diff --git a/ct/pangolin.sh b/ct/pangolin.sh index 87b3e4856..faa10e818 100644 --- a/ct/pangolin.sh +++ b/ct/pangolin.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash -source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/build.func) +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) # Copyright (c) 2021-2025 community-scripts ORG # Author: Slaviša Arežina (tremor021) -# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://pangolin.net/ APP="Pangolin" @@ -13,6 +13,7 @@ var_disk="${var_disk:-5}" var_os="${var_os:-debian}" var_version="${var_version:-13}" var_unprivileged="${var_unprivileged:-1}" +var_tun="${var_tun:-1}" header_info "$APP" variables @@ -29,44 +30,40 @@ function update_script() { fi if check_for_gh_release "pangolin" "fosrl/pangolin"; then - msg_info "Stopping ${APP}" + msg_info "Stopping Service" systemctl stop pangolin + systemctl stop gerbil msg_info "Service stopped" msg_info "Creating backup" tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config msg_ok "Created backup" - fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" - fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64" + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64" - msg_info "Updating ${APP}" - export BUILD=oss - export DATABASE=sqlite + msg_info "Updating Pangolin" cd /opt/pangolin $STD npm ci - echo "export * from \"./$DATABASE\";" > server/db/index.ts - echo "export const build = \"$BUILD\" as any;" > server/build.ts - cp tsconfig.oss.json tsconfig.json - $STD npm run next:build - $STD node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD - $STD node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs + $STD npm run set:sqlite + $STD npm run set:oss + rm -rf server/private + $STD npm run build:sqlite $STD npm run build:cli cp -R .next/standalone ./ - - cat </usr/local/bin/pangctl -#!/bin/sh -cd /opt/pangolin -./dist/cli.mjs "$@" -EOF - chmod +x /usr/local/bin/pangctl ./dist/cli.mjs + chmod +x ./dist/cli.mjs cp server/db/names.json ./dist/names.json - msg_ok "Updated ${APP}" + msg_ok "Updated Pangolin" msg_info "Restoring config" tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite rm -f /opt/pangolin_config_backup.tar.gz msg_ok "Restored config" + + msg_info "Starting Services" + systemctl start pangolin + systemctl start gerbil + msg_ok "Started Services" msg_ok "Updated successfully!" fi exit diff --git a/install/pangolin-install.sh b/install/pangolin-install.sh index 0a82cd4fb..60976df4b 100644 --- a/install/pangolin-install.sh +++ b/install/pangolin-install.sh @@ -22,22 +22,21 @@ msg_ok "Installed Dependencies" NODE_VERSION="22" setup_nodejs fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64" +fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz" + +read -rp "${TAB3}Enter your Pangolin URL: " pango_url +read -rp "${TAB3}Enter your email address: " pango_email + +msg_info "Setup Pangolin" IP_ADDR=$(hostname -I | awk '{print $1}') SECRET_KEY=$(openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 32) - -msg_info "Setup Pangolin (Patience)" -export BUILD=oss -export DATABASE=sqlite cd /opt/pangolin +mkdir -p /opt/pangolin/config/{traefik,db,letsencrypt,logs} $STD npm ci -echo "export * from \"./$DATABASE\";" > server/db/index.ts -echo "export const build = \"$BUILD\" as any;" > server/build.ts -cp tsconfig.oss.json tsconfig.json +$STD npm run set:sqlite +$STD npm run set:oss rm -rf server/private -mkdir -p dist -$STD npm run next:build -$STD node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD -$STD node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs +$STD npm run build:sqlite $STD npm run build:cli cp -R .next/standalone ./ @@ -48,39 +47,148 @@ cd /opt/pangolin EOF chmod +x /usr/local/bin/pangctl ./dist/cli.mjs cp server/db/names.json ./dist/names.json +mkdir -p /var/config cat </opt/pangolin/config/config.yml app: - dashboard_url: http://$IP_ADDR:3002 - log_level: debug + dashboard_url: "$pango_url" domains: domain1: - base_domain: example.com + base_domain: "$pango_url" + cert_resolver: "letsencrypt" server: - secret: $SECRET_KEY + secret: "$SECRET_KEY" gerbil: - base_endpoint: example.com - -orgs: - block_size: 24 - subnet_group: 100.90.137.0/20 + base_endpoint: "$pango_url" flags: require_email_verification: false - disable_signup_without_invite: true - disable_user_create_org: true - allow_raw_resources: true - enable_integration_api: true - enable_clients: true + disable_signup_without_invite: false + disable_user_create_org: false EOF -#$STD npm run db:sqlite:generate -#$STD npm run db:sqlite:push + +cat </opt/pangolin/config/traefik/traefik_config.yaml +api: + insecure: true + dashboard: true + +providers: + http: + endpoint: "http://$IP_ADDR:3001/api/v1/traefik-config" + pollInterval: "5s" + file: + filename: "/opt/pangolin/config/traefik/dynamic_config.yml" + +experimental: + plugins: + badger: + moduleName: "github.com/fosrl/badger" + version: "v1.2.0" + +log: + level: "INFO" + format: "common" + +certificatesResolvers: + letsencrypt: + acme: + httpChallenge: + entryPoint: web + email: $pango_email + storage: "/opt/pangolin/config/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + +entryPoints: + web: + address: ":80" + websecure: + address: ":443" + transport: + respondingTimeouts: + readTimeout: "30m" + http: + tls: + certResolver: "letsencrypt" + +serversTransport: + insecureSkipVerify: true + +ping: + entryPoint: "web" +EOF + +cat </opt/pangolin/config/traefik/dynamic_config.yml +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + + routers: + # HTTP to HTTPS redirect router + main-app-router-redirect: + rule: "Host(\`$pango_url\`)" + service: next-service + entryPoints: + - web + middlewares: + - redirect-to-https + + # Next.js router (handles everything except API and WebSocket paths) + next-router: + rule: "Host(\`$pango_url\`) && !PathPrefix($(/api/v1))" + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # API router (handles /api/v1 paths) + api-router: + rule: "Host(\`$pango_url\`) && PathPrefix($(/api/v1))" + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(\`$pango_url\`)" + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + services: + next-service: + loadBalancer: + servers: + - url: "http://$IP_ADDR:3002" + + api-service: + loadBalancer: + servers: + - url: "http://$IP_ADDR:3000" +EOF +$STD npm run db:sqlite:generate +$STD npm run db:sqlite:push + +. /etc/os-release +if [ "$VERSION_CODENAME" = "trixie" ]; then + echo "net.ipv4.ip_forward=1" >>/etc/sysctl.d/sysctl.conf + $STD sysctl -p /etc/sysctl.d/sysctl.conf +else + echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf + $STD sysctl -p /etc/sysctl.conf +fi msg_ok "Setup Pangolin" -msg_info "Creating Pangolin Service" +msg_info "Creating Services" cat </etc/systemd/system/pangolin.service [Unit] Description=Pangolin Service @@ -89,8 +197,10 @@ After=network.target [Service] Type=simple User=root +Environment=NODE_ENV=production +Environment=ENVIRONMENT=prod WorkingDirectory=/opt/pangolin -ExecStart=/usr/bin/npm start +ExecStart=/usr/bin/node --enable-source-maps dist/server.mjs Restart=always RestartSec=10 @@ -98,10 +208,7 @@ RestartSec=10 WantedBy=multi-user.target EOF systemctl enable -q --now pangolin -msg_ok "Created pangolin Service" -msg_info "Setting up gerbil" -mkdir -p /var/config cat </etc/systemd/system/gerbil.service [Unit] Description=Gerbil Service @@ -119,7 +226,22 @@ RestartSec=10 WantedBy=multi-user.target EOF systemctl enable -q --now gerbil -msg_ok "Set up gerbil" + +cat <<'EOF' >/etc/systemd/system/traefik.service +[Unit] +Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience + +[Service] +Type=notify +ExecStart=/usr/bin/traefik --configFile=/opt/pangolin/config/traefik/traefik_config.yaml +Restart=on-failure +ExecReload=/bin/kill -USR1 \$MAINPID + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now traefik +msg_ok "Created Services" motd_ssh customize