Pangolin Integration
This guide adds ELLIO EDL (External Dynamic List) protection to an existing Pangolin installation. Pangolin is a self-hosted platform that uses Traefik as its reverse proxy.
Prerequisites
Section titled “Prerequisites”- Existing Pangolin installation that’s working correctly
- Bootstrap token from your custom EDL configured for “Traefik Middleware”
- Access to modify Pangolin configuration files
Step 1: Add the ELLIO plugin to Pangolin
Section titled “Step 1: Add the ELLIO plugin to Pangolin”Modify your Pangolin Traefik configuration to include the ELLIO plugin.
Update Traefik static configuration
Section titled “Update Traefik static configuration”# Your existing Pangolin Traefik configuration...
# ADD THIS: ELLIO Plugin Configurationexperimental: plugins: # Your existing Pangolin plugins... ellio: moduleName: "github.com/ELLIO-Technology/ELLIO-Traefik-Middleware-Plugin" version: "v1.0.2"Update dynamic configuration
Section titled “Update dynamic configuration”http: middlewares: # Your existing Pangolin middlewares...
# ADD THIS: ELLIO EDL Middleware ellio-edl: plugin: ellio: bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN" logLevel: "info" ipStrategy: "direct" # Adjust based on your setup # Optional: Add machine identifier # machineId: "pangolin-production"
routers: # HTTP to HTTPS redirect router main-app-router-redirect: rule: "Host(`pangolin.example.com`)" service: next-service entryPoints: - web middlewares: - ellio-edl # Optionally protect Pangolin dashboard (even before redirect to HTTPS) - redirect-to-https
# Next.js router (handles everything except API and WebSocket paths) next-router: rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" service: next-service entryPoints: - websecure tls: certResolver: letsencrypt middlewares: - ellio-edl # Optionally protect Pangolin dashboard
# API router (handles /api/v1 paths) api-router: rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" service: api-service entryPoints: - websecure tls: certResolver: letsencrypt middlewares: - ellio-edl # Optionally protect Pangolin dashboardStep 2: Apply the ELLIO middleware to services
Section titled “Step 2: Apply the ELLIO middleware to services”Add the ELLIO middleware to the services you want to protect:
Global application via Pangolin config
# Your existing Pangolin configuration...
traefik: # Your existing Pangolin Traefik settings...
# ADD THIS: Apply ELLIO middleware to all services additional_middlewares: ["ellio-edl@file"]Step 3: Deploy and test
Section titled “Step 3: Deploy and test”For services behind Cloudflare, also read Cloudflare Setup.
Restart Traefik
Section titled “Restart Traefik”# Navigate to your Pangolin directory and restart Traefikdocker-compose restart traefik
# Check logs for successful plugin loadingdocker-compose logs traefik | grep -i ellioVerify the integration
Section titled “Verify the integration”Test the setup by checking the Traefik logs and the ELLIO platform:
- Check plugin loading: Look for ELLIO initialization messages in Traefik logs
- Test access control: Add a test IP to your EDL and verify it gets blocked
- Monitor events: Check the ELLIO platform for blocked request events