mirror of
https://github.com/fosrl/pangolin.git
synced 2026-05-22 17:43:04 -05:00
[GH-ISSUE #139] Support Secondary Reverse Proxy #1305
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/pangolin#1305
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @oschwartz10612 on GitHub (Feb 1, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/139
Originally assigned to: @oschwartz10612, @miloschwartz on GitHub.
@miloschwartz commented on GitHub (Feb 2, 2025):
Point a Pangolin resource to another reverse proxy running on the same network as Newt
@the-potato-church commented on GitHub (Apr 26, 2025):
Any ideas why this isn't currently possible? 🙏🏼
Edit: Is it becasue Newt doesn't currently support DNS lookup? (at least I am having trouble pointing it to my local DNS server (I have verified that
/bin/sh nslookup <internal domain>from within the container returns the correct IP)@miloschwartz commented on GitHub (Apr 28, 2025):
@the-potato-church This is on the back burner for now. We need to find a way to fit it into the dev cycle. If anyone has experience and wants to tackle this in a PR, we'd be very grateful.
@the-potato-church commented on GitHub (Apr 29, 2025):
@miloschwartz Do you have any pointers as to the root cause? Happy to attempt working on it myself. 🙏🏼
@oschwartz10612 commented on GitHub (Apr 29, 2025):
@the-potato-church I started looking into it on this branch which is outdated now. I think the issue was something Traefik related but I honestly do not remember what it was. Feel free to give it a shot if you would like!
@dguihal commented on GitHub (May 8, 2025):
Weird .... In fact it does .... I mean I managed to do this
Traefik -> Gerbil -> Newt (hosted on kube) -> Traefik (hosted on kube) -> Service (hosted on kube)
The point is that I had to create a dedicated ingress on the traefik on kube as the initial hostname is preserved all along, The hostname override should solve this, but for some reason I am unable to make it work.
I only had to point to the traefik service name as target for pangolin service.
@ryanehamil commented on GitHub (Jul 31, 2025):
I had run into a similar issue when layering two traefiks. There may be multiple solutions but mine involved using proxypass. This might get more difficult if there are two points of tls decryption.
Mine was just using the first traefik as an SNI relay with no TLS termination. Then the second layer was the TLS endpoint. I'll take a peek at that branch and see if it might be related.
@clemone210 commented on GitHub (Sep 4, 2025):
In my setup I use Pocket-ID -> pangolin (+ geoblock) -> gerbil -> newt -> oauth2proxy -> service
This works straight out of the box. Newt and oauth2-proxy are on the same subnet in my case.
@OddMagnet commented on GitHub (Sep 6, 2025):
Would love to see this as well.
I tried using https://github.com/AndrewPaglusch/Traefik-to-Pangolin-Sync, but even after getting it to connect it seems there is some difference between what it sends and what the API expects (and I don't quite have enough time to figure that out and create a PR :( )
@miloschwartz commented on GitHub (Sep 27, 2025):
Moving this to discussions.