[GH-ISSUE #820] Define internaly DNS #16631

New Issue

Closed

opened 2026-05-18 16:44:21 -05:00 by GiteaMirror · 4 comments

GiteaMirror commented 2026-05-18 16:44:21 -05:00

Owner

Copy Link

Originally created by @markusglaetzner on GitHub (Jun 1, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/820

I have pangolin installed on a VPS. In my homelab I use Cosmos-Server as reverse proxy and docker-management. With Cosmos Server I have the advantage that I do not have to publish ports of my Docker applications (like treafik does). This means that in the homelab, I only can access my applications via the HTTPS domain defined in Cosmos Server (i.e., instead of "http://application:port" only "https://application.mydomain.org"). When I define access rules in pangolin in order to reach this "internal" service and use domain-names instead of ip-addresses and ports, pangolin tries to resolve this domain directly and gives me an error because this domain is not publicly accessible. The solution would be if I could specify internal DNS servers per service in pangolin.

Originally created by @markusglaetzner on GitHub (Jun 1, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/820 I have pangolin installed on a VPS. In my homelab I use Cosmos-Server as reverse proxy and docker-management. With Cosmos Server I have the advantage that I do not have to publish ports of my Docker applications (like treafik does). This means that in the homelab, I only can access my applications via the HTTPS domain defined in Cosmos Server (i.e., instead of "http://application:port" only "https://application.mydomain.org"). When I define access rules in pangolin in order to reach this "internal" service and use domain-names instead of ip-addresses and ports, pangolin tries to resolve this domain directly and gives me an error because this domain is not publicly accessible. The solution would be if I could specify internal DNS servers per service in pangolin.

GiteaMirror added the stale label 2026-05-18 16:44:21 -05:00

GiteaMirror closed this issue 2026-05-18 16:44:22 -05:00

GiteaMirror commented 2026-05-18 16:44:24 -05:00

Author

Owner

Copy Link

@markusglaetzner commented on GitHub (Jun 1, 2025):

IT seems a Cosmos-server problem. I get the error "Bad Request: Invalid hostname. Use your domain instead of your IP to access your server. Check logs if more details are needed.". When I expose the port and use this in pangolin, it works just fine. So my Cosmos-Server recognizes, that there is a request with a different route, so this request is blocked - this behavior is fine, too. Maybe I have to add some entries in "Custom Host Header" in pangolin?

<!-- gh-comment-id:2927625028 --> @markusglaetzner commented on GitHub (Jun 1, 2025): IT seems a Cosmos-server problem. I get the error "Bad Request: Invalid hostname. Use your domain instead of your IP to access your server. Check logs if more details are needed.". When I expose the port and use this in pangolin, it works just fine. So my Cosmos-Server recognizes, that there is a request with a different route, so this request is blocked - this behavior is fine, too. Maybe I have to add some entries in "Custom Host Header" in pangolin?

GiteaMirror commented 2026-05-18 16:44:25 -05:00

Author

Owner

Copy Link

@pterabyte-dev commented on GitHub (Jun 3, 2025):

Not familiar with Cosmos-Server, but as you said Pangolin will try to resolve this using the DNS servers configured on the host (8.8.8.8,1.1.1.1, etc). You could potentially try create static host entries in your resolv.conf file pointing to the docker network IP of you Cosmos-Server instance that is reachable from newt. Frankly I think the best thing to do is to just attach each container, including the newt container, to an internal docker network, and access them via the internal docker host name and port. If your concerned about the containers talking to each other you could disable icc and setup IP tables to allow the containers to only talk to newt.

<!-- gh-comment-id:2937716641 --> @pterabyte-dev commented on GitHub (Jun 3, 2025): Not familiar with Cosmos-Server, but as you said Pangolin will try to resolve this using the DNS servers configured on the host (8.8.8.8,1.1.1.1, etc). You could potentially try create static host entries in your resolv.conf file pointing to the docker network IP of you Cosmos-Server instance that is reachable from newt. Frankly I think the best thing to do is to just attach each container, including the newt container, to an internal docker network, and access them via the internal docker host name and port. If your concerned about the containers talking to each other you could disable icc and setup IP tables to allow the containers to only talk to newt.

GiteaMirror commented 2026-05-18 16:44:26 -05:00

Author

Owner

Copy Link

@kalikid021 commented on GitHub (Jun 5, 2025):

If your newt container on the local network is using --network=host it should use the host network details (ie DNS server advertised by your network/router), as @pterabyte-dev also states, you can try to configure domains in your hosts file, resolv.conf, or attach the newt container to your docker network that Cosmos is using.

<!-- gh-comment-id:2945472736 --> @kalikid021 commented on GitHub (Jun 5, 2025): If your newt container on the local network is using --network=host it should use the host network details (ie DNS server advertised by your network/router), as @pterabyte-dev also states, you can try to configure domains in your hosts file, resolv.conf, or attach the newt container to your docker network that Cosmos is using.

GiteaMirror commented 2026-05-18 16:44:27 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (Jun 20, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2989472919 --> @github-actions[bot] commented on GitHub (Jun 20, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-94425a55d0

dependabot/npm_and_yarn/dev-minor-updates-4aaf4dbce4

dependabot/go_modules/install/minor-updates-a249525a56

crowdin_dev

auto-update

dev

fix-site-delete

fix-3104

exit-node-reconnect

fix-logoUrl

button-to-rebuild-association

rdp-ssh

dependabot/npm_and_yarn/brace-expansion-5.0.6

copilot/fix-documentation-input-output-types

dependabot/github_actions/sigstore/cosign-installer-4.1.2

redis

resource-policies

dependabot/npm_and_yarn/next-15.5.18

dependabot/npm_and_yarn/fast-uri-3.1.2

s3

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

dependabot/npm_and_yarn/next-intl-4.9.2

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

breakout-sites-tables

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.4

1.18.3

1.18.2

1.18.1

1.18.0

1.18.0-rc.0

1.17.1

1.17.0

1.17.0-rc.0

1.16.2

1.16.1

1.16.0

1.16.0-rc.0

1.15.4

1.15.3

1.15.2

1.15.1

1.15.0

1.15.0-rc.0

1.14.1

1.14.0

1.14.0-rc.0

1.13.1

1.13.0

1.13.0-rc.0

1.12.3

1.12.2

1.12.1

1.12.0

1.12.0-rc.0

1.11.1

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#16631