mirror of
https://github.com/fosrl/docs-v2.git
synced 2026-02-07 21:46:42 +00:00
110 lines
3.6 KiB
Plaintext
110 lines
3.6 KiB
Plaintext
---
|
|
title: "TCP & UDP"
|
|
description: "Configure raw TCP and UDP traffic through Pangolin tunnels"
|
|
---
|
|
|
|
<Note>
|
|
This feature is only available in self-hosted Pangolin instances. If you're using Pangolin Cloud, you will need to deploy a remote node.
|
|
</Note>
|
|
|
|
Pangolin supports raw TCP and UDP traffic because Newt can pass anything through the tunnel.
|
|
|
|
In Pangolin Community Edition, ensure you have the flag enabled in the config file:
|
|
|
|
```
|
|
flags:
|
|
allow_raw_resources: true
|
|
```
|
|
|
|
You map the resource to a port on the host Pangolin server, so you can access the resource from `<server-public-ip>:<mapped-port>`. This is useful if you want to access the resource over the public internet, such as exposing a game server like Minecraft.
|
|
|
|
## Proxied Resources
|
|
|
|
Proxied resources require extra configuration to expose on the Pangolin server. You'll need to configure firewall rules, Docker port mappings, and Traefik entry points. These steps require a server restart.
|
|
|
|
<Steps>
|
|
<Step title="Create the resource">
|
|
In the Pangolin dashboard, go to Resources and click Add Resource. Select "Raw TCP/UDP resource", and enter your desired publicly mapped port. This is the port you'll use to access the proxied resource.
|
|
</Step>
|
|
|
|
<Step title="Configure firewall">
|
|
Open your desired ports on your VPS firewall, just like you did for ports 51820, 443, and 80. This is highly OS and VPS dependent.
|
|
|
|
<Note>
|
|
In this example, we're exposing two resources: TCP 1602 and UDP 1704.
|
|
</Note>
|
|
</Step>
|
|
|
|
<Step title="Configure Docker">
|
|
Add port mappings to your `docker-compose.yml` file:
|
|
|
|
```yaml title="docker-compose.yml" highlight={4,5}
|
|
gerbil:
|
|
ports:
|
|
# ... existing ports ...
|
|
- 1704:1704/udp # ADDED: Your UDP port
|
|
- 1602:1602 # ADDED: Your TCP port
|
|
```
|
|
</Step>
|
|
|
|
<Step title="Configure Traefik">
|
|
Add entry points to your `config/traefik/traefik_config.yml`:
|
|
|
|
```yaml title="traefik_config.yml" highlight={12-15}
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: letsencrypt
|
|
transport:
|
|
respondingTimeouts:
|
|
readTimeout: 30m
|
|
tcp-1602:
|
|
address: ":1602/tcp"
|
|
udp-1704:
|
|
address: ":1704/udp"
|
|
```
|
|
|
|
<Info>
|
|
**Important**: Always name your entry points in the format `protocol-port` (e.g., `tcp-1602`, `udp-1704`). This naming is required for Pangolin's dynamic configuration.
|
|
</Info>
|
|
</Step>
|
|
|
|
<Step title="Restart the stack">
|
|
Restart your Docker stack to apply all changes:
|
|
|
|
```bash
|
|
sudo docker compose down
|
|
sudo docker compose up -d
|
|
```
|
|
</Step>
|
|
</Steps>
|
|
|
|
<Note>
|
|
In this example, we expose port 1602 for TCP and port 1704 for UDP. You can use any available ports on your VPS.
|
|
</Note>
|
|
|
|
## Proxy Protocol
|
|
|
|
On TCP resources you can enable Proxy Protocol support to forward the original client IP address to your backend service. This is useful for logging and access control.
|
|
|
|
In order to enable proxy protocol, simply check the "Enable Proxy Protocol" box when creating or editing a TCP resource.
|
|
|
|
<Note>Your backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections so only enable this if you know what you're doing. Make sure to configure your backend to trust Proxy Protocol headers from Traefik.</Note>
|
|
|
|
To enable Proxy Protocol in Traefik, add the following to the bottom of your `config/traefik/dynamic_config.yml`:
|
|
|
|
```yaml
|
|
tcp:
|
|
serversTransports:
|
|
pp-transport-v1:
|
|
proxyProtocol:
|
|
version: 1
|
|
pp-transport-v2:
|
|
proxyProtocol:
|
|
version: 2
|
|
```
|