github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 13:49:15 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #458] Can not access web ui #10226

New Issue
Closed
opened 2026-05-06 13:22:23 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-05-06 13:22:23 -05:00
Owner
Copy Link

Originally created by @gilbrotheraway on GitHub (Apr 4, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/458

i set up everything as explained in the docs with example configs exactly as described, double checked on noted.lol and other internet guides yet I can't access the web ui

now why is it not even accessible locally, are you supposed to expose the control panel to the internet by default?

why use traefik when it's the worst option of ALL the main ones including caddy(which are also much lighter and have more plugins)

fosrl/pangolin@0.0.0 start
> NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'
Starting migrations from version 1.1.0
Migrations to run: 
All migrations completed successfully
2025-04-04T12:39:01.301Z [info]: Server admin (...) already exists
2025-04-04T12:39:01.768Z [info]: API server is running on http://localhost:3000
2025-04-04T12:39:01.768Z [info]: Internal server is running on http://localhost:3001
2025-04-04T12:39:02.478Z [info]: Next.js server is running on http://localhost:3002
INFO: 2025/04/04 12:39:02 Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config
INFO: 2025/04/04 12:39:02 Created WireGuard interface wg0
INFO: 2025/04/04 12:39:02 Assigned IP address 100.89.128.1/24 to interface wg0
INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain INPUT
INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain OUTPUT
INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain FORWARD
INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain INPUT
INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain INPUT
INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain OUTPUT
INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain OUTPUT
INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain FORWARD
INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain FORWARD
INFO: 2025/04/04 12:39:02 WireGuard interface wg0 created and configured
INFO: 2025/04/04 12:39:02 Starting server on :3003
2025-04-04T12:39:03Z INF Traefik version 3.3.3 built on 2025-01-31T14:54:58Z version=3.3.3
2025-04-04T12:39:03Z INF 
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2025-04-04T12:39:03Z INF Loading plugins... plugins=["badger"]
2025-04-04T12:39:04Z INF Plugins loaded. plugins=["badger"]
2025-04-04T12:39:04Z INF Starting provider aggregator *aggregator.ProviderAggregator
2025-04-04T12:39:04Z INF Starting provider *file.Provider
2025-04-04T12:39:04Z INF Starting provider *traefik.Provider
2025-04-04T12:39:04Z INF Starting provider *acme.ChallengeTLSALPN
2025-04-04T12:39:04Z INF Starting provider *http.Provider
2025-04-04T12:39:04Z INF Starting provider *acme.Provider
2025-04-04T12:39:04Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
2025-04-04T12:39:10Z INF Register... providerName=letsencrypt.acme
Originally created by @gilbrotheraway on GitHub (Apr 4, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/458 i set up everything as explained in the docs with example configs exactly as described, double checked on noted.lol and other internet guides yet I can't access the web ui now why is it not even accessible locally, are you supposed to expose the control panel to the internet by default? why use traefik when it's the worst option of [ALL](https://m.youtube.com/watch?v=h-ygQbBROXY) the main ones including caddy(which are also much lighter and have more plugins) ``` fosrl/pangolin@0.0.0 start > NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs' Starting migrations from version 1.1.0 Migrations to run: All migrations completed successfully 2025-04-04T12:39:01.301Z [info]: Server admin (...) already exists 2025-04-04T12:39:01.768Z [info]: API server is running on http://localhost:3000 2025-04-04T12:39:01.768Z [info]: Internal server is running on http://localhost:3001 2025-04-04T12:39:02.478Z [info]: Next.js server is running on http://localhost:3002 INFO: 2025/04/04 12:39:02 Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config INFO: 2025/04/04 12:39:02 Created WireGuard interface wg0 INFO: 2025/04/04 12:39:02 Assigned IP address 100.89.128.1/24 to interface wg0 INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain INPUT INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain OUTPUT INFO: 2025/04/04 12:39:02 Attempting to delete existing MSS clamping rule for chain FORWARD INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain INPUT INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain INPUT INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain OUTPUT INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain OUTPUT INFO: 2025/04/04 12:39:02 Adding MSS clamping rule for chain FORWARD INFO: 2025/04/04 12:39:02 Successfully added and verified MSS clamping rule for chain FORWARD INFO: 2025/04/04 12:39:02 WireGuard interface wg0 created and configured INFO: 2025/04/04 12:39:02 Starting server on :3003 2025-04-04T12:39:03Z INF Traefik version 3.3.3 built on 2025-01-31T14:54:58Z version=3.3.3 2025-04-04T12:39:03Z INF Stats collection is disabled. Help us improve Traefik by turning this feature on :) More details on: https://doc.traefik.io/traefik/contributing/data-collection/ 2025-04-04T12:39:03Z INF Loading plugins... plugins=["badger"] 2025-04-04T12:39:04Z INF Plugins loaded. plugins=["badger"] 2025-04-04T12:39:04Z INF Starting provider aggregator *aggregator.ProviderAggregator 2025-04-04T12:39:04Z INF Starting provider *file.Provider 2025-04-04T12:39:04Z INF Starting provider *traefik.Provider 2025-04-04T12:39:04Z INF Starting provider *acme.ChallengeTLSALPN 2025-04-04T12:39:04Z INF Starting provider *http.Provider 2025-04-04T12:39:04Z INF Starting provider *acme.Provider 2025-04-04T12:39:04Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme 2025-04-04T12:39:10Z INF Register... providerName=letsencrypt.acme ```
GiteaMirror commented 2026-05-06 13:22:25 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Apr 4, 2025):

Hello,

We appreciate the feedback. I have updated the title to more accurately reflect the issue we are trying to solve here.

Your logs look good so this might be a Traefik or networking issue. When you visit your domain in the browser what is the error you receive? This will help to pinpoint if traffic is getting to the VPS or if this could be a DNS or firewall issue.

In the meantime I would check the following:

Do you have ports 443, 80, and 51280 exposed on your VPS?
Double check your traefik config files to make sure that you have the correct domain in there that you are pointing to the VPS
Make sure your domain has an A record pointing to the VPS

<!-- gh-comment-id:2778844915 --> @oschwartz10612 commented on GitHub (Apr 4, 2025): Hello, We appreciate the feedback. I have updated the title to more accurately reflect the issue we are trying to solve here. Your logs look good so this might be a Traefik or networking issue. When you visit your domain in the browser what is the error you receive? This will help to pinpoint if traffic is getting to the VPS or if this could be a DNS or firewall issue. In the meantime I would check the following: Do you have ports 443, 80, and 51280 exposed on your VPS? Double check your traefik config files to make sure that you have the correct domain in there that you are pointing to the VPS Make sure your domain has an A record pointing to the VPS
GiteaMirror commented 2026-05-06 13:22:25 -05:00
Author
Owner
Copy Link

@gilbrotheraway commented on GitHub (Apr 4, 2025):

Hello,

We appreciate the feedback. I have updated the title to more accurately reflect the issue we are trying to solve here.

Your logs look good so this might be a Traefik or networking issue. When you visit your domain in the browser what is the error you receive? This will help to pinpoint if traffic is getting to the VPS or if this could be a DNS or firewall issue.

In the meantime I would check the following:

Do you have ports 443, 80, and 51280 exposed on your VPS? Double check your traefik config files to make sure that you have the correct domain in there that you are pointing to the VPS Make sure your domain has an A record pointing to the VPS

I'm self hosting the whole thing
as I'd read it's not necessary to open router ports this way? the domain doesn't load
records are pointed as normal on cloudflare, i.e:
A domain.com > IP
CNAME *.domain.com > domain.com

<!-- gh-comment-id:2779811433 --> @gilbrotheraway commented on GitHub (Apr 4, 2025): > Hello, > > We appreciate the feedback. I have updated the title to more accurately reflect the issue we are trying to solve here. > > Your logs look good so this might be a Traefik or networking issue. When you visit your domain in the browser what is the error you receive? This will help to pinpoint if traffic is getting to the VPS or if this could be a DNS or firewall issue. > > In the meantime I would check the following: > > Do you have ports 443, 80, and 51280 exposed on your VPS? Double check your traefik config files to make sure that you have the correct domain in there that you are pointing to the VPS Make sure your domain has an A record pointing to the VPS I'm self hosting the whole thing as I'd read it's not necessary to open router ports this way? the domain doesn't load records are pointed as normal on cloudflare, i.e: A domain.com > IP CNAME *.domain.com > domain.com
GiteaMirror commented 2026-05-06 13:22:25 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Apr 4, 2025):

It is necessary to open ports on the server/network running the server side (Pangolin, Traefik, Gerbil). It is not necesary to open ports on the server/network running Newt (site connector) because everything is sent over the tunnel. If you can't open ports, the ideal setup is to deploy Pangolin server components to a VPS with a public IP, and then install Newt on the closed network. Hope that helps!

<!-- gh-comment-id:2779813753 --> @miloschwartz commented on GitHub (Apr 4, 2025): It is necessary to open ports on the server/network running the server side (Pangolin, Traefik, Gerbil). It is not necesary to open ports on the server/network running Newt (site connector) because everything is sent over the tunnel. If you can't open ports, the ideal setup is to deploy Pangolin server components to a VPS with a public IP, and then install Newt on the closed network. Hope that helps!
GiteaMirror commented 2026-05-06 13:22:26 -05:00
Author
Owner
Copy Link

@gilbrotheraway commented on GitHub (Apr 5, 2025):

It is necessary to open ports on the server/network running the server side (Pangolin, Traefik, Gerbil). It is not necesary to open ports on the server/network running Newt (site connector) because everything is sent over the tunnel. If you can't open ports, the ideal setup is to deploy Pangolin server components to a VPS with a public IP, and then install Newt on the closed network. Hope that helps!

oh boy!

so if I'm using * certs and dns challenge i need to open port 443?

<!-- gh-comment-id:2780962794 --> @gilbrotheraway commented on GitHub (Apr 5, 2025): > It is necessary to open ports on the server/network running the server side (Pangolin, Traefik, Gerbil). It is not necesary to open ports on the server/network running Newt (site connector) because everything is sent over the tunnel. If you can't open ports, the ideal setup is to deploy Pangolin server components to a VPS with a public IP, and then install Newt on the closed network. Hope that helps! oh boy! so if I'm using * certs and dns challenge i need to open port 443?
GiteaMirror commented 2026-05-06 13:22:26 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Apr 5, 2025):

Yes, with wildcards, you still need TCP 443 open. You will also need UDP 51820 open for WireGuard traffic if you plan to use tunnels.

<!-- gh-comment-id:2781090586 --> @miloschwartz commented on GitHub (Apr 5, 2025): Yes, with wildcards, you still need TCP 443 open. You will also need UDP 51820 open for WireGuard traffic if you plan to use tunnels.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#10226
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?