diff --git a/config/config.example.yml b/config/config.example.yml index 7eeebf81..896113bb 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -1,27 +1,30 @@ # To see all available options, please visit the docs: -# https://docs.pangolin.net/self-host/advanced/config-file - -app: - dashboard_url: http://localhost:3002 - log_level: debug - -domains: - domain1: - base_domain: example.com - -server: - secret: my_secret_key +# https://docs.pangolin.net/ gerbil: - base_endpoint: example.com + start_port: 51820 + base_endpoint: "{{.DashboardDomain}}" -orgs: - block_size: 24 - subnet_group: 100.90.137.0/20 +app: + dashboard_url: "https://{{.DashboardDomain}}" + log_level: "info" + telemetry: + anonymous_usage: true + +domains: + domain1: + base_domain: "{{.BaseDomain}}" + +server: + secret: "{{.Secret}}" + cors: + origins: ["https://{{.DashboardDomain}}"] + methods: ["GET", "POST", "PUT", "DELETE", "PATCH"] + allowed_headers: ["X-CSRF-Token", "Content-Type"] + credentials: false flags: - require_email_verification: false - disable_signup_without_invite: true - disable_user_create_org: true - allow_raw_resources: true - enable_integration_api: true + require_email_verification: false + disable_signup_without_invite: true + disable_user_create_org: false + allow_raw_resources: true diff --git a/config/traefik/dynamic_config.yml b/config/traefik/dynamic_config.yml index 8465a9cf..0829924a 100644 --- a/config/traefik/dynamic_config.yml +++ b/config/traefik/dynamic_config.yml @@ -1,5 +1,9 @@ http: middlewares: + badger: + plugin: + badger: + disableForwardAuth: true redirect-to-https: redirectScheme: scheme: https @@ -13,14 +17,16 @@ http: - web middlewares: - redirect-to-https + - badger # Next.js router (handles everything except API and WebSocket paths) next-router: - rule: "Host(`{{.DashboardDomain}}`)" + rule: "Host(`{{.DashboardDomain}}`) && !PathPrefix(`/api/v1`)" service: next-service - priority: 10 entryPoints: - websecure + middlewares: + - badger tls: certResolver: letsencrypt @@ -28,9 +34,21 @@ http: api-router: rule: "Host(`{{.DashboardDomain}}`) && PathPrefix(`/api/v1`)" service: api-service - priority: 100 entryPoints: - websecure + middlewares: + - badger + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(`{{.DashboardDomain}}`)" + service: api-service + entryPoints: + - websecure + middlewares: + - badger tls: certResolver: letsencrypt @@ -44,3 +62,12 @@ http: loadBalancer: servers: - url: "http://pangolin:3000" # API/WebSocket server + +tcp: + serversTransports: + pp-transport-v1: + proxyProtocol: + version: 1 + pp-transport-v2: + proxyProtocol: + version: 2 diff --git a/config/traefik/traefik_config.yml b/config/traefik/traefik_config.yml index 308890f1..0709b461 100644 --- a/config/traefik/traefik_config.yml +++ b/config/traefik/traefik_config.yml @@ -3,32 +3,52 @@ api: dashboard: true providers: + http: + endpoint: "http://pangolin:3001/api/v1/traefik-config" + pollInterval: "5s" file: - directory: "/var/dynamic" - watch: true + filename: "/etc/traefik/dynamic_config.yml" experimental: plugins: badger: moduleName: "github.com/fosrl/badger" - version: "v1.3.0" + version: "{{.BadgerVersion}}" log: - level: "DEBUG" + level: "INFO" format: "common" maxSize: 100 maxBackups: 3 maxAge: 3 compress: true +certificatesResolvers: + letsencrypt: + acme: + httpChallenge: + entryPoint: web + email: "{{.LetsEncryptEmail}}" + storage: "/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + entryPoints: web: address: ":80" websecure: - address: ":9443" + address: ":443" transport: respondingTimeouts: readTimeout: "30m" + http: + tls: + certResolver: "letsencrypt" + encodedCharacters: + allowEncodedSlash: true + allowEncodedQuestionMark: true serversTransport: insecureSkipVerify: true + +ping: + entryPoint: "web"