[GH-ISSUE #1938] Invalid license key error #6843

New Issue

Closed

opened 2026-04-25 15:47:36 -05:00 by GiteaMirror · 8 comments

GiteaMirror commented 2026-04-25 15:47:36 -05:00

Owner

Copy Link

Originally created by @kmanwar89 on GitHub (Nov 29, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1938

Describe the Bug

Per guidance under https://github.com/orgs/fosrl/discussions/1894#discussioncomment-15018258, I requested a license key from Pangolin's website and applied it to my self-hosted instance.

However, upon doing so, I'm now seeing the following error at the bottom of the login page:

When I check the license keys, it says they've been rechecked, and shows as not valid, but doesn't provide a reason why it isn't valid - it has a 10 year expiry, so what exactly is happening? Why was the license key allowed to be added if it was invalid from the beginning?

If I check the license key on pangolin.net, it shows as valid - judging by the last few characters, it appears to be the identical key, which would make sense as I copied/pasted it directly.

Deleting, and re-adding, the license key yields a "failed to fetch" error:

Pangolin is hosted on a VPS on RackNerd, so there shouldn't be restrictions on WAN access. If a specific firewall rule needs to be allowed, please let me know but I don't think I have anything restrictive setup as it stands today.

Environment

• OS Type & Version: (e.g., Ubuntu 22.04): Ubuntu Server 24.04 LTS
• Pangolin Version: Enterprise v1.12.2
• Gerbil Version: N/A
• Traefik Version:
• Newt Version:
• Olm Version: (if applicable)

(I'm not certain how to retrieve the above versions)

To Reproduce

1. Request a license key
2. Apply it to self hosted instance
3. Observe screenshotted error message

(I think these are the steps. It's not clear to me since I didn't start seeing the messages until a few days after applying the license to my server)

Expected Behavior

No error should be presented if the license key is valid, OR the license key should perform a check before applying, with a verbose error as to why it is invalid, and what steps the user should take to remediate it.

Originally created by @kmanwar89 on GitHub (Nov 29, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1938 ### Describe the Bug Per guidance under https://github.com/orgs/fosrl/discussions/1894#discussioncomment-15018258, I requested a license key from Pangolin's website and applied it to my self-hosted instance. However, upon doing so, I'm now seeing the following error at the bottom of the login page: <img width="751" height="90" alt="Image" src="https://github.com/user-attachments/assets/a57f9f35-4aba-49f4-aad9-429d0a6edda1" /> When I check the license keys, it says they've been rechecked, and shows as not valid, but doesn't provide a reason *why* it isn't valid - it has a 10 year expiry, so what exactly is happening? Why was the license key allowed to be added if it was invalid from the beginning? <img width="1585" height="809" alt="Image" src="https://github.com/user-attachments/assets/57d3be34-cbfa-4517-8b18-e1bb852613e0" /> If I check the `license` key on pangolin.net, it shows as valid - judging by the last few characters, it *appears* to be the identical key, which would make sense as I copied/pasted it directly. <img width="1592" height="297" alt="Image" src="https://github.com/user-attachments/assets/d5a57d51-43b4-4a0b-bf91-5c1ab988357d" /> Deleting, and re-adding, the license key yields a "failed to fetch" error: <img width="527" height="158" alt="Image" src="https://github.com/user-attachments/assets/606182ae-4f91-4b00-a0a2-2083d0e67017" /> Pangolin is hosted on a VPS on RackNerd, so there shouldn't be restrictions on WAN access. If a specific firewall rule needs to be allowed, please let me know but I don't think I have anything restrictive setup as it stands today. ### Environment - OS Type & Version: (e.g., Ubuntu 22.04): Ubuntu Server 24.04 LTS - Pangolin Version: Enterprise v1.12.2 - Gerbil Version: N/A - Traefik Version: - Newt Version: - Olm Version: (if applicable) (I'm not certain how to retrieve the above versions) ### To Reproduce 1. Request a license key 2. Apply it to self hosted instance 3. Observe screenshotted error message (I *think* these are the steps. It's not clear to me since I didn't start seeing the messages until a few days after applying the license to my server) ### Expected Behavior No error should be presented if the license key is valid, OR the license key should perform a check before applying, with a verbose error as to why it is invalid, and what steps the user should take to remediate it.

GiteaMirror closed this issue 2026-04-25 15:47:36 -05:00

GiteaMirror commented 2026-04-25 15:47:37 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Nov 29, 2025):

Hum we have seen this a couple of times. Are you able to curl https://api.fossorial.io/api/healthcheck from inside of the pangolin container? docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck?

<!-- gh-comment-id:3591759074 --> @oschwartz10612 commented on GitHub (Nov 29, 2025): Hum we have seen this a couple of times. Are you able to curl https://api.fossorial.io/api/healthcheck from inside of the pangolin container? `docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck`?

GiteaMirror commented 2026-04-25 15:47:37 -05:00

Author

Owner

Copy Link

@kmanwar89 commented on GitHub (Nov 29, 2025):

Nice to hear from you Owen - I'm certain I keep you guys busy ;)

Looks like I cannot curl it from within the container:

❯ docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck
curl: (6) Could not resolve host: api.fossorial.io

FWIW, I'm not able to hit any other URL's either via DNS - google or similar, either with ping or curl, so this might be boiled down to a communication issue. What's not clear to me is I don't have anything configured (allow or deny) that would prevent it, I think. I've just been using the basic compose file from the website for months now with no issues.

Looks like other containers on the same VPS also can't resolve DNS, but they can ping out via IP just fine. Pangolin container pings out fine via IP, but fails DNS resolution.

/app # date
Sat Nov 29 17:09:11 UTC 2025
/app # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=112 time=13.942 ms
64 bytes from 8.8.8.8: seq=1 ttl=112 time=13.670 ms
64 bytes from 8.8.8.8: seq=2 ttl=112 time=13.615 ms
64 bytes from 8.8.8.8: seq=3 ttl=112 time=13.597 ms
64 bytes from 8.8.8.8: seq=4 ttl=112 time=13.623 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 13.597/13.689/13.942 ms
/app # date
Sat Nov 29 17:09:18 UTC 2025

<!-- gh-comment-id:3591810555 --> @kmanwar89 commented on GitHub (Nov 29, 2025): Nice to hear from you Owen - I'm certain I keep you guys busy ;) Looks like I cannot curl it from within the container: ``` ❯ docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck curl: (6) Could not resolve host: api.fossorial.io ``` FWIW, I'm not able to hit any other URL's either via DNS - google or similar, either with ping or curl, so this might be boiled down to a communication issue. What's not clear to me is I don't have anything configured (allow or deny) that would prevent it, I think. I've just been using the basic compose file from the website for months now with no issues. Looks like other containers on the same VPS also can't resolve DNS, but they can ping out via IP just fine. Pangolin container pings out fine via IP, but fails DNS resolution. ``` /app # date Sat Nov 29 17:09:11 UTC 2025 /app # ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=112 time=13.942 ms 64 bytes from 8.8.8.8: seq=1 ttl=112 time=13.670 ms 64 bytes from 8.8.8.8: seq=2 ttl=112 time=13.615 ms 64 bytes from 8.8.8.8: seq=3 ttl=112 time=13.597 ms 64 bytes from 8.8.8.8: seq=4 ttl=112 time=13.623 ms ^C --- 8.8.8.8 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 13.597/13.689/13.942 ms /app # date Sat Nov 29 17:09:18 UTC 2025 ```

GiteaMirror commented 2026-04-25 15:47:38 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Nov 29, 2025):

Hum strange! What if you explicitly set the DNS on the container in
docker compose?

version: '3.8'
services:
my_service:
image: my_image
dns:
- 8.8.8.8 # Google Public DNS
- 8.8.4.4 # Google Public DNS

<!-- gh-comment-id:3591948553 --> @oschwartz10612 commented on GitHub (Nov 29, 2025): Hum strange! What if you explicitly set the DNS on the container in docker compose? version: '3.8' services: my_service: image: my_image dns: - 8.8.8.8 # Google Public DNS - 8.8.4.4 # Google Public DNS

GiteaMirror commented 2026-04-25 15:47:38 -05:00

Author

Owner

Copy Link

@kmanwar89 commented on GitHub (Nov 30, 2025):

Hum strange! What if you explicitly set the DNS on the container in
docker compose?

version: '3.8'
services:
my_service:
image: my_image
dns:
- 8.8.8.8 # Google Public DNS
- 8.8.4.4 # Google Public DNS

Doing so seems to send the Crowdsec container into a bit of a fit:

crowdsec  | 2025-11-30T00:40:24.479066924Z time="2025-11-30T00:40:24Z" level=error msg="capi metrics: failed: Post \"https://api.crowdsec.net/v3/metrics/\": could not get jwt token: Post \"https://api.crowdsec.net/v3/watchers/login\": retryable error: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving"
crowdsec  | 2025-11-30T00:40:51.676473666Z time="2025-11-30T00:40:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:40:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 17.830875ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:40:51.681669616Z time="2025-11-30T00:40:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:40:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 11.522953ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:41:51.670987587Z time="2025-11-30T00:41:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:41:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 12.070107ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:41:51.672300215Z time="2025-11-30T00:41:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:41:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 1.047381ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:42:08.683121884Z time="2025-11-30T00:42:08Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:08 UTC] \"POST /v1/usage-metrics HTTP/1.1 201 12.986346ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:42:51.663411237Z time="2025-11-30T00:42:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.485637ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:42:51.670532363Z time="2025-11-30T00:42:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 583.375µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:43:51.663173479Z time="2025-11-30T00:43:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:43:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.997499ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:43:51.670243137Z time="2025-11-30T00:43:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:43:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 530.822µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:44:33.929306267Z time="2025-11-30T00:44:33Z" level=info msg="Starting community-blocklist update"
crowdsec  | 2025-11-30T00:44:49.944389584Z time="2025-11-30T00:44:49Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 4 retries left"
crowdsec  | 2025-11-30T00:44:51.665862511Z time="2025-11-30T00:44:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:44:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 7.48244ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:44:51.670024855Z time="2025-11-30T00:44:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:44:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 740.159µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:45:27.408008419Z time="2025-11-30T00:45:27Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 3 retries left"
crowdsec  | 2025-11-30T00:45:51.669355204Z time="2025-11-30T00:45:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:45:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 11.329294ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:45:51.670337873Z time="2025-11-30T00:45:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:45:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 766.246µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:46:42.304707111Z time="2025-11-30T00:46:42Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 2 retries left"
crowdsec  | 2025-11-30T00:46:51.666836853Z time="2025-11-30T00:46:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:46:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.022905ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:46:51.669760290Z time="2025-11-30T00:46:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:46:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 802.604µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:47:51.664174062Z time="2025-11-30T00:47:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:47:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 6.496634ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:47:51.669444315Z time="2025-11-30T00:47:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:47:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 588.528µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:48:03.343269632Z time="2025-11-30T00:48:03Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 1 retries left"
crowdsec  | 2025-11-30T00:48:51.673277165Z time="2025-11-30T00:48:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:48:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 15.419584ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:48:51.676109055Z time="2025-11-30T00:48:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:48:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 5.833629ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:49:17.650556312Z time="2025-11-30T00:49:17Z" level=error msg="capi pull top: get stream: Get \"https://api.crowdsec.net/v3/decisions/stream?startup=true\": could not get jwt token: Post \"https://api.crowdsec.net/v3/watchers/login\": retryable error: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving"
crowdsec  | 2025-11-30T00:49:33.664811070Z time="2025-11-30T00:49:33Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 4 retries left"
crowdsec  | 2025-11-30T00:49:51.663547658Z time="2025-11-30T00:49:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:49:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 6.145185ms \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:49:51.669541808Z time="2025-11-30T00:49:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:49:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 651.926µs \"crowdsec/v1.7.3-c8aad699-docker\" \""
crowdsec  | 2025-11-30T00:50:10.831404804Z time="2025-11-30T00:50:10Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 3 retries left"

Guessing I'd need to add it to each service within my file - I'm using a single compose file that contains Pangolin, Crowdsec, Traefik, and Gerbil.

<!-- gh-comment-id:3592070489 --> @kmanwar89 commented on GitHub (Nov 30, 2025): > Hum strange! What if you explicitly set the DNS on the container in > docker compose? > > version: '3.8' > services: > my_service: > image: my_image > dns: > - 8.8.8.8 # Google Public DNS > - 8.8.4.4 # Google Public DNS Doing so seems to send the Crowdsec container into a bit of a fit: ``` crowdsec | 2025-11-30T00:40:24.479066924Z time="2025-11-30T00:40:24Z" level=error msg="capi metrics: failed: Post \"https://api.crowdsec.net/v3/metrics/\": could not get jwt token: Post \"https://api.crowdsec.net/v3/watchers/login\": retryable error: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving" crowdsec | 2025-11-30T00:40:51.676473666Z time="2025-11-30T00:40:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:40:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 17.830875ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:40:51.681669616Z time="2025-11-30T00:40:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:40:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 11.522953ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:41:51.670987587Z time="2025-11-30T00:41:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:41:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 12.070107ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:41:51.672300215Z time="2025-11-30T00:41:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:41:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 1.047381ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:42:08.683121884Z time="2025-11-30T00:42:08Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:08 UTC] \"POST /v1/usage-metrics HTTP/1.1 201 12.986346ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:42:51.663411237Z time="2025-11-30T00:42:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.485637ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:42:51.670532363Z time="2025-11-30T00:42:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:42:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 583.375µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:43:51.663173479Z time="2025-11-30T00:43:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:43:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 5.997499ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:43:51.670243137Z time="2025-11-30T00:43:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:43:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 530.822µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:44:33.929306267Z time="2025-11-30T00:44:33Z" level=info msg="Starting community-blocklist update" crowdsec | 2025-11-30T00:44:49.944389584Z time="2025-11-30T00:44:49Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 4 retries left" crowdsec | 2025-11-30T00:44:51.665862511Z time="2025-11-30T00:44:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:44:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 7.48244ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:44:51.670024855Z time="2025-11-30T00:44:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:44:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 740.159µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:45:27.408008419Z time="2025-11-30T00:45:27Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 3 retries left" crowdsec | 2025-11-30T00:45:51.669355204Z time="2025-11-30T00:45:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:45:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 11.329294ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:45:51.670337873Z time="2025-11-30T00:45:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:45:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 766.246µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:46:42.304707111Z time="2025-11-30T00:46:42Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 2 retries left" crowdsec | 2025-11-30T00:46:51.666836853Z time="2025-11-30T00:46:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:46:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 9.022905ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:46:51.669760290Z time="2025-11-30T00:46:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:46:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 802.604µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:47:51.664174062Z time="2025-11-30T00:47:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:47:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 6.496634ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:47:51.669444315Z time="2025-11-30T00:47:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:47:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 588.528µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:48:03.343269632Z time="2025-11-30T00:48:03Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 1 retries left" crowdsec | 2025-11-30T00:48:51.673277165Z time="2025-11-30T00:48:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:48:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 15.419584ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:48:51.676109055Z time="2025-11-30T00:48:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:48:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 5.833629ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:49:17.650556312Z time="2025-11-30T00:49:17Z" level=error msg="capi pull top: get stream: Get \"https://api.crowdsec.net/v3/decisions/stream?startup=true\": could not get jwt token: Post \"https://api.crowdsec.net/v3/watchers/login\": retryable error: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving" crowdsec | 2025-11-30T00:49:33.664811070Z time="2025-11-30T00:49:33Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 4 retries left" crowdsec | 2025-11-30T00:49:51.663547658Z time="2025-11-30T00:49:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:49:51 UTC] \"GET /v1/heartbeat HTTP/1.1 200 6.145185ms \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:49:51.669541808Z time="2025-11-30T00:49:51Z" level=info msg="127.0.0.1 - [Sun, 30 Nov 2025 00:49:51 UTC] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 651.926µs \"crowdsec/v1.7.3-c8aad699-docker\" \"" crowdsec | 2025-11-30T00:50:10.831404804Z time="2025-11-30T00:50:10Z" level=error msg="while performing request: dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: server misbehaving; 3 retries left" ``` Guessing I'd need to add it to each service within my file - I'm using a single compose file that contains Pangolin, Crowdsec, Traefik, and Gerbil.

GiteaMirror commented 2026-04-25 15:47:39 -05:00

Author

Owner

Copy Link

@kmanwar89 commented on GitHub (Nov 30, 2025):

Confirmed: added the same entries to the Crowdsec service, which cleared up the errors. Opening a terminal into the Pangolin container now allows me to resolve URLs by domain name, and allows the previous curl command to succeed:

❯ docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck
{"data":null,"success":true,"error":false,"message":"Hello world!","status":200}%   

<!-- gh-comment-id:3592071939 --> @kmanwar89 commented on GitHub (Nov 30, 2025): Confirmed: added the same entries to the Crowdsec service, which cleared up the errors. Opening a terminal into the Pangolin container now allows me to resolve URLs by domain name, and allows the previous `curl` command to succeed: ``` ❯ docker exec -it pangolin curl https://api.fossorial.io/api/healthcheck {"data":null,"success":true,"error":false,"message":"Hello world!","status":200}% ```

GiteaMirror commented 2026-04-25 15:47:41 -05:00

Author

Owner

Copy Link

@kmanwar89 commented on GitHub (Nov 30, 2025):

Added the license this time, and it seems to be playing nice.

<!-- gh-comment-id:3592072462 --> @kmanwar89 commented on GitHub (Nov 30, 2025): <img width="1626" height="863" alt="Image" src="https://github.com/user-attachments/assets/30a7fa76-a1ea-44d0-a3ca-997e3e564f7a" /> Added the license this time, and it seems to be playing nice.

GiteaMirror commented 2026-04-25 15:47:41 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Nov 30, 2025):

Hum strange seems like it must be a docker issue of some sort where your
containers were not getting DNS. Glad its fixed!

<!-- gh-comment-id:3592172768 --> @oschwartz10612 commented on GitHub (Nov 30, 2025): Hum strange seems like it must be a docker issue of some sort where your containers were not getting DNS. Glad its fixed!

GiteaMirror commented 2026-04-25 15:47:42 -05:00

Author

Owner

Copy Link

@kmanwar89 commented on GitHub (Nov 30, 2025):

Thanks Owen for your help. This is probably one of those "under the radar" issues that wasn't actually a problem until I needed that DNS resolution for the license check,` which wasn't the case until I applied the license. So its likely this has always been an "issue", but was never a problem until now :)

<!-- gh-comment-id:3592574949 --> @kmanwar89 commented on GitHub (Nov 30, 2025): Thanks Owen for your help. This is probably one of those "under the radar" issues that wasn't actually a problem until I needed that DNS resolution for the license check,` which wasn't the case until I applied the license. So its likely this has always been an "issue", but was never a problem until now :)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/axios-1.15.2

s3

dependabot/npm_and_yarn/next-intl-4.9.2

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3-s.2

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#6843