[GH-ISSUE #602] How to install on VPS with already installed swag server #3467

New Issue

Closed

opened 2026-04-20 07:25:26 -05:00 by GiteaMirror · 10 comments

GiteaMirror commented 2026-04-20 07:25:26 -05:00

Owner

Copy Link

Originally created by @Barry40 on GitHub (Apr 25, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/602

Hi,

i cannot get this to work :-(
On my vps i have a swag docker already running, serving many websites with working letscrypt certs.
When using the 'normal' setup of Pangolin, it gives me the port in use error and doesnt start at all,
so i changed the (host) ports to 84:80 / 446:443 for example,
but now the browser serves me "404 page not found" on port 84 and a "502 bad gateway" on https port 446..

What to do?
Cant wait to play with Pangolin!

Thanks a lot!

Originally created by @Barry40 on GitHub (Apr 25, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/602 Hi, i cannot get this to work :-( On my vps i have a swag docker already running, serving many websites with working letscrypt certs. When using the 'normal' setup of Pangolin, it gives me the port in use error and doesnt start at all, so i changed the (host) ports to 84:80 / 446:443 for example, but now the browser serves me "404 page not found" on port 84 and a "502 bad gateway" on https port 446.. What to do? Cant wait to play with Pangolin! Thanks a lot!

GiteaMirror added the stale label 2026-04-20 07:25:26 -05:00

GiteaMirror closed this issue 2026-04-20 07:25:27 -05:00

GiteaMirror commented 2026-04-20 07:25:28 -05:00

Author

Owner

Copy Link

@chris-coria commented on GitHub (Apr 25, 2025):

You need to edit Traefik dynamic conf and add router / service there. You cannot add it in pangolin as that resources are for isolated networks you would like to connect via wireguard or newt. So if your websites are in the actual VPS you would like to install Pangolin, then you need to edit Traefik to add manually the routers, middlewares and services.

<!-- gh-comment-id:2831157319 --> @chris-coria commented on GitHub (Apr 25, 2025): You need to edit Traefik dynamic conf and add router / service there. You cannot add it in pangolin as that resources are for isolated networks you would like to connect via wireguard or newt. So if your websites are in the actual VPS you would like to install Pangolin, then you need to edit Traefik to add manually the routers, middlewares and services.

GiteaMirror commented 2026-04-20 07:25:28 -05:00

Author

Owner

Copy Link

@Barry40 commented on GitHub (Apr 25, 2025):

Okay, will try that.. Thanks for the fast response so far!

Btw, to what i have to change the router/middlewares and services then?

<!-- gh-comment-id:2831185755 --> @Barry40 commented on GitHub (Apr 25, 2025): Okay, will try that.. Thanks for the fast response so far! Btw, to what i have to change the router/middlewares and services then?

GiteaMirror commented 2026-04-20 07:25:29 -05:00

Author

Owner

Copy Link

@Barry40 commented on GitHub (Apr 25, 2025):

I started over again, by zero, and that's giving me:

Error response from daemon:
failed to set up container networking:
driver failed programming external connectivity on endpoint gerbil (38xx):
failed to bind host port for 0.0.0.0:80:172.22.0.3:80/tcp: address already in use

how can i change these port(s) 80 and 443, and alse use the letscrypt wildcard cert that i already have (from swag instance)?

<!-- gh-comment-id:2831194939 --> @Barry40 commented on GitHub (Apr 25, 2025): I started over again, by zero, and that's giving me: Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint gerbil (38xx): failed to bind host port for 0.0.0.0:80:172.22.0.3:80/tcp: address already in use how can i change these port(s) 80 and 443, and alse use the letscrypt wildcard cert that i already have (from swag instance)?

GiteaMirror commented 2026-04-20 07:25:30 -05:00

Author

Owner

Copy Link

@akehir commented on GitHub (Apr 25, 2025):

You need to also change the ports in the docker-compose.yml file. However, a lot of pangolin probably won't work without port 80 / 443 (for instance generating letsencrypt certificates via the http method).

The easiest way just to play with it in your scenario is probably to stop the swag container while you use pangolin.

If you're already hosting the websites on the VPS itself, you don't really need pangolin at all (or alternatively, you should move swag to a different port and route from pangolin to swag).

<!-- gh-comment-id:2831567276 --> @akehir commented on GitHub (Apr 25, 2025): You need to also change the ports in the `docker-compose.yml` file. However, a lot of pangolin probably won't work without port 80 / 443 (for instance generating letsencrypt certificates via the http method). The easiest way just to play with it in your scenario is probably to stop the swag container while you use pangolin. If you're already hosting the websites on the VPS itself, you don't really need pangolin at all (or alternatively, you should move swag to a different port and route from pangolin to swag).

GiteaMirror commented 2026-04-20 07:25:31 -05:00

Author

Owner

Copy Link

@TuncTaylan commented on GitHub (Apr 28, 2025):

Take a look at the network requirements.
Pangolin needs TCP80, TCP443 and UDP 52820 to run.

<!-- gh-comment-id:2834848959 --> @TuncTaylan commented on GitHub (Apr 28, 2025): Take a look at the [network requirements](https://docs.fossorial.io/Getting%20Started/dns-networking). Pangolin needs TCP80, TCP443 and UDP 52820 to run.

GiteaMirror commented 2026-04-20 07:25:32 -05:00

Author

Owner

Copy Link

@Barry40 commented on GitHub (Apr 28, 2025):

Thanks for answering, but there is no way to stop Swag.
It has a lot of other services depended on Swag.
Unifi Network, Omada Network, Portainer, Mailserver, Websites, etc so i really need Swag to use all services (with its own domains and certs).
Is there a possible way to NOT use the certs, or use my own certs, and change the ports?
Whatever i do, it keeps saying 502 bad gateway on https, and 80 not found..
I can deploy the swag instance really simple with the cert for vpn.myserver.com as example, and then use this cert in pangolin.
But even then, its still not working after changing the ports?

<!-- gh-comment-id:2835001278 --> @Barry40 commented on GitHub (Apr 28, 2025): Thanks for answering, but there is no way to stop Swag. It has a lot of other services depended on Swag. Unifi Network, Omada Network, Portainer, Mailserver, Websites, etc so i really need Swag to use all services (with its own domains and certs). Is there a possible way to NOT use the certs, or use my own certs, and change the ports? Whatever i do, it keeps saying 502 bad gateway on https, and 80 not found.. I can deploy the swag instance really simple with the cert for vpn.myserver.com as example, and then use this cert in pangolin. But even then, its still not working after changing the ports?

GiteaMirror commented 2026-04-20 07:25:33 -05:00

Author

Owner

Copy Link

@akehir commented on GitHub (Apr 28, 2025):

Yeah, but for your use case, having both Swag and Pangolin is contradictory. They're both reverse proxies mapping domains and certs to services.

In your use case you'd probably want to replace Swag with Pangolin completely. Because even if you manage to install Pangolin with different ports, all your sites would still be accessible without authentication via Swag on their normal (current) ports.

If you don't want to use the http01 challenge on Pangolin you could probably change the setup to use the dns challenge - but your fundamental problems wont be solved by this.

<!-- gh-comment-id:2836887883 --> @akehir commented on GitHub (Apr 28, 2025): Yeah, but for your use case, having both Swag and Pangolin is contradictory. They're both reverse proxies mapping domains and certs to services. In your use case you'd probably want to replace Swag with Pangolin completely. Because even if you manage to install Pangolin with different ports, all your sites would still be accessible without authentication via Swag on their normal (current) ports. If you don't want to use the http01 challenge on Pangolin you could probably change the setup to use the dns challenge - but your fundamental problems wont be solved by this.

GiteaMirror commented 2026-04-20 07:25:33 -05:00

Author

Owner

Copy Link

@Barry40 commented on GitHub (Apr 30, 2025):

Okay, thanks..

<!-- gh-comment-id:2842806907 --> @Barry40 commented on GitHub (Apr 30, 2025): Okay, thanks..

GiteaMirror commented 2026-04-20 07:25:34 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (May 15, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2881886404 --> @github-actions[bot] commented on GitHub (May 15, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

GiteaMirror commented 2026-04-20 07:25:34 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (May 29, 2025):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

<!-- gh-comment-id:2917902931 --> @github-actions[bot] commented on GitHub (May 29, 2025): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-94425a55d0

dependabot/npm_and_yarn/dev-minor-updates-4aaf4dbce4

dependabot/go_modules/install/minor-updates-a249525a56

fix-3104

dev

exit-node-reconnect

fix-logoUrl

button-to-rebuild-association

crowdin_dev

rdp-ssh

dependabot/npm_and_yarn/brace-expansion-5.0.6

copilot/fix-documentation-input-output-types

dependabot/github_actions/sigstore/cosign-installer-4.1.2

redis

resource-policies

dependabot/npm_and_yarn/next-15.5.18

dependabot/npm_and_yarn/fast-uri-3.1.2

s3

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

dependabot/npm_and_yarn/next-intl-4.9.2

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

breakout-sites-tables

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.4

1.18.3

1.18.2

1.18.1

1.18.0

1.18.0-rc.0

1.17.1

1.17.0

1.17.0-rc.0

1.16.2

1.16.1

1.16.0

1.16.0-rc.0

1.15.4

1.15.3

1.15.2

1.15.1

1.15.0

1.15.0-rc.0

1.14.1

1.14.0

1.14.0-rc.0

1.13.1

1.13.0

1.13.0-rc.0

1.12.3

1.12.2

1.12.1

1.12.0

1.12.0-rc.0

1.11.1

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#3467