pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-03-11 21:26:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #77 from fosrl/dev

Browse Source 
Move rules
This commit is contained in:
Owen Schwartz
2026-03-10 11:39:16 -07:00
committed by GitHub
parent 8881d8cb56 5c16e4e376
commit ac3832bec5
3 changed files with 68 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs.json
View File

@@ -181,6 +181,7 @@
"group": "Community Guides", "group": "Community Guides",
"pages": [ "pages": [
"self-host/community-guides/overview", "self-host/community-guides/overview",
"self-host/community-guides/rules",
"self-host/community-guides/remove-geoblock-plugin", "self-host/community-guides/remove-geoblock-plugin",
"self-host/community-guides/crowdsec", "self-host/community-guides/crowdsec",
"self-host/community-guides/metrics", "self-host/community-guides/metrics",

58
manage/access-control/rules.mdx
View File

@@ -96,60 +96,6 @@ Pretty simple: you can match on simply an IP address like your home IP to bypass
- `34.45.245.64` - `34.45.245.64`
- `192.168.1.1` - `192.168.1.1`
## Rules for Specific Apps ### Community Contributed Rules
This table compiles paths that need to be allowed for various apps to work with Pangolin authentication. Some common bypass paths for common self hosted apps can be found [in the community contributed rules](/self-host/community-guides/rules).
| App | Required Bypass Rules |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Media Management** | |
| Radarr | `/api/*` |
| Sonarr | `/api/*` |
| Lidarr | `/api/*` |
| **Media Servers** | |
| Jellyfin (iOS) | `/system/info/public` |
| Jellyfin (Roku) | `/System/Info/Public`<br />`/Users/AuthenticateByName`<br />`/Users/Public`<br />`/QuickConnect/Initiate`<br />`/QuickConnect/Connect`<br />`/Users/AuthenticateWithQuickConnect` |
| Audiobookshelf | Audiobookshelf also supports `/audiobookshelf` by default. Each rule should also be applied to this path.<br />`/api/*`<br />`/login`<br />`/auth/*`<br />`/feed/*`<br />`/socket.io/`<br />`/status`<br />`/logout`<br />`/ping`<br />`/public/*`<br />The following is needed for public shares and is optional for clients:<br />`/share/*`<br />`/_nuxt/*.js`<br />`/_nuxt/fonts/*` |
| **Management & Monitoring** | |
| Tautulli | `/api/*` |
| Harbour | `/api/*` |
| Hoarder App | `/api/*` |
| Uptime Kuma Manager | `/api/*`<br />`/socket.io/*` |
| Beszel | `/api/beszel/agent-connect` |
| MeshCentral | `/api/*`<br />`/meshrelay.ashx`<br />`/agent.ashx` |
| **Security & Privacy** | |
| AdGuard Home | `/api/*` |
| Ente Auth | `*api*` |
| Vaultwarden/Bitwarden | `/api/*`<br />`/identity/*`<br />`/wl/*`<br />Always Deny - Path - `/admin/*` |
| **Cloud & Sync** | |
| Nextcloud | `/` (Main interface)<br />`/index.php` (Core handler)<br />`/remote.php` (Remote access)<br />`/status.php` (Status checks)<br />`/ocs` (Collaboration Services API)<br />`/apps` (Applications)<br />`/remote.php/webdav` (WebDAV endpoint)<br />`/remote.php/dav` (CalDAV/CardDAV)<br />`/remote.php/caldav` (Calendar sync)<br />`/remote.php/carddav` (Contacts sync)<br />`/ocs/v1.php` (API endpoints)<br />`/ocs/v2.php` (API v2 endpoints)<br />`/login` (Authentication)<br />`/.well-known/*` (Service discovery)<br />`/.well-known/webfinger` (WebFinger protocol)<br />`/s/*` (Shared files/folders) |
| Onlyoffice | `/cache/*`<br />`*/CommandService.ashx`<br />`*/converter/*`<br />`*/doc/*`<br />`*/downloadas/*`<br />`/downloadfile/*`<br />`*/fonts/*`<br />`/healthcheck`<br />`/methodology/*`<br />`*/plugins.json`<br />`*/sdkjs/*`<br />`*/sdkjs-plugins/*`<br />`*/themes.json`<br />`*/web-apps/*`
| **Photo Management** | |
| Ente Photos | `*api*` |
| Immich | `/api/*`<br />`/.well-known/immich` |
| **File Management** | |
| Filebrowser | `/static/*`<br />`/share/*` <br/> `/api/public/dl/*` <br/> `/api/public/share/*` |
| **Notes & Knowledge Management** | |
| Joplin Notes Server | `/api/*`<br />`/shares/*`<br />`/css/*`<br />`/images/*`<br />Always Deny - Path - `/login/*` (optional) |
| Erugo | `/api/*`<br />`/shares/*`<br />`/build/*`<br />`/get-logo` |
| Memos | `/api/*`<br />`/assets/*`<br />`/explore*`<br />`/memos.api.v1.*`<br />`/auth/callback*`<br />`/auth`<br />`/site.webmanifest`<br />`/logo.webp`<br />`/full-logo.webp`<br />`/android-chrome-192x192.png` |
| Linkding | `/api/*`<br />`/bookmarks/*`<br />Always Deny - Path - `/admin/*` |
| **Communication** | |
| Matrix/Synapse (Clients) | `/_matrix/*`<br />`/_synapse/client/*` |
| Matrix/Synapse (Federation) | `/_matrix/*` |
| **Notifications** | |
| Gotify | `/version`<br />`/message`<br />`/application`<br />`/client`<br />`/stream`<br />`/plugin`<br />`/health` |
| **Home Automation** | |
| Home Assistant | `/api/*`<br />`/auth/*`<br />`/frontend_latest/*`<br />`/lovelace/*`<br />`/static/*`<br />`/hacsfiles/*`<br />`/local/*`<br />`/manifest.json`<br />`/sw-modern.js` |
| n8n | `/webhook-test/*/webhook`<br />`/webhook/*/webhook` |
| **Project Management** | |
| Jetbrains Youtrack | `/api/*`<br />`/hub/api/*`<br /> |
| **Genealogy** | |
| Gramps Web | `/api/*`
| **Analytics** | |
| Liwan | `/script.js`<br /> `/api/send` |
| Umami | `/script.js`<br /> `/api/send` |
<Note>
These rules are examples and may need to be adjusted based on your specific app configuration and version.
</Note>

65
self-host/community-guides/rules.mdx Normal file
View File

@@ -0,0 +1,65 @@
---
title: "Bypass Rules"
description: "Community bypass rules for common self hosted apps"
---
import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";
<PangolinCloudTocCta />
This table compiles paths that need to be allowed for various apps to work with Pangolin authentication.
| App | Required Bypass Rules |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Media Management** | |
| Radarr | `/api/*` |
| Sonarr | `/api/*` |
| Lidarr | `/api/*` |
| **Media Servers** | |
| Jellyfin (iOS) | `/system/info/public` |
| Jellyfin (Roku) | `/System/Info/Public`<br />`/Users/AuthenticateByName`<br />`/Users/Public`<br />`/QuickConnect/Initiate`<br />`/QuickConnect/Connect`<br />`/Users/AuthenticateWithQuickConnect` |
| Audiobookshelf | Audiobookshelf also supports `/audiobookshelf` by default. Each rule should also be applied to this path.<br />`/api/*`<br />`/login`<br />`/auth/*`<br />`/feed/*`<br />`/socket.io/`<br />`/status`<br />`/logout`<br />`/ping`<br />`/public/*`<br />The following is needed for public shares and is optional for clients:<br />`/share/*`<br />`/_nuxt/*.js`<br />`/_nuxt/fonts/*` |
| **Management & Monitoring** | |
| Tautulli | `/api/*` |
| Harbour | `/api/*` |
| Hoarder App | `/api/*` |
| Uptime Kuma Manager | `/api/*`<br />`/socket.io/*` |
| Beszel | `/api/beszel/agent-connect` |
| MeshCentral | `/api/*`<br />`/meshrelay.ashx`<br />`/agent.ashx` |
| **Security & Privacy** | |
| AdGuard Home | `/api/*` |
| Ente Auth | `*api*` |
| Vaultwarden/Bitwarden | `/api/*`<br />`/identity/*`<br />`/wl/*`<br />Always Deny - Path - `/admin/*` |
| **Cloud & Sync** | |
| Nextcloud | `/` (Main interface)<br />`/index.php` (Core handler)<br />`/remote.php` (Remote access)<br />`/status.php` (Status checks)<br />`/ocs` (Collaboration Services API)<br />`/apps` (Applications)<br />`/remote.php/webdav` (WebDAV endpoint)<br />`/remote.php/dav` (CalDAV/CardDAV)<br />`/remote.php/caldav` (Calendar sync)<br />`/remote.php/carddav` (Contacts sync)<br />`/ocs/v1.php` (API endpoints)<br />`/ocs/v2.php` (API v2 endpoints)<br />`/login` (Authentication)<br />`/.well-known/*` (Service discovery)<br />`/.well-known/webfinger` (WebFinger protocol)<br />`/s/*` (Shared files/folders) |
| Onlyoffice | `/cache/*`<br />`*/CommandService.ashx`<br />`*/converter/*`<br />`*/doc/*`<br />`*/downloadas/*`<br />`/downloadfile/*`<br />`*/fonts/*`<br />`/healthcheck`<br />`/methodology/*`<br />`*/plugins.json`<br />`*/sdkjs/*`<br />`*/sdkjs-plugins/*`<br />`*/themes.json`<br />`*/web-apps/*` |
| **Photo Management** | |
| Ente Photos | `*api*` |
| Immich | `/api/*`<br />`/.well-known/immich` |
| **File Management** | |
| Filebrowser | `/static/*`<br />`/share/*` <br/> `/api/public/dl/*` <br/> `/api/public/share/*` |
| **Notes & Knowledge Management** | |
| Joplin Notes Server | `/api/*`<br />`/shares/*`<br />`/css/*`<br />`/images/*`<br />Always Deny - Path - `/login/*` (optional) |
| Erugo | `/api/*`<br />`/shares/*`<br />`/build/*`<br />`/get-logo` |
| Memos | `/api/*`<br />`/assets/*`<br />`/explore*`<br />`/memos.api.v1.*`<br />`/auth/callback*`<br />`/auth`<br />`/site.webmanifest`<br />`/logo.webp`<br />`/full-logo.webp`<br />`/android-chrome-192x192.png` |
| Linkding | `/api/*`<br />`/bookmarks/*`<br />Always Deny - Path - `/admin/*` |
| **Communication** | |
| Matrix/Synapse (Clients) | `/_matrix/*`<br />`/_synapse/client/*` |
| Matrix/Synapse (Federation) | `/_matrix/*` |
| **Notifications** | |
| Gotify | `/version`<br />`/message`<br />`/application`<br />`/client`<br />`/stream`<br />`/plugin`<br />`/health` |
| **Home Automation** | |
| Home Assistant | `/api/*`<br />`/auth/*`<br />`/frontend_latest/*`<br />`/lovelace/*`<br />`/static/*`<br />`/hacsfiles/*`<br />`/local/*`<br />`/manifest.json`<br />`/sw-modern.js` |
| n8n | `/webhook-test/*/webhook`<br />`/webhook/*/webhook` |
| **Project Management** | |
| Jetbrains Youtrack | `/api/*`<br />`/hub/api/*`<br /> |
| **Genealogy** | |
| Gramps Web | `/api/*` |
| **Analytics** | |
| Liwan | `/script.js`<br /> `/api/send` |
| Umami | `/script.js`<br /> `/api/send` |
<Note>
These rules are examples and may need to be adjusted based on your specific
app configuration and version.
</Note>