Add Pangolin

pangolin/config/config.yml

@@ -0,0 +1,59 @@
+app:
+  dashboard_url: "https://tunnel.abzw.de"
+  log_level: "info"
+  save_logs: false
+
+domains:
+  domain1:
+    base_domain: "abzw.de"
+    cert_resolver: "letsencrypt"
+    prefer_wildcard_cert: false
+
+server:
+  external_port: 3000
+  internal_port: 3001
+  next_port: 3002
+  internal_hostname: "pangolin"
+  session_cookie_name: "p_session_token"
+  resource_access_token_param: "p_token"
+  resource_access_token_headers:
+    id: "P-Access-Token-Id"
+    token: "P-Access-Token"
+  resource_session_request_param: "p_session_request"
+
+traefik:
+  cert_resolver: "letsencrypt"
+  http_entrypoint: "web"
+  https_entrypoint: "websecure"
+
+gerbil:
+  start_port: 51820
+  base_endpoint: "abzw.de"
+  use_subdomain: false
+  block_size: 24
+  site_block_size: 30
+  subnet_group: 100.89.137.0/20
+
+rate_limits:
+  global:
+    window_minutes: 1
+    max_requests: 100
+
+email:
+  smtp_host: "host.hoster.net"
+  smtp_port: 587
+  smtp_user: "no-reply@abzw.de"
+  smtp_pass: "aaaaaaaaaaaaaaaaaa"
+  no_reply: "no-reply@abzw.de"
+
+users:
+  server_admin:
+    email: "admin@abzw.de"
+    password: "Password123!"
+
+flags:
+  require_email_verification: true
+  disable_signup_without_invite: true
+  disable_user_create_org: true
+  allow_raw_resources: true
+  allow_base_domain_resources: true

pangolin/config/traefik/dynamic_config.yml

@@ -0,0 +1,53 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(`tunnel.abzw.de`)" # REPLACE THIS WITH YOUR DOMAIN
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(`tunnel.abzw.de`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
+      service: next-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(`tunnel.abzw.de`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(`tunnel.abzw.de`)" # REPLACE THIS WITH YOUR DOMAIN
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3002" # Next.js server
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3000" # API/WebSocket server

pangolin/config/traefik/traefik_config.yml

@@ -0,0 +1,44 @@
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/etc/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.1.0"
+
+log:
+  level: "INFO"
+  format: "common"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: admin@abzw.de # REPLACE THIS WITH YOUR EMAIL
+      storage: "/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+
+serversTransport:
+  insecureSkipVerify: true