github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-21 01:11:38 -05:00
Code Issues 856 Packages Projects Releases 74 Wiki Activity

[GH-ISSUE #1220] Multiple domains and Traefik #8579

New Issue
Closed
opened 2026-04-30 04:34:08 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-30 04:34:08 -05:00
Owner
Copy Link

Originally created by @SigmaSquadron on GitHub (Aug 5, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1220

Hi! While developing the NixOS module for Pangolin, we came across an issue with Pangolin's configuration. More specifically, we have no idea how to configure Traefik with more than one domain configured in a self-hosted Pangolin.

While personally I have no use for multiple domains, it is my responsibility as an OS developer to account for all possible configurations for Pangolin. Could the docs be expanded on how to set up additional domains in Traefik for a self-hosted Pangolin?

Originally created by @SigmaSquadron on GitHub (Aug 5, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1220 Hi! While developing the NixOS module for Pangolin, we came across an issue with Pangolin's configuration. More specifically, we have no idea how to configure Traefik with more than one domain configured in a self-hosted Pangolin. While personally I have no use for multiple domains, it is my responsibility as an OS developer to account for all possible configurations for Pangolin. Could the docs be expanded on how to set up additional domains in Traefik for a self-hosted Pangolin?
GiteaMirror commented 2026-04-30 04:34:09 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Aug 6, 2025):

Hi! Are you interested in multiple domains for the resources? That is
covered in the docs and can be added in the UI or in the config file.

For the pangolin UI itself I dont think we can do multiple domains right
now because of the config dashboard_url:.

On 8/5/25 16:23, Fernando Rodrigues wrote:

SigmaSquadron created an issue (fosrl/pangolin#1220) <https://
github.com/fosrl/pangolin/issues/1220>

Hi! While developing the NixOS module for Pangolin, we came across an
issue with Pangolin's configuration. More specifically, we have no idea
how to configure Traefik with more than one domain configured in a self-
hosted Pangolin.

While personally I have no use for multiple domains, it is my
responsibility as an OS developer to account for all possible
configurations for Pangolin. Could the docs be expanded on how to set up
additional domains in Traefik for a self-hosted Pangolin?


Reply to this email directly, view it on GitHub <https://github.com/
fosrl/pangolin/issues/1220>, or unsubscribe <https://github.com/
notifications/unsubscribe-auth/
ABGEUGF3DXIRQLTMMNSKK733ME4IBAVCNFSM6AAAAACDGKZP32VHI2DSMVQWIX3LMV43ASLTON2WKOZTGI4TINRZGQ4TCNY>.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

<!-- gh-comment-id:3160942452 --> @oschwartz10612 commented on GitHub (Aug 6, 2025): Hi! Are you interested in multiple domains for the resources? That is covered in the docs and can be added in the UI or in the config file. For the pangolin UI itself I dont think we can do multiple domains right now because of the config `dashboard_url:`. On 8/5/25 16:23, Fernando Rodrigues wrote: > *SigmaSquadron* created an issue (fosrl/pangolin#1220) <https:// > github.com/fosrl/pangolin/issues/1220> > > Hi! While developing the NixOS module for Pangolin, we came across an > issue with Pangolin's configuration. More specifically, we have no idea > how to configure Traefik with more than one domain configured in a self- > hosted Pangolin. > > While personally I have no use for multiple domains, it is my > responsibility as an OS developer to account for all possible > configurations for Pangolin. Could the docs be expanded on how to set up > additional domains in Traefik for a self-hosted Pangolin? > > — > Reply to this email directly, view it on GitHub <https://github.com/ > fosrl/pangolin/issues/1220>, or unsubscribe <https://github.com/ > notifications/unsubscribe-auth/ > ABGEUGF3DXIRQLTMMNSKK733ME4IBAVCNFSM6AAAAACDGKZP32VHI2DSMVQWIX3LMV43ASLTON2WKOZTGI4TINRZGQ4TCNY>. > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >
GiteaMirror commented 2026-04-30 04:34:11 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 7, 2025):

Hi! Thanks for the reply, but I think I may have expressed myself incorrectly. I wished to know about the appropriate Traefik configuration for handling multiple domains configured in Pangolin. For example, if I add example.com as my dashboard domain and default base domain, I need to configure the appropriate routers in Traefik so the Next.JS router is exposed to connections at pangolin.example.com. If I add a new domain (example2.com) through the Pangolin config file or through the UI, do I need to configure anything in Traefik?

I know I need to ensure that the certificate resolver in the Pangolin config file for each domain matches the certificate resolves in Traefik, but I'm not sure if I have to set up a router for each domain or not.

<!-- gh-comment-id:3162609384 --> @SigmaSquadron commented on GitHub (Aug 7, 2025): Hi! Thanks for the reply, but I think I may have expressed myself incorrectly. I wished to know about the appropriate Traefik configuration for handling multiple domains configured in Pangolin. For example, if I add `example.com` as my dashboard domain and default base domain, I need to configure the appropriate routers in Traefik so the Next.JS router is exposed to connections at pangolin.example.com. If I add a new domain (`example2.com`) through the Pangolin config file or through the UI, do I need to configure anything in Traefik? I know I need to ensure that the certificate resolver in the Pangolin config file for each domain matches the certificate resolves in Traefik, but I'm not sure if I have to set up a router for each domain or not.
GiteaMirror commented 2026-04-30 04:34:12 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 7, 2025):

Furthermore, with #1221 in mind, which Traefik needs to have the certificateResolvers set up for HTTPS? The Traefik running in Pangolin's machine or the Traefik running in Gerbil's machine?

<!-- gh-comment-id:3162686276 --> @SigmaSquadron commented on GitHub (Aug 7, 2025): Furthermore, with #1221 in mind, which Traefik needs to have the `certificateResolvers` set up for HTTPS? The Traefik running in Pangolin's machine or the Traefik running in Gerbil's machine?
GiteaMirror commented 2026-04-30 04:34:12 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Aug 8, 2025):

I don't think you could have multiple domains for the UI right now. But this could be tested. I could be completely wrong.

Because the dashboard base URL is used in a couple of places, I think having a separate domain might cause issues. But, yes, you would generally - assuming this wasn't an issue - duplicate all of the routers in the dynamic config that point to the local Pangolin 3000 ports. For example, you would add a new one with the secondary UI URL and point it to 3002. Would that make sense?

I've never actually tested this but it could be tested. Let me know if you do.

<!-- gh-comment-id:3166186562 --> @oschwartz10612 commented on GitHub (Aug 8, 2025): I don't think you could have multiple domains for the UI right now. But this could be tested. I could be completely wrong. Because the dashboard base URL is used in a couple of places, I think having a separate domain might cause issues. But, yes, you would generally - assuming this wasn't an issue - duplicate all of the routers in the dynamic config that point to the local Pangolin 3000 ports. For example, you would add a new one with the secondary UI URL and point it to 3002. Would that make sense? I've never actually tested this but it could be tested. Let me know if you do.
GiteaMirror commented 2026-04-30 04:34:12 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 8, 2025):

Sorry, that's not what I meant! I'm referring to a hypothetical setup where Gerbil and Pangolin are running on different machines, and I have two domains I can use to route resources to.

Pangolin has maindomain.com configured in the config file, using the DNS resolver for that domain. After I logged in as an admin, I have also set-up secondarydomain.com, which uses the traefik series of rules for certificate resolution. The dashboard is only available from pangolin.maindomain.com; it cannot be accessed from secondarydomain.com, and serves only to route resources like serviceA.maindomain.com and serviceB.secondarydomain.com. The machine running Pangolin has the proper dynamic Traefik configuration for routing the API and dashboard to the pangolin.maindomain.com URL. secondarydomain.com doesn't appear in the Traefik config at all, so I'm hoping it's all handled by Pangolin's traefik-config endpoint.

Gerbil is running on another machine, and connects to Pangolin using --remoteConfig. My question is: what parts of Traefik need to run in either machine in order to route resources through two domains in this split Gerbil/Pangolin setup? Do the certificate resolvers also need to be set up in this Traefik's static configuration?

Badger is set up on the instance of Traefik running on Gerbil's machine. Does it need to run on the machine running Pangolin as well? I'm also hoping it can retrieve its configuration from the same traefik-config endpoint.

<!-- gh-comment-id:3166971866 --> @SigmaSquadron commented on GitHub (Aug 8, 2025): Sorry, that's not what I meant! I'm referring to a hypothetical setup where Gerbil and Pangolin are running on different machines, and I have two domains I can use to route resources to. Pangolin has `maindomain.com` configured in the config file, using the DNS resolver for that domain. After I logged in as an admin, I have also set-up `secondarydomain.com`, which uses the `traefik` series of rules for certificate resolution. The dashboard is only available from `pangolin.maindomain.com`; it cannot be accessed from `secondarydomain.com`, and serves only to route resources like `serviceA.maindomain.com` and `serviceB.secondarydomain.com`. The machine running Pangolin has the proper dynamic Traefik configuration for routing the API and dashboard to the `pangolin.maindomain.com` URL. **`secondarydomain.com` doesn't appear in the Traefik config at all, so I'm hoping it's all handled by Pangolin's traefik-config endpoint.** Gerbil is running on another machine, and connects to Pangolin using `--remoteConfig`. My question is: **what parts of Traefik need to run in either machine in order to route resources through two domains in this split Gerbil/Pangolin setup?** Do the certificate resolvers also need to be set up in this Traefik's static configuration? Badger is set up on the instance of Traefik running on Gerbil's machine. Does it need to run on the machine running Pangolin as well? I'm also hoping it can retrieve its configuration from the same `traefik-config` endpoint.
GiteaMirror commented 2026-04-30 04:34:13 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Aug 16, 2025):

|secondarydomain.com| doesn't appear in the Traefik config at all, so
I'm hoping it's all handled by Pangolin's traefik-config endpoint.

Ahh okay yes this domain would be handled entirely in the config
generated by Pangolin for Traefik. You would want to have Traefik
deployed with gerbil and pulling config from the remote Pangolin so
that it creates the routes locally to send down the Gerbil tunnel. Does
that make sense?

You would not need Badger on the Pangolin Traeifk. This is just
basically doing normal reverse proxy stuff and could really be any proxy.

<!-- gh-comment-id:3193379003 --> @oschwartz10612 commented on GitHub (Aug 16, 2025): > |secondarydomain.com| doesn't appear in the Traefik config at all, so > I'm hoping it's all handled by Pangolin's traefik-config endpoint. Ahh okay yes this domain would be handled entirely in the config generated by Pangolin for Traefik. You would want to have Traefik deployed *with* gerbil and pulling config from the remote Pangolin so that it creates the routes locally to send down the Gerbil tunnel. Does that make sense? You would not need Badger on the Pangolin Traeifk. This is just basically doing normal reverse proxy stuff and could really be any proxy.
GiteaMirror commented 2026-04-30 04:34:13 -05:00
Author
Owner
Copy Link

@SigmaSquadron commented on GitHub (Aug 16, 2025):

That is absolutely perfect, thank you!

<!-- gh-comment-id:3193477448 --> @SigmaSquadron commented on GitHub (Aug 16, 2025): That is absolutely perfect, thank you!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#8579
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?