LBP
/
ChristianLempa_Boilerplates
зеркало из https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
							---
kind: compose
metadata:
  icon:
    provider: selfh
    id: pangolin
  name: Pangolin
  description: |
    Self-hosted reverse proxy server that securely exposes private resources on distributed networks through
    encrypted WireGuard tunnels. Pangolin enables access from anywhere without opening ports, using a custom
    user-space WireGuard client (Newt) for secure connectivity. Features include automatic tunnel management,
    integrated CrowdSec security, and support for both PostgreSQL and SQLite databases.
    ## References
    * **Project:** https://github.com/fosrl/pangolin
    * **Documentation:** https://github.com/fosrl/pangolin/blob/main/README.md
    * **Docker Hub:** https://hub.docker.com/r/fosrl/pangolin
  version: latest
  author: Christian Lempa
  date: '2025-11-13'
  tags:
    - traefik
    - swarm
    - proxy
    - wireguard
  draft: true
  next_steps: |
    ### 1. Configure Database
    {% if postgres_enabled -%}
    Make sure PostgreSQL is running and accessible at:
    * Connection string: {{ postgres_connection_string }}
    {% else -%}
    Pangolin will use SQLite database stored in the data volume.
    {% endif -%}
    ### 2. Deploy the Service
    {% if swarm_enabled -%}
    Deploy to Docker Swarm:
    ```bash
    docker stack deploy -c compose.yaml pangolin
    ```
    {% else -%}
    Start Pangolin using Docker Compose:
    ```bash
    docker compose up -d
    ```
    {% endif -%}
    ### 3. Access the Web Interface
    {% if traefik_enabled -%}
    * Navigate to: **https://{{ traefik_host }}.{{ traefik_domain }}**
    {% else -%}
    * Navigate to: **http://localhost:{{ ports_http }}**
    {% endif -%}
    ### 4. Configure WireGuard Clients
    * Use the Pangolin web interface to create and manage WireGuard tunnels
    * Deploy Newt client on remote machines to establish secure connections
schema: "1.2"
spec:
  general:
    vars:
      service_name:
        default: "pangolin"
      container_name:
        default: "pangolin"
      container_hostname:
        default: "pangolin"
  traefik:
    vars:
      traefik_host:
        default: "pangolin"
  network:
    vars:
      network_name:
        default: "pangolin_network"
  ports:
    vars:
      ports_http:
        description: "External HTTP port (web interface)"
        type: int
        default: 8080
        needs: ["traefik_enabled=false", "network_mode=bridge"]
  volume:
    vars:
      volume_mount_path:
        default: "/mnt/storage/pangolin"
  postgres:
    title: "PostgreSQL Configuration"
    toggle: postgres_enabled
    needs: null
    vars:
      postgres_enabled:
        type: bool
        default: false
        description: "Use PostgreSQL database (SQLite is default)"
      postgres_connection_string:
        type: str
        default: "postgresql://postgres:postgres@localhost:5432"
        description: "PostgreSQL connection string"
        needs: "postgres_enabled=true"
  environment:
    title: "Environment Variables"
    toggle: environment_enabled
    needs: null
    vars:
      environment_enabled:
        type: bool
        default: false
        description: "Configure additional environment variables"
      environment_crowdsec_enabled:
        type: bool
        default: false
        description: "Enable CrowdSec integration"
        needs: "environment_enabled=true"
      environment_log_level:
        type: enum
        default: "info"
        options: ["debug", "info", "warn", "error"]
        description: "Log level"
        needs: "environment_enabled=true"