Add docs for managed

2026-03-01 16:26:44 +00:00 · 2025-08-21 16:31:33 -07:00
parent c9d6ba92c0
commit a59af90173
14 changed files with 728 additions and 62 deletions
--- a/self-host/manual/docker-compose.mdx
+++ b/self-host/manual/docker-compose.mdx
@@ -144,6 +144,8 @@ services:
    restart: unless-stopped
    volumes:
      - ./config:/app/config
+      - pangolin-data:/var/certificates
+      - pangolin-data:/var/dynamic
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "3s"
@@ -186,11 +188,17 @@ services:
    volumes:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      # Shared volume for certificates and dynamic config in file mode
+      - pangolin-data:/var/certificates:ro
+      - pangolin-data:/var/dynamic:ro

 networks:
  default:
    driver: bridge
    name: pangolin
+
+volumes:
+  pangolin-data:
 ```

 ## Traefik Static Configuration
@@ -242,6 +250,9 @@ entryPoints:

 serversTransport:
  insecureSkipVerify: true
+
+ping:
+    entryPoint: "web"
 ```

 ## Traefik Dynamic Configuration
--- a/self-host/manual/managed.mdx
+++ b/self-host/manual/managed.mdx
@@ -0,0 +1,234 @@
+---
+title: "Docker Compose Managed"
+description: "Deploy managed Pangolin manually using Docker Compose without the automated installer"
+---
+
+<Tip>
+This guide is for managed Pangolin. If you are looking for self-hosted Pangolin please see the [Docker Compose](self-host/docker-compose) guide.
+</Tip>
+
+This guide walks you through setting up Pangolin manually using Docker Compose without the automated installer. This approach gives you full control over the configuration and deployment process.
+
+This guide assumes you already have a Linux server with Docker and Docker Compose installed. If you don't, please refer to the [official Docker documentation](https://docs.docker.com/get-docker/) for installation instructions. You must also have root access to the server.
+
+## Prerequisites
+
+Checkout the [quick install guide](self-host/quick-install-managed) for more info regarding what is needed before you install Pangolin.
+
+## File Structure
+
+Create the following directory structure for your Pangolin deployment:
+
+```
+.
+├── config/
+│   ├── config.yml (*)
+│   ├── db/
+│   │   └── db.sqlite
+│   ├── key
+│   └── traefik/
+│       ├── traefik_config.yml (*)
+└── docker-compose.yml (*)
+```
+
+<Info>
+Files marked with `(*)` must be created manually. Volumes and other files are generated automatically by the services.
+</Info>
+
+<AccordionGroup>
+<Accordion title="Configuration Files">
+  **`config/config.yml`**: Main Pangolin configuration file
+  - Contains all Pangolin settings and options
+  - See [Configuration Guide](/pangolin/configuration/config) for details
+  
+  **`config/traefik/traefik_config.yml`**: Traefik static configuration
+  - Global Traefik settings and entry points
+</Accordion>
+
+<Accordion title="Generated Files">
+  **`config/db/db.sqlite`**: SQLite database file
+  - Created automatically on first startup
+  - Contains all Pangolin data and settings
+  
+  **`config/key`**: Private key file
+  - Generated by Gerbil service
+  - Used for WireGuard tunnel encryption
+</Accordion>
+
+<Accordion title="Docker Files">
+  **`docker-compose.yml`**: Service definitions
+  - Defines Pangolin, Gerbil, and Traefik services
+  - Network configuration and volume mounts
+  - Health checks and dependencies
+</Accordion>
+</AccordionGroup>
+
+<Steps>
+<Step title="Create configuration directory">
+  ```bash
+  mkdir -p config/traefik config/db
+  ```
+</Step>
+
+<Step title="Create configuration files">
+  Create the main configuration files (see below):
+  
+  - `docker-compose.yml` (in project root)
+  - `config/traefik/traefik_config.yml`
+  - `config/config.yml`
+</Step>
+
+<Step title="Update domain">
+  Edit the configuration files to replace:
+  
+  - `154.123.45.67` with your actual domain OR public IP address of the PoP 
+  
+  <Warning>
+  Ensure your domain DNS is properly configured to point to your server's IP address if you choose DNS.
+  </Warning>
+</Step>
+</Steps>
+
+## Starting the Stack
+
+<Steps>
+<Step title="Start the services">
+  ```bash
+  sudo docker compose up -d
+  ```
+</Step>
+
+<Step title="Monitor startup">
+  ```bash
+  sudo docker compose logs -f
+  ```
+</Step>
+
+<Step title="Verify services">
+  ```bash
+  sudo docker compose ps
+  ```
+  
+  All services should show "Up" status after a few minutes.
+</Step>
+</Steps>
+
+## Docker Compose Configuration
+
+Create `docker-compose.yml` in your project root:
+
+```yaml title="docker-compose.yml"
+services:
+  pangolin:
+    image: fosrl/pangolin:latest # https://github.com/fosrl/pangolin/releases
+    container_name: pangolin
+    restart: unless-stopped
+    volumes:
+      - ./config:/app/config
+      - pangolin-data:/var/certificates
+      - pangolin-data:/var/dynamic
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "3s"
+      timeout: "3s"
+      retries: 15
+
+  gerbil:
+    image: fosrl/gerbil:latest # https://github.com/fosrl/gerbil/releases
+    container_name: gerbil
+    restart: unless-stopped
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --reachableAt=http://gerbil:3003
+      - --generateAndSaveKeyTo=/var/config/key
+      - --remoteConfig=http://pangolin:3001/api/v1/
+    volumes:
+      - ./config/:/var/config
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    ports:
+      - 51820:51820/udp
+      - 21820:21820/udp
+      - 443:8443
+      - 80:80
+
+  traefik:
+    image: traefik:v3.4.0
+    container_name: traefik
+    restart: unless-stopped
+    network_mode: service:gerbil # Ports appear on the gerbil service
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    volumes:
+      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      # Shared volume for certificates and dynamic config in file mode
+      - pangolin-data:/var/certificates:ro
+      - pangolin-data:/var/dynamic:ro
+
+networks:
+  default:
+    driver: bridge
+    name: pangolin
+
+volumes:
+  pangolin-data:
+```
+
+## Traefik Static Configuration
+
+Create `config/traefik/traefik_config.yml`:
+
+```yaml title="config/traefik/traefik_config.yml"
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  file:
+    directory: "/var/dynamic"
+    watch: true
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.2.0"
+
+log:
+  level: "INFO"
+  format: "common"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+
+serversTransport:
+  insecureSkipVerify: true
+
+ping:
+    entryPoint: "web"
+```
+
+## Pangolin Configuration
+
+```yaml title="config/config.yml"
+gerbil:
+    start_port: 51820
+    base_endpoint: "154.123.45.67" # REPLACE WITH YOUR IP OR DOMAIN
+
+managed:
+    id: "he4g78wevj25msf"
+    secret: "n7sd18twfko0q0vrb7wyclqzbvvnx1fqt7ezv8xewhdb9s7d"
+```