github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-20 08:51:16 -05:00
Code Issues 856 Packages Projects Releases 74 Wiki Activity

[GH-ISSUE #1221] Can you run Gerbil on a different machine than Pangolin? #1816

New Issue
Closed
opened 2026-04-16 08:40:12 -05:00 by GiteaMirror · 4 comments
GiteaMirror commented 2026-04-16 08:40:12 -05:00
Owner
Copy Link

Originally created by @SigmaSquadron on GitHub (Aug 5, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1221

Like #1220, this question also came up when developing the NixOS module for Pangolin.

Gerbil has some configuration options that imply it can be accessed remotely, such as --reacheableAt and gerbil.base_endpoint, which might mean you can have a self-hosted Pangolin running on a separate environment to Gerbil. (or multiple Gerbils?)

If that is the case, what parts of Traefik, if any, need to run on the machine that is running Gerbil? Could the docs be expanded to account for this configuration?

Originally created by @SigmaSquadron on GitHub (Aug 5, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1221 Like #1220, this question also came up when developing the NixOS module for Pangolin. Gerbil has some configuration options that imply it can be accessed remotely, such as `--reacheableAt` and `gerbil.base_endpoint`, which might mean you can have a self-hosted Pangolin running on a separate environment to Gerbil. (or multiple Gerbils?) If that is the case, what parts of Traefik, if any, need to run on the machine that is running Gerbil? Could the docs be expanded to account for this configuration?
GiteaMirror commented 2026-04-16 08:40:13 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Aug 6, 2025):

Hi! Yes you can! Not really multiple gerbils right now. You would need
to do two things: edit the gerbil config in the docker file to have the
reachable at and pangolin endpoints reach the remote pangolin env.
Essentially pangolin and gerbil need to reach each other and this is the
section you put that in.

You still need to run traefik in gerbil because thats the http entry
point into the network. So the change you would need for this is to edit
the traefik config and change the http provider to the remote pangolin
address.

With both of those you should be able to run them separately. Your entry
point for both gerbil and the domain should be pointing to the traefik
gerbil combo and you will access the api separately.

On 8/5/25 16:27, Fernando Rodrigues wrote:

SigmaSquadron created an issue (fosrl/pangolin#1221) <https://
github.com/fosrl/pangolin/issues/1221>

Like #1220 https://github.com/fosrl/pangolin/issues/1220, this
question also came up when developing the NixOS module for Pangolin.

Gerbil has some configuration options that imply it can be accessed
remotely, such as |--reacheableAt| and |gerbil.base_endpoint|, which
might mean you can have a self-hosted Pangolin running on a separate
environment to Gerbil. (or multiple Gerbils?)

If that is the case, what parts of Traefik, if any, need to run on the
machine that is running Gerbil? Could the docs be expanded to account
for this configuration?


Reply to this email directly, view it on GitHub <https://github.com/
fosrl/pangolin/issues/1221>, or unsubscribe <https://github.com/
notifications/unsubscribe-auth/
ABGEUGA4FTRO6D3Y3WVVY6T3ME4XBAVCNFSM6AAAAACDGK7O32VHI2DSMVQWIX3LMV43ASLTON2WKOZTGI4TINZQGEYTCNI>.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

<!-- gh-comment-id:3160938081 --> @oschwartz10612 commented on GitHub (Aug 6, 2025): Hi! Yes you can! Not really multiple gerbils right now. You would need to do two things: edit the gerbil config in the docker file to have the reachable at and pangolin endpoints reach the remote pangolin env. Essentially pangolin and gerbil need to reach each other and this is the section you put that in. You still need to run traefik in gerbil because thats the http entry point into the network. So the change you would need for this is to edit the traefik config and change the http provider to the remote pangolin address. With both of those you should be able to run them separately. Your entry point for both gerbil and the domain should be pointing to the traefik gerbil combo and you will access the api separately. On 8/5/25 16:27, Fernando Rodrigues wrote: > *SigmaSquadron* created an issue (fosrl/pangolin#1221) <https:// > github.com/fosrl/pangolin/issues/1221> > > Like #1220 <https://github.com/fosrl/pangolin/issues/1220>, this > question also came up when developing the NixOS module for Pangolin. > > Gerbil has some configuration options that imply it can be accessed > remotely, such as |--reacheableAt| and |gerbil.base_endpoint|, which > might mean you can have a self-hosted Pangolin running on a separate > environment to Gerbil. (or multiple Gerbils?) > > If that is the case, what parts of Traefik, if any, need to run on the > machine that is running Gerbil? Could the docs be expanded to account > for this configuration? > > — > Reply to this email directly, view it on GitHub <https://github.com/ > fosrl/pangolin/issues/1221>, or unsubscribe <https://github.com/ > notifications/unsubscribe-auth/ > ABGEUGA4FTRO6D3Y3WVVY6T3ME4XBAVCNFSM6AAAAACDGK7O32VHI2DSMVQWIX3LMV43ASLTON2WKOZTGI4TINZQGEYTCNI>. > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >
GiteaMirror commented 2026-04-16 08:40:13 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 7, 2025):

You still need to run traefik in gerbil because thats the http entry
point into the network. So the change you would need for this is to edit
the traefik config and change the http provider to the remote pangolin
address.

Okay, so if you have Machine A running Gerbil at 198.51.100.1, and Machine B running Pangolin at pangolin.example.com, you'd set the --reacheableAt to https://198.51.100.1:PORT, and --remoteConfig to https://pangolin.example.com/api/v1/gerbil/get-config, assuming Pangolin's API is publicly routable. Pangolin can then have gerbil.base_domain set to 198.51.100.1, right?

This means that Traefik in Machine B (pangolin) only needs the configuration to expose the dashboard: (and more configuration to publicly expose the API)

rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)"
  service: next-service
  entryPoints:
    - websecure
  tls:
    certResolver: letsencrypt

And Traefik in Machine A (gerbil) can have this set: (Machine B will not have this)

providers:
  http:
    endpoint: "http://pangolin.example.com:3001/api/v1/traefik-config"
    pollInterval: "5s"

My question is mostly about how should I configure Traefik on either machine, and if the snippets above are correct. To be clear, this configuration is completely insane and I'm impressed that it's even supported at all. I don't plan to run it, but I do need to make it available in the NixOS module @jackrosenberg is designing for other users to configure.

<!-- gh-comment-id:3162592624 --> @SigmaSquadron commented on GitHub (Aug 7, 2025): > You still need to run traefik in gerbil because thats the http entry point into the network. So the change you would need for this is to edit the traefik config and change the http provider to the remote pangolin address. Okay, so if you have `Machine A` running Gerbil at `198.51.100.1`, and `Machine B` running Pangolin at `pangolin.example.com`, you'd set the `--reacheableAt` to `https://198.51.100.1:PORT`, and `--remoteConfig` to `https://pangolin.example.com/api/v1/gerbil/get-config`, assuming Pangolin's API is publicly routable. Pangolin can then have `gerbil.base_domain` set to `198.51.100.1`, right? This means that Traefik in `Machine B` (pangolin) only needs the configuration to expose the dashboard: (and more configuration to publicly expose the API) ```yaml rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" service: next-service entryPoints: - websecure tls: certResolver: letsencrypt ``` And Traefik in `Machine A` (gerbil) can have this set: (`Machine B` will not have this) ```yaml providers: http: endpoint: "http://pangolin.example.com:3001/api/v1/traefik-config" pollInterval: "5s" ``` My question is mostly about how should I configure Traefik on either machine, and if the snippets above are correct. To be clear, this configuration is completely insane and I'm impressed that it's even supported at all. I don't plan to run it, but I do need to make it available in the NixOS module @jackrosenberg is designing for other users to configure.
GiteaMirror commented 2026-04-16 08:40:14 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Aug 7, 2025):

Exactly!

<!-- gh-comment-id:3166111582 --> @oschwartz10612 commented on GitHub (Aug 7, 2025): Exactly!
GiteaMirror commented 2026-04-16 08:40:14 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 8, 2025):

Awesome! I'll get to work then.

<!-- gh-comment-id:3166621628 --> @SigmaSquadron commented on GitHub (Aug 8, 2025): Awesome! I'll get to work then.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1816
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?