From 39ec3581ce33805ddff9570ab75c44c17612ffd8 Mon Sep 17 00:00:00 2001 From: Owen Date: Sun, 2 Nov 2025 14:37:41 -0800 Subject: [PATCH] Add proxy protocol docs --- manage/resources/targets.mdx | 7 +------ manage/resources/tcp-udp-resources.mdx | 28 +++++++++++++++++++++----- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/manage/resources/targets.mdx b/manage/resources/targets.mdx index ab0da35..8b8825d 100644 --- a/manage/resources/targets.mdx +++ b/manage/resources/targets.mdx @@ -106,10 +106,6 @@ In this configuration: - Requests to `/api/users` will be load balanced between Target 1 and Target 2 - Requests to `/web/dashboard` will only go to Target 3 - - - - ## Path Rewriting Path rewriting allows you to modify the request path before it reaches your backend service. This enables you to expose different URL structures to your users while maintaining your existing backend API paths. @@ -211,5 +207,4 @@ When using path rewriting, request priority is automatically calculated to ensur - Prefix match adds +3 more - Regex match adds +2 more - Root path `/` gets priority 1 (lowest, acts as catch-all) -- Custom priorities override the automatic calculation - +- Custom priorities override the automatic calculation \ No newline at end of file diff --git a/manage/resources/tcp-udp-resources.mdx b/manage/resources/tcp-udp-resources.mdx index a202417..8966346 100644 --- a/manage/resources/tcp-udp-resources.mdx +++ b/manage/resources/tcp-udp-resources.mdx @@ -15,10 +15,7 @@ In Pangolin Community Edition, ensure you have the flag enabled in the config fi flags: allow_raw_resources: true ``` - -These resources can either be: -1. **Publically Proxied:** Map the resource to a port on the host Pangolin server, so you can access the resource from `:`. This is useful if you want to access the resource over the public internet, such as exposing a game server like Minecraft. -2. **Internal Exposure:** Map services accessible on the same network as the site to an internal port on the site address. This is useful if you only want internal exposure to a resource when connected with a client. +You map the resource to a port on the host Pangolin server, so you can access the resource from `:`. This is useful if you want to access the resource over the public internet, such as exposing a game server like Minecraft. ## Proxied Resources @@ -26,7 +23,7 @@ Proxied resources require extra configuration to expose on the Pangolin server. - In the Pangolin dashboard, go to Resources and click Add Resource. Select "Raw TCP/UDP resource", enable Public Proxy, and enter your desired publicly mapped port. This is the port you'll use to access the proxied resource. + In the Pangolin dashboard, go to Resources and click Add Resource. Select "Raw TCP/UDP resource", and enter your desired publicly mapped port. This is the port you'll use to access the proxied resource. @@ -88,3 +85,24 @@ Proxied resources require extra configuration to expose on the Pangolin server. In this example, we expose port 1602 for TCP and port 1704 for UDP. You can use any available ports on your VPS. + +## Proxy Protocol + +On TCP resources you can enable Proxy Protocol support to forward the original client IP address to your backend service. This is useful for logging and access control. + +In order to enable proxy protocol, simply check the "Enable Proxy Protocol" box when creating or editing a TCP resource. + +Your backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections so only enable this if you know what you're doing. Make sure to configure your backend to trust Proxy Protocol headers from Traefik. + +To enable Proxy Protocol in Traefik, add the following to the bottom of your `config/traefik/dynamic_config.yml`: + +```yaml +tcp: + serversTransports: + pp-transport-v1: + proxyProtocol: + version: 1 + pp-transport-v2: + proxyProtocol: + version: 2 +``` \ No newline at end of file