Merge pull request #3221 from fosrl/dev

1.19.0-rc.1
Fix http resources not being pulled
2026-06-04 23:06:32 +00:00 · 2026-06-04 15:45:27 -07:00 · 2026-06-04 15:36:25 -07:00 · 2026-06-04 15:20:52 -07:00 · 2026-06-04 11:21:59 -07:00 · 2026-06-04 11:21:40 -07:00
7 changed files with 51 additions and 50 deletions
--- a/install/config/config.yml
+++ b/install/config/config.yml
@@ -38,7 +38,5 @@ flags:
    disable_user_create_org: false
    allow_raw_resources: true

-{{if .IsPostgreSQL}}
-postgres:
-  connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin
-{{end}}
+{{if .IsPostgreSQL}}postgres:
+    connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin{{end}}
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -7,23 +7,17 @@ services:
    deploy:
      resources:
        limits:
-          memory: 1g
+          memory: 2g
        reservations:
-          memory: 256m
-{{if or .IsPostgreSQL .IsRedis}}
-    depends_on:
-    {{if .IsPostgreSQL}}
-      postgres:
-        condition: service_healthy
-    {{end}}
-    {{if .IsRedis}}
-      redis:
-        condition: service_healthy
-    {{end}}
+          memory: 512m
+    {{if or .IsPostgreSQL .IsRedis}}depends_on:
+      {{if .IsPostgreSQL}}postgres:
+          condition: service_healthy{{end}}
+      {{if .IsRedis}}redis:
+          condition: service_healthy{{end}}
    networks:
      - default
-      - backend
-{{end}}
+      - backend{{end}}
    volumes:
      - ./config:/app/config
    healthcheck:
@@ -31,8 +25,8 @@ services:
      interval: "10s"
      timeout: "10s"
      retries: 15
-{{if .InstallGerbil}}
-  gerbil:
+
+  {{if .InstallGerbil}}gerbil:
    image: docker.io/fosrl/gerbil:{{.GerbilVersion}}
    container_name: gerbil
    restart: unless-stopped
@@ -53,8 +47,8 @@ services:
      - 21820:21820/udp
      - 443:443
      - 443:443/udp # For http3 QUIC if desired
-      - 80:80
-{{end}}
+      - 80:80{{end}}
+
  traefik:
    image: docker.io/traefik:v3.6
    container_name: traefik
@@ -62,8 +56,7 @@ services:
    {{if .InstallGerbil}}network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
    ports:
      - 443:443
-      - 80:80
-{{end}}
+      - 80:80{{end}}
    depends_on:
      pangolin:
        condition: service_healthy
@@ -74,8 +67,7 @@ services:
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs

-{{if .IsPostgreSQL}}
-  postgres:
+  {{if .IsPostgreSQL}}postgres:
    image: postgres:18
    container_name: postgres
    restart: unless-stopped
@@ -91,11 +83,9 @@ services:
      timeout: 5s
      retries: 5
    networks:
-      - backend
-{{end}}
+      - backend{{end}}

-{{if .IsRedis}}
-  redis:
+  {{if .IsRedis}}redis:
    image: redis:8-trixie
    container_name: redis
    restart: unless-stopped
@@ -113,17 +103,14 @@ services:
      retries: 3
      start_period: 10s
    networks:
-      - backend
-{{end}}
+      - backend{{end}}

 networks:
  default:
    driver: bridge
    name: pangolin_frontend
 {{if .EnableIPv6}}    enable_ipv6: true{{end}}
-{{if or .IsPostgreSQL .IsRedis}}
-  backend:
+{{if or .IsPostgreSQL .IsRedis}}  backend:
    driver: bridge
    name: pangolin_backend
-    internal: true
-{{end}}
+    internal: true{{end}}
--- a/install/config/privateConfig.yml
+++ b/install/config/privateConfig.yml
@@ -1,6 +1,4 @@
-{{if .IsRedis}}
-redis:
+{{if .IsRedis}}redis:
  host: "redis"
  port: 6379
-  password: "{{.IsRedisPass}}"
-{{end}}
+  password: "{{.IsRedisPass}}"{{end}}
--- a/install/main.go
+++ b/install/main.go
@@ -71,9 +71,12 @@ const (
 	Undefined SupportedContainer = "undefined"
 )

+var redisFlag *bool
+
 func main() {

 	crowdsecFlag := flag.Bool("crowdsec", false, "Enable the CrowdSec installation prompt")
+	redisFlag = flag.Bool("redis", false, "Install Redis as cacheing solution. Required for HA. Not required for the Enterprise version.")
 	flag.Parse()

 	// print a banner about prerequisites - opening port 80, 443, 51820, and 21820 on the VPS and firewall and pointing your domain to the VPS IP with a records. Docs are at http://localhost:3000/Getting%20Started/dns-networking
@@ -491,13 +494,13 @@ func collectUserInput() Config {

 	config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
    if config.IsEnterprise {
-        config.IsRedis = readBool("Do you want to run the Redis containers locally? Required for HA.")
-        if config.IsRedis {
+        if *redisFlag {
+			config.IsRedis = true
            config.IsRedisPass = readPassword("Enter a unique password for the Redis service.")
        }
    }

-    config.IsPostgreSQL = readBool("Do you want to run the PostgreSQL containers locally? Otherwise, default to the local SQLite database only.", false)
+    config.IsPostgreSQL = readBool("Do you want to use PostgreSQL (not recommended for most users)?", false)
 	if config.IsPostgreSQL {
 		config.IsPostgreSQLPass = readPassword("Enter a unique password for the PostgreSQL pangolin user.")
 	}
@@ -544,7 +547,7 @@ func collectUserInput() Config {
 	fmt.Println("\n=== Advanced Configuration ===")

 	config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
-	config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ADN databases for blocking functionality?", true)
+	config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ASN databases for blocking functionality?", true)

 	if config.DashboardDomain == "" {
 		fmt.Println("Error: Dashboard Domain name is required")
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2046,6 +2046,7 @@
    "requireDeviceApproval": "Require Device Approvals",
    "requireDeviceApprovalDescription": "Users with this role need new devices approved by an admin before they can connect and access resources.",
    "sshSettings": "SSH Settings",
+    "sshAccess": "SSH Access",
    "rdpSettings": "RDP Settings",
    "vncSettings": "VNC Settings",
    "sshServer": "SSH Server",
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -44,7 +44,8 @@ export async function getTraefikConfig(
    filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
    generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
    allowRawResources = true,
-    allowMaintenancePage = true // UNUSED BUT USED IN PRIVATE
+    allowMaintenancePage = true, // UNUSED BUT USED IN PRIVATE
+    allowBrowserGatewayResources = true
 ): Promise<any> {
    // Get resources with their targets and sites in a single optimized query
    // Start from sites on this exit node, then join to targets and resources
@@ -240,7 +241,7 @@ export async function getTraefikConfig(
            continue;
        }

-        if (resource.http) {
+        if (resource.mode === "http") {
            if (!resource.domainId || !resource.fullDomain) {
                continue;
            }
@@ -572,7 +573,7 @@ export async function getTraefikConfig(
                    serviceName
                ].loadBalancer.serversTransport = transportName;
            }
-        } else {
+        } else if (resource.mode === "tcp" || resource.mode === "udp") {
            // Non-HTTP (TCP/UDP) configuration
            if (!resource.enableProxy || !resource.proxyPort) {
                continue;
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -493,16 +493,29 @@ export async function getTraefikConfig(
        const transportName = `${key}-transport`;
        const headersMiddlewareName = `${key}-headers-middleware`;

+        logger.debug(
+            `Processing resource ${resource.name} with domain ${fullDomain} and ${targets.length} targets`
+        );
+
        if (!resource.enabled) {
+            logger.debug(
+                `Resource ${resource.name} is disabled, skipping Traefik config`
+            );
            continue;
        }

-        if (resource.http) {
+        if (resource.mode == "http") {
            if (!resource.domainId) {
+                logger.debug(
+                    `Resource ${resource.name} does not have a domainId, skipping Traefik config`
+                );
                continue;
            }

            if (!resource.fullDomain) {
+                logger.debug(
+                    `Resource ${resource.name} does not have a fullDomain, skipping Traefik config`
+                );
                continue;
            }

@@ -958,7 +971,7 @@ export async function getTraefikConfig(
                    serviceName
                ].loadBalancer.serversTransport = transportName;
            }
-        } else {
+        } else if (resource.mode == "tcp" || resource.mode == "udp") {
            // Non-HTTP (TCP/UDP) configuration
            if (!resource.enableProxy) {
                continue;
Author	SHA1	Message	Date
Owen Schwartz	7fa1180d10	Merge pull request #3221 from fosrl/dev 1.19.0-rc.1	2026-06-04 15:45:27 -07:00
Owen	769d36e289	Fix http resources not being pulled	2026-06-04 15:36:25 -07:00
Owen	a7a41b820e	Add missing sshAccess key	2026-06-04 15:20:52 -07:00
Owen Schwartz	8b50f1fb65	Merge pull request #3218 from fosrl/dev Fix installer	2026-06-04 11:21:59 -07:00
Owen	2d78a4b628	Fix installer	2026-06-04 11:21:40 -07:00