pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-03-02 16:56:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Documentation edits made through Mintlify web editor

Browse Source
This commit is contained in:
AstralDestiny
2025-10-10 17:14:39 -04:00
committed by GitHub
parent 3e72c65afb
commit 94e991525b
1 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
self-host/advanced/proxyprotocol.mdx Normal file
View File

@@ -0,0 +1,154 @@
---
title: "New file"
description: "Description of your new file."
---
# Proxy Protocol (Advanced)
In Pangolin, make a TCP resource or UDP resource.
> **Note:** Not all applications support Proxy Protocol. If you send Proxy Protocol headers to an application that isn't configured for it or doesn't support it, the connection will fail entirely.
---
## Creating the Resource
In Pangolin, go into **Resources** and create a TCP or UDP route like you normally would — pointing it to your resource which accepts Proxy Protocol.
Say I'm using `tcp-8888` with Pangolin.
I configure it to hit my Proxy Protocolenabled service such as Minecraft Paper or Velocity.
It'll give you a **port** to put into the compose file and an **entryPoint** to add into the `traefik_config.yml`.
Only do the second, not the first.
---
## Add the EntryPoint
Add an entrypoint in `traefik_config.yml` for the port you intend to use.
```yaml
entryPoints:
tcp-22000:
address: ":22000/tcp"
```
I'm going to use `tcp-22000` for this, and in Traefik under **Gerbil**, I'm going to add the same mapping:
```yaml
gerbil:
image: fosrl/gerbil
container_name: gerbil
restart: unless-stopped
ports:
- 51820:51820/udp
- 21820:21820/udp
- 443:443/tcp
- 80:80/tcp
- 22000:22000/tcp
```
---
## Find the Service Address
Run the following command:
```bash
docker exec pangolin curl http://localhost:3001/api/v1/traefik-config | jq
```
Look for the entry that resembles:
```json
"tcp": {
"routers": {
"43-router": {
"entryPoints": [
"tcp-8888"
],
"service": "43-service",
"rule": "HostSNI(`*`)"
```
Follow this down further until you reach the service line — `43-service` in this example:
```json
"services": {
"43-service": {
"loadBalancer": {
"servers": [
{
"address": "100.89.128.4:58655"
}
]
}
},
```
Make a note of the address there.
---
## Update Dynamic Configuration
Go into `config/traefik_dynamic.yml` and add:
### TCP Example
```yaml
tcp:
routers:
minecraft-rtr:
rule: "HostSNI(`*`)"
entryPoints:
- "tcp-22000"
service: minecraft-svc
services:
minecraft-svc:
loadBalancer:
serversTransport: proxy-protocol-v1 # Can be named anything really as long as it matches the defined transport.
servers:
- address: "100.89.128.4:58655"
serversTransports:
proxy-protocol-v1:
proxyProtocol:
version: 1
```
### UDP Example
```yaml
tcp:
routers:
servicename-rtr:
entryPoints:
- "udp-22000"
service: servicename-svc
services:
servicename-svc:
loadBalancer:
serversTransport: proxyprotocol-udp
servers:
- address: "100.89.128.4:58655"
serversTransports:
proxyprotocol-udp:
proxyProtocol:
version: 1
```
---
## Downstream Applications
For downstream applications, you'll need to configure them to trust Proxy Protocol connections originating from the system where **Newt** connects to the service.
For example:
If the Newt is running on **Host B** at `192.168.1.5`,
your service on **Host A** at `192.168.1.4` needs to trust `192.168.1.5` as a trusted Proxy Protocol source.
Once Proxy Protocol is in play, the connection between Traefik and the backend **must** speak Proxy Protocol — otherwise it will refuse to connect.