate resolver: letsencrypt
      Skip restart: false
    
    Proceed? (y/n): y
    
  7. If the domain doesn’t already exist in your configuration, it will be added. The script will:

    • Check for and fix any misplaced domain entries
    • Create a backup of your config file
    • Add the new domain with proper formatting
    • Verify the changes
  8. Unless you chose to skip it, you’ll be prompted to restart the stack:

    Do you want to restart the Pangolin stack now? (y/n): y
    
  9. After the restart completes, you’ll see a success message:

    [SUCCESS] Domain mydomain.com has been successfully added to the configuration.
    

Configuring a Port

To add a new TCP or UDP port to your Pangolin configuration:

  1. From the main menu, select option 2 to configure a port.

  2. Enter the port number:

    Enter port number (1-65535): 1194
    
  3. Select the port type:

    Enter port type:
    1. TCP
    2. UDP
    Select type [1-2]: 2
    
  4. Choose whether to skip the automatic restart prompt:

    Skip automatic restart? (y/n): n
    
  5. Review your settings and confirm:

    Ready to configure port with these settings:
      Port: 1194
      Type: udp
      Skip restart: false
    
    Proceed? (y/n): y
    
  6. The script will:

    • Create backups of your configuration files
    • Configure your firewall (if UFW is installed)
    • Add the port to docker-compose.yml
    • Add the port to traefik_config.yml
    • Verify the configuration
  7. Unless you chose to skip it, you’ll be prompted to restart the stack:

    Do you want to restart the Pangolin stack now? (y/n): y
    
  8. After the restart completes, you’ll see a success message:

    [SUCCESS] Port 1194/udp has been configured successfully!
    

Restarting the Pangolin Stack

For a controlled restart of your entire Pangolin stack:

  1. From the main menu, select option 3 to restart the Pangolin stack.

  2. The script will:

    • Stop all containers with docker compose down
    • Start them again with docker compose up -d
    • Wait for the containers to be ready
  3. You’ll see progress indicators during the restart:

    [INFO] Restarting Pangolin stack...
    [INFO] Waiting for stack to be ready...
    ..................
    [SUCCESS] Pangolin stack is ready!
    

Using CrowdSec Diagnostics

The script includes comprehensive CrowdSec diagnostics capabilities:

  1. From the main menu, select option 4 for CrowdSec Diagnostics.

  2. You’ll see the diagnostics submenu:

    ======================================================================
                      CROWDSEC DIAGNOSTICS                              
    ======================================================================
    
    1. Check Container Health
    2. Check CrowdSec Bouncers
    3. Check CrowdSec Decisions
    4. Check CrowdSec Metrics
    5. Check Traefik CrowdSec Integration
    6. Run Complete Diagnostic Check
    7. View CrowdSec Logs
    0. Back to Main Menu
    
    Enter your choice [0-7]:
    
  3. Each option provides specific diagnostics:

    • Check Container Health: Verifies that all required containers (CrowdSec, Traefik, Pangolin, Gerbil) are running.

    • Check CrowdSec Bouncers: Lists all registered bouncers and verifies the Traefik bouncer connection.

    • Check CrowdSec Decisions: Shows active IP bans or captcha decisions.

    • Check CrowdSec Metrics: Displays Prometheus metrics and checks specifically for AppSec metrics.

    • Check Traefik CrowdSec Integration: Verifies that CrowdSec middleware is properly configured in Traefik.

    • Run Complete Diagnostic Check: Runs all checks and provides a comprehensive summary with a final verdict on CrowdSec’s operational status.

    • View CrowdSec Logs: Shows the last 50 lines of CrowdSec logs with an option to follow logs in real-time.

  4. For example, when running a complete diagnostic check, you’ll see output like:

    ======================================================================
               DIAGNOSTIC SUMMARY
    ======================================================================
    
    Verifying key configuration settings:
    âś“ CrowdSec LAPI key found in ./config/traefik/dynamic_config.yml
    âś“ CrowdSec AppSec is enabled in ./config/traefik/dynamic_config.yml
    âś“ CrowdSec middleware configured in ./config/traefik/dynamic_config.yml
    
    === FINAL VERDICT ===
    CrowdSec appears to be working correctly.
    

Troubleshooting Tips

Common Issues and Solutions

  1. Domain already exists error:

    • The script checks if a domain already exists in your configuration. If you see this error, the domain is already configured. Check your config.yml file.
  2. Port already configured error:

    • If you see an error that the port is already configured, check your docker-compose.yml and traefik_config.yml files.
  3. DNS resolution warnings:

    • If you receive warnings about DNS resolution, ensure that your domain has A or AAAA records pointing to your server’s IP address.
  4. CrowdSec not running error:

    • If diagnostics show that CrowdSec is not running, try restarting the stack using option 3 from the main menu.
  5. Verification failed errors:

    • If port configuration verification fails, the script will offer to revert changes. Consider checking your configuration files manually if this happens repeatedly.

Recovering from Failures

The script creates backup files before making changes:

  • config.yml.bak - Backup of your Pangolin configuration
  • docker-compose.yml.bak - Backup of your Docker Compose file
  • traefik_config.yml.bak - Backup of your Traefik configuration

If you need to restore from a backup:

cp ./config/config.yml.bak ./config/config.yml
cp ./docker-compose.yml.bak ./docker-compose.yml
cp ./config/traefik/traefik_config.yml.bak ./config/traefik/traefik_config.yml

Best Practices

  1. DNS Configuration: Always configure your DNS properly before adding domains.

  2. Regular Diagnostics: Run the complete CrowdSec diagnostic check regularly to ensure everything is working correctly.

  3. Port Security: Only open ports that are necessary for your services.

  4. Firewall Configuration: After adding ports through the script, verify that your firewall is properly configured.

  5. Proper Shutdown: When updating your stack, use the script’s restart function rather than manually stopping containers to ensure proper orderly shutdowns.

Conclusion

The Pangolin Stack Manager tool simplifies common administration tasks through an intuitive interface. By automating complex configuration changes and providing comprehensive diagnostics, it helps you maintain a healthy and secure Pangolin deployment.

Remember to check for updates to the script periodically, as new features and improvements may be added over time.

3 Likes