pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-07 21:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into 1.14.0

Browse Source
This commit is contained in:
miloschwartz
2025-12-21 16:17:43 -05:00
parent c52b68395c 7c02b91650
commit 2e33e669dd
10 changed files with 73 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
self-host/advanced/cloudflare-proxy.mdx
View File

@@ -54,3 +54,37 @@ gerbil:
```
</Step>
</Steps>
### Getting the Real Client IP
Pangolin needs to know the original client IP address for features like rate limiting. When Cloudflare proxy is enabled, the API server sees Cloudflare's IP instead of the real client IP.
Cloudflare sets special headers with the real IP that need to be processed by Traefik before forwarding to Pangolin. Configure Traefik to parse these headers using a community plugin for Traefik: [Real IP from Cloudflare Proxy Tunnel](https://plugins.traefik.io/plugins/62e97498e2bf06d4675b9443/real-ip-from-cloudflare-proxy-tunnel).
Add the plugin to your Traefik configuration:
```yaml
experimental:
plugins:
cloudflarewarp:
moduleName: github.com/BetterCorp/cloudflarewarp
version: v1.3.0
entryPoints:
websecure:
address: ':443'
http:
middlewares:
- cloudflarewarp@file
```
This creates a middleware called `cloudflarewarp` and applies it to the `websecure` entrypoint.
Then set `trust_proxy: 2` in your Pangolin config file. This tells Pangolin to trust the second-level proxy (Traefik is proxy 1, Cloudflare is proxy 2):
1
```yaml
server:
trust_proxy: 2
```
After making these changes, restart both Traefik and Pangolin for the configuration to take effect.

9
self-host/manual/docker-compose.mdx
View File

@@ -144,8 +144,6 @@ services:
restart: unless-stopped
volumes:
- ./config:/app/config
- pangolin-data:/var/certificates
- pangolin-data:/var/dynamic
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
interval: "3s"
@@ -187,17 +185,12 @@ services:
volumes:
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
# Shared volume for certificates and dynamic config in file mode
- pangolin-data:/var/certificates:ro
- pangolin-data:/var/dynamic:ro
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
networks:
default:
driver: bridge
name: pangolin
volumes:
pangolin-data:
```
## Traefik Static Configuration