README
¶
Pangolin Middleware Manager
A specialized microservice that enhances your Pangolin deployment by enabling custom Traefik middleware attachment to resources without modifying Pangolin itself. This provides crucial functionality for implementing authentication, security headers, rate limiting, and other middleware-based protections.
Overview
The Middleware Manager monitors resources created in Pangolin and provides a simple web interface to attach additional Traefik middlewares to these resources. This allows you to implement advanced functionality such as:
- Authentication layers (Authelia, Authentik, Basic Auth)
- Security headers and content policies
- Geographic IP blocking
- Rate limiting and DDoS protection
- Custom redirect and path manipulation rules
- Integration with security tools like CrowdSec
When you add a middleware to a resource through the Middleware Manager, it creates Traefik configuration files that properly reference both the middleware and the original service with the correct provider references.
Key Features
- Real-time synchronization with Pangolin resources
- Web-based management UI for easy configuration
- Template library for common middleware setups
- Cross-provider integration that properly references Traefik resources
- Database persistence for configuration storage
- Wide middleware support including ForwardAuth, BasicAuth, Headers, RateLimit, and more
- Plugin compatibility with Traefik v2/v3 plugins like CrowdSec, GeoBlock, and CloudflareWarp
Prerequisites
- A working Pangolin deployment (with Traefik v2.x or v3.x)
- Docker and Docker Compose
- Network connectivity between the Middleware Manager and Pangolin's API
Quick Start
Using Docker Compose
Add the Middleware Manager to your existing Pangolin docker-compose.yml:
middleware-manager:
image: hhftechnology/middleware-manager:latest
container_name: middleware-manager
restart: unless-stopped
volumes:
- ./data:/data
- ./config/traefik/rules:/conf
- ./config/middleware-manager/templates.yaml:/app/config/templates.yaml # Optional for custom templates
environment:
- PANGOLIN_API_URL=http://pangolin:3001/api/v1
- TRAEFIK_CONF_DIR=/conf
- DB_PATH=/data/middleware.db
- PORT=3456
ports:
- "3456:3456"
Start the service:
docker-compose up -d middleware-manager
Access the UI:
http://your-server:3456
Manual Installation
-
Clone the repository:
git clone https://github.com/hhftechnology/middleware-manager.git cd middleware-manager -
Configure environment:
cp .env.example .env # Edit .env with your specific configuration -
Build and start the service:
make build ./middleware-manager
Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
PANGOLIN_API_URL |
URL to your Pangolin API | http://pangolin:3001/api/v1 |
TRAEFIK_CONF_DIR |
Directory to write Traefik configurations | /conf |
DB_PATH |
Path to SQLite database | /data/middleware.db |
PORT |
Port for web UI and API | 3456 |
CHECK_INTERVAL_SECONDS |
How often to check for new resources (seconds) | 30 |
GENERATE_INTERVAL_SECONDS |
How often to update configuration files (seconds) | 10 |
DEBUG |
Enable debug logging | false |
ALLOW_CORS |
Enable CORS for API | false |
CORS_ORIGIN |
Allowed CORS origin | "" (all) |
Custom Middleware Templates
Create a file at ./config/middleware-manager/templates.yaml with this structure:
middlewares:
- id: "security-headers"
name: "Strong Security Headers"
type: "headers"
config:
customResponseHeaders:
Server: ""
X-Powered-By: ""
browserXSSFilter: true
contentTypeNosniff: true
customFrameOptionsValue: "SAMEORIGIN"
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
- id: "rate-limit"
name: "Standard Rate Limiting"
type: "rateLimit"
config:
average: 100
burst: 50
# Add more middleware templates as needed
Usage Guide
Adding Middleware to a Resource
- Create resources in Pangolin as usual
- Open the Middleware Manager UI (
http://your-server:3456) - Navigate to the "Resources" tab
- Click "Manage" next to the resource you want to protect
- Click "Add Middleware"
- Select a middleware from the dropdown (or create a new one)
- Set the priority value if needed (higher numbers have lower precedence)
- Click "Add Middleware"
- The middleware will be automatically applied to the resource
Creating Custom Middleware
- In the Middleware Manager UI, navigate to the "Middlewares" tab
- Click "Create Middleware"
- Enter a name for your middleware
- Select the middleware type (ForwardAuth, BasicAuth, Headers, etc.)
- Configure the middleware settings using the JSON editor
- Click "Create Middleware"
- The new middleware will be available to assign to resources
Important: Understanding Cross-Provider References
The Middleware Manager works by creating Traefik configurations that reference services defined by Pangolin. For this to work correctly, services and middlewares need proper provider references:
- When your file-based configuration references a service defined by Pangolin, it needs the
@httpsuffix - When your file-based configuration references a middleware defined by Pangolin, it needs the
@httpsuffix - Conversely, middlewares defined in your file need the
@filesuffix when referenced
The Middleware Manager automatically handles these references for you, but it's important to understand this if you encounter any "service/middleware does not exist" errors in Traefik.
Traefik Plugin Integration
To use Traefik plugins like CrowdSec, GeoBlock, or CloudflareWarp:
-
Add the plugin to your Traefik static configuration:
# In traefik_config.yml experimental: plugins: crowdsec: moduleName: github.com/crowdsecurity/traefik-plugin-crowdsec version: v1.4.2 geoblock: moduleName: github.com/PascalMinder/geoblock version: v0.3.2 -
Add the plugin middleware template to your templates.yaml:
middlewares: - id: "crowdsec-protection" name: "CrowdSec Security Protection" type: "plugin" config: plugin: crowdsec: enabled: true # Additional configuration... -
The plugin middleware will now be available in the Middleware Manager UI
Troubleshooting
"The service does not exist" error in Traefik logs
This usually means the cross-provider reference isn't working correctly. The Middleware Manager should automatically use @http suffix for Pangolin services, but if you see this error:
- Check if the middleware configuration file was generated correctly in your
/confdirectory - Verify that service references include the
@httpsuffix - Restart the Middleware Manager
"The middleware does not exist" error in Traefik logs
Similar to the service error, but for middlewares:
- Check if the middleware is properly defined
- Ensure Pangolin-defined middlewares have an
@httpsuffix when referenced - Check if the middleware requires a Traefik plugin that isn't installed
Middleware not being applied
- Check Traefik's dashboard for routing information
- Verify the middleware is correctly associated with the resource
- Check the middleware priority (lower numbers have higher precedence)
- Look for errors in the Traefik logs
Development
Prerequisites
- Go 1.19+
- Node.js 16+
- npm or yarn
Backend Development
# Run backend in development mode
go run main.go
# Build backend
go build -o middleware-manager
Frontend Development
cd ui
npm install
npm start
License
MIT License
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Documentation
¶
There is no documentation for this package.
Source Files
Directories