Include traefik config when sending to remote nodes

2026-02-01 15:49:08 +00:00 · 2025-10-14 10:38:41 -07:00
parent c57db1479e
commit 57bcbf6c48
2 changed files with 38 additions and 6 deletions
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -6,8 +6,8 @@ services:
    restart: unless-stopped
    volumes:
      - ./config:/app/config
-      - pangolin-data:/var/certificates
-      - pangolin-data:/var/dynamic
+      - pangolin-data-certificates:/var/certificates
+      - pangolin-data-dynamic:/var/dynamic
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "10s"
@@ -57,8 +57,8 @@ services:
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
      # Shared volume for certificates and dynamic config in file mode 
-      - pangolin-data:/var/certificates:ro
-      - pangolin-data:/var/dynamic:ro
+      - pangolin-data-certificates:/var/certificates:ro
+      - pangolin-data-dynamic:/var/dynamic:ro

 networks:
  default:
@@ -67,4 +67,5 @@ networks:
 {{if .EnableIPv6}}    enable_ipv6: true{{end}}

 volumes:
-  pangolin-data:
+  pangolin-data-dynamic:
+  pangolin-data-certificates:
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -269,8 +269,39 @@ hybridRouter.get(
            const traefikConfig = await getTraefikConfig(
                remoteExitNode.exitNodeId,
                ["newt", "local", "wireguard"], // Allow them to use all the site types
-                true // But don't allow domain namespace resources
+                true, // But don't allow domain namespace resources
+                false // Dont include login pages
            );
+
+            const badgerMiddlewareName = "badger";
+            if (traefikConfig?.http?.middlewares) {
+                traefikConfig.http.middlewares[badgerMiddlewareName] = {
+                    plugin: {
+                        [badgerMiddlewareName]: {
+                            apiBaseUrl: new URL(
+                                "/api/v1",
+                                `http://${
+                                    config.getRawConfig().server
+                                        .internal_hostname
+                                }:${config.getRawConfig().server.internal_port}`
+                            ).href,
+                            userSessionCookieName:
+                                config.getRawConfig().server
+                                    .session_cookie_name,
+
+                            // deprecated
+                            accessTokenQueryParam:
+                                config.getRawConfig().server
+                                    .resource_access_token_param,
+
+                            resourceSessionRequestParam:
+                                config.getRawConfig().server
+                                    .resource_session_request_param
+                        }
+                    }
+                };
+            }
+
            return response(res, {
                data: traefikConfig,
                success: true,