github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-06 20:59:07 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #340] [HELP] Unable to Access Exposed Resources via Pangolin (Getting 404) #1400

New Issue
Closed
opened 2026-04-16 08:02:39 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-16 08:02:39 -05:00
Owner
Copy Link

Originally created by @KamilKleina on GitHub (Mar 15, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/340

Description

I could use some help in exposing resources from another server using Pangolin.

My Setup

I have multiple machines on my local network running various services that I want to expose using Pangolin.

  • Installed LXC on my Proxmox server, which has access to all of these services.
  • Inside the LXC, I installed Docker and set up Newt.
  • The Newt instance is online and visible on my Pangolin server.
  • Pangolin is hosted on a VPS outside my local network.

What I Did

  • I attempted to expose an HTTPS resource.
  • I specified a URL that is accessible from within the LXC.
  • However, when I visit the URL provided by Pangolin, I only see a 404 error.

My Network Setup (Simplified)

  1. Local Network Setup:

    • Router with local DNS that resolves *.machine-01.home.domain.com to the IP of machine-01.
    • machine-01 runs Docker containers (e.g., Traefik-managed services):
      • Example: hello-world.machine-01.home.domain.com

  2. Proxmox Setup:

    • Proxmox (machine-02) has an LXC that can access hello-world.machine-01.home.domain.com without issues.
    • Newt is running in Docker inside the LXC on Proxmox.

  3. Pangolin Setup:

    • Pangolin is running on VPS (pangolin.remote-01.not-home.domain.com).

The Issue

I added the resource via Pangolin, expecting to access:

https://hello-world.remote-01.not-home.domain.com

However, I only get a 404 error.

Debugging Attempts

  • Checked Traefik logs and Pangolin logs but did not find anything helpful.

Question

How can I properly debug this issue?
What could I be doing wrong in my setup?

Any help would be greatly appreciated!

Originally created by @KamilKleina on GitHub (Mar 15, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/340 ## Description I could use some help in exposing resources from another server using Pangolin. ### My Setup I have multiple machines on my local network running various services that I want to expose using Pangolin. - Installed **LXC** on my **Proxmox** server, which has access to all of these services. - Inside the LXC, I installed **Docker** and set up **Newt**. - The **Newt instance is online and visible on my Pangolin server**. - **Pangolin is hosted on a VPS outside my local network**. ### What I Did - I attempted to expose an HTTPS resource. - I specified a **URL that is accessible from within the LXC**. - However, when I visit the **URL provided by Pangolin**, I only see a **404 error**. ### My Network Setup (Simplified) 1. **Local Network Setup:** - **Router with local DNS** that resolves `*.machine-01.home.domain.com` to the IP of `machine-01`. - `machine-01` runs Docker containers (e.g., **Traefik-managed services**): - Example: `hello-world.machine-01.home.domain.com` 2. **Proxmox Setup:** - **Proxmox (machine-02) has an LXC** that **can access `hello-world.machine-01.home.domain.com`** without issues. - **Newt is running in Docker inside the LXC on Proxmox**. 3. **Pangolin Setup:** - **Pangolin is running on VPS** (`pangolin.remote-01.not-home.domain.com`). ### The Issue I added the resource via Pangolin, expecting to access: ``` https://hello-world.remote-01.not-home.domain.com ``` However, I only get a **404 error**. ### Debugging Attempts - Checked **Traefik logs** and **Pangolin logs** but did not find anything helpful. ### Question How can I properly debug this issue? What could I be doing wrong in my setup? Any help would be greatly appreciated!
GiteaMirror commented 2026-04-16 08:02:40 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Mar 16, 2025):

This is typically caused by traefik not matching the host header you are visiting it with. Do you have CF or anything in front of traefik?

If not confirm that your resources match the domain you are trying to visit them with.

Otherwise I would say you could edit the docker compose file to expose traefik port 8080 to see its dashboard and make sure that the routers are there and match the domain you are trying to visit.

If all of that looks good report back with the logs and we can dive deeper.

<!-- gh-comment-id:2727512970 --> @oschwartz10612 commented on GitHub (Mar 16, 2025): This is typically caused by traefik not matching the host header you are visiting it with. Do you have CF or anything in front of traefik? If not confirm that your resources match the domain you are trying to visit them with. Otherwise I would say you could edit the docker compose file to expose traefik port 8080 to see its dashboard and make sure that the routers are there and match the domain you are trying to visit. If all of that looks good report back with the logs and we can dive deeper.
GiteaMirror commented 2026-04-16 08:02:41 -05:00
Author
Owner
Copy Link

@LeonvanHeerden commented on GitHub (Mar 16, 2025):

I had a similar issue and I found that I added the Resource for the HTTPS address, to the incorrect Site. It has to be the NEWT Site that will be handling the connection. In your case the one on the LCX/Docker/Proxmox.

I also had Rules enabled that didn't allow me to connection. Then I got an unauthorized connection. I turned off the rules to get it to work.
Still need to figure out how to add the rules to allow only my Ip ranges where I am connecting from, I think I had to add the external IP to get it to work, but that is not a viable solution for production. I should probably be using a NEWT or Wireguard connection as my source.

<!-- gh-comment-id:2727626101 --> @LeonvanHeerden commented on GitHub (Mar 16, 2025): I had a similar issue and I found that I added the Resource for the HTTPS address, to the incorrect Site. It has to be the NEWT Site that will be handling the connection. In your case the one on the LCX/Docker/Proxmox. I also had Rules enabled that didn't allow me to connection. Then I got an unauthorized connection. I turned off the rules to get it to work. Still need to figure out how to add the rules to allow only my Ip ranges where I am connecting from, I think I had to add the external IP to get it to work, but that is not a viable solution for production. I should probably be using a NEWT or Wireguard connection as my source.
GiteaMirror commented 2026-04-16 08:02:41 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Mar 17, 2025):

@LeonvanHeerden We kicked around the idea of having Newt act as a DDNS agent and update the rule. I like this idea, but not sure where it fits in the development timeline right now.

<!-- gh-comment-id:2728068223 --> @miloschwartz commented on GitHub (Mar 17, 2025): @LeonvanHeerden We kicked around the idea of having Newt act as a DDNS agent and update the rule. I like this idea, but not sure where it fits in the development timeline right now.
GiteaMirror commented 2026-04-16 08:02:42 -05:00
Author
Owner
Copy Link

@exhils commented on GitHub (Mar 30, 2025):

I also found the same problem. But I have a different story. I have my own hardware. I have a static ip address. Virtualization is on the hardware. There are a couple of sites running on one ubuntu, and pangolin is on the other ubuntu. There is a router in front of the hardware. I have completed port forwarding. On a virtual machine where apache used a proxy to transfer 80 and 443 via the internal locale, forwarding works. But it gives out a 404. I tried to log in to the local network through windows by writing the address in the Hosts, everything worked, but it shouldn't be like that, how do I get it from outside?

<!-- gh-comment-id:2764730138 --> @exhils commented on GitHub (Mar 30, 2025): I also found the same problem. But I have a different story. I have my own hardware. I have a static ip address. Virtualization is on the hardware. There are a couple of sites running on one ubuntu, and pangolin is on the other ubuntu. There is a router in front of the hardware. I have completed port forwarding. On a virtual machine where apache used a proxy to transfer 80 and 443 via the internal locale, forwarding works. But it gives out a 404. I tried to log in to the local network through windows by writing the address in the Hosts, everything worked, but it shouldn't be like that, how do I get it from outside?
GiteaMirror commented 2026-04-16 08:02:42 -05:00
Author
Owner
Copy Link

@exhils commented on GitHub (Mar 30, 2025):

So I suffered for 6 hours, complained and the problem was solved.

In Traefik, I changed my domain to a local ip and everything worked. I'll keep looking for problems)

<!-- gh-comment-id:2764733291 --> @exhils commented on GitHub (Mar 30, 2025): So I suffered for 6 hours, complained and the problem was solved. In Traefik, I changed my domain to a local ip and everything worked. I'll keep looking for problems)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1400
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?