Merge branch 'main' of https://github.com/community-scripts/ProxmoxVED

ct/pangolin.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
-source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/build.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://pangolin.net/
 
 APP="Pangolin"
@@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
+var_tun="${var_tun:-1}"
 
 header_info "$APP"
 variables
@@ -29,44 +30,40 @@ function update_script() {
     fi
 
     if check_for_gh_release "pangolin" "fosrl/pangolin"; then
-        msg_info "Stopping ${APP}"
+        msg_info "Stopping Service"
         systemctl stop pangolin
+        systemctl stop gerbil
         msg_info "Service stopped"
 
         msg_info "Creating backup"
         tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
         msg_ok "Created backup"
 
-        fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
+        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
-        fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
+        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
 
-        msg_info "Updating ${APP}"
+        msg_info "Updating Pangolin"
-        export BUILD=oss
-        export DATABASE=sqlite
         cd /opt/pangolin
         $STD npm ci
-        echo "export * from \"./$DATABASE\";" > server/db/index.ts
+        $STD npm run set:sqlite
-        echo "export const build = \"$BUILD\" as any;" > server/build.ts
+        $STD npm run set:oss
-        cp tsconfig.oss.json tsconfig.json
+        rm -rf server/private
-        $STD npm run next:build
+        $STD npm run build:sqlite
-        $STD node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD
-        $STD node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs
         $STD npm run build:cli
         cp -R .next/standalone ./
-
+        chmod +x ./dist/cli.mjs
-        cat <<EOF >/usr/local/bin/pangctl
-#!/bin/sh
-cd /opt/pangolin
-./dist/cli.mjs "$@"
-EOF
-        chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
         cp server/db/names.json ./dist/names.json
-        msg_ok "Updated ${APP}"
+        msg_ok "Updated Pangolin"
 
         msg_info "Restoring config"
         tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite
         rm -f /opt/pangolin_config_backup.tar.gz
         msg_ok "Restored config"
+
+        msg_info "Starting Services"
+        systemctl start pangolin
+        systemctl start gerbil
+        msg_ok "Started Services"
         msg_ok "Updated successfully!"
     fi
     exit

install/pangolin-install.sh

@@ -22,22 +22,21 @@ msg_ok "Installed Dependencies"
 NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
+fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"
+
+read -rp "${TAB3}Enter your Pangolin URL: " pango_url
+read -rp "${TAB3}Enter your email address: " pango_email
+
+msg_info "Setup Pangolin"
 IP_ADDR=$(hostname -I | awk '{print $1}')
 SECRET_KEY=$(openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 32)
-
-msg_info "Setup Pangolin (Patience)"
-export BUILD=oss
-export DATABASE=sqlite
 cd /opt/pangolin
+mkdir -p /opt/pangolin/config/{traefik,db,letsencrypt,logs}
 $STD npm ci
-echo "export * from \"./$DATABASE\";" > server/db/index.ts
+$STD npm run set:sqlite
-echo "export const build = \"$BUILD\" as any;" > server/build.ts
+$STD npm run set:oss
-cp tsconfig.oss.json tsconfig.json
 rm -rf server/private
-mkdir -p dist
+$STD npm run build:sqlite
-$STD npm run next:build
-$STD node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD
-$STD node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs
 $STD npm run build:cli
 cp -R .next/standalone ./
 
@@ -48,39 +47,148 @@ cd /opt/pangolin
 EOF
 chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
 cp server/db/names.json ./dist/names.json
+mkdir -p /var/config
 
 cat <<EOF >/opt/pangolin/config/config.yml
 app:
-  dashboard_url: http://$IP_ADDR:3002
+  dashboard_url: "$pango_url"
-  log_level: debug
 
 domains:
   domain1:
-    base_domain: example.com
+    base_domain: "$pango_url"
+    cert_resolver: "letsencrypt"
 
 server:
-  secret: $SECRET_KEY
+  secret: "$SECRET_KEY"
 
 gerbil:
-  base_endpoint: example.com
+  base_endpoint: "$pango_url"
-
-orgs:
-  block_size: 24
-  subnet_group: 100.90.137.0/20
 
 flags:
   require_email_verification: false
-  disable_signup_without_invite: true
+  disable_signup_without_invite: false
-  disable_user_create_org: true
+  disable_user_create_org: false
-  allow_raw_resources: true
-  enable_integration_api: true
-  enable_clients: true
 EOF
-#$STD npm run db:sqlite:generate
+
-#$STD npm run db:sqlite:push
+cat <<EOF >/opt/pangolin/config/traefik/traefik_config.yaml
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://$IP_ADDR:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/opt/pangolin/config/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.2.0"
+
+log:
+  level: "INFO"
+  format: "common"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: $pango_email
+      storage: "/opt/pangolin/config/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+
+serversTransport:
+  insecureSkipVerify: true
+
+ping:
+    entryPoint: "web"
+EOF
+
+cat <<EOF >/opt/pangolin/config/traefik/dynamic_config.yml
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(\`$pango_url\`)"
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(\`$pango_url\`) && !PathPrefix($(/api/v1))"
+      service: next-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(\`$pango_url\`) && PathPrefix($(/api/v1))"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(\`$pango_url\`)"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://$IP_ADDR:3002"
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://$IP_ADDR:3000"
+EOF
+$STD npm run db:sqlite:generate
+$STD npm run db:sqlite:push
+
+. /etc/os-release
+if [ "$VERSION_CODENAME" = "trixie" ]; then
+  echo "net.ipv4.ip_forward=1" >>/etc/sysctl.d/sysctl.conf
+  $STD sysctl -p /etc/sysctl.d/sysctl.conf
+else
+  echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
+  $STD sysctl -p /etc/sysctl.conf
+fi
 msg_ok "Setup Pangolin"
 
-msg_info "Creating Pangolin Service"
+msg_info "Creating Services"
 cat <<EOF >/etc/systemd/system/pangolin.service
 [Unit]
 Description=Pangolin Service
@@ -89,8 +197,10 @@ After=network.target
 [Service]
 Type=simple
 User=root
+Environment=NODE_ENV=production
+Environment=ENVIRONMENT=prod
 WorkingDirectory=/opt/pangolin
-ExecStart=/usr/bin/npm start
+ExecStart=/usr/bin/node --enable-source-maps dist/server.mjs
 Restart=always
 RestartSec=10
 
@@ -98,10 +208,7 @@ RestartSec=10
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now pangolin
-msg_ok "Created pangolin Service"
 
-msg_info "Setting up gerbil"
-mkdir -p /var/config
 cat <<EOF >/etc/systemd/system/gerbil.service
 [Unit]
 Description=Gerbil Service
@@ -119,7 +226,22 @@ RestartSec=10
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now gerbil
-msg_ok "Set up gerbil"
+
+cat <<'EOF' >/etc/systemd/system/traefik.service
+[Unit]
+Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/traefik --configFile=/opt/pangolin/config/traefik/traefik_config.yaml
+Restart=on-failure
+ExecReload=/bin/kill -USR1 \$MAINPID
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now traefik
+msg_ok "Created Services"
 
 motd_ssh
 customize