Pangolin Integration

This guide shows how to add ELLIO EDL (External Dynamic List) protection to an existing Pangolin installation. Pangolin is a popular self-hosted security platform that uses Traefik as its reverse proxy.

Prerequisites

Existing Pangolin installation that's working correctly
Bootstrap token from your custom EDL configured for "Traefik Middleware"
Access to modify Pangolin configuration files

Step 1: Add ELLIO Plugin to Pangolin

Modify your Pangolin Traefik configuration to include the ELLIO plugin.

Update Traefik Static Configuration

YAML

# config/traefik/traefik_config.yml
# Your existing Pangolin Traefik configuration...

# ADD THIS: ELLIO Plugin Configuration
experimental:
  plugins:
    # Your existing Pangolin plugins...
    ellio:
      moduleName: "github.com/ELLIO-Technology/ELLIO-Traefik-Middleware-Plugin"
      version: "v1.0.1"

Update Dynamic Configuration

YAML

config/traefik/dynamic_config.yml
http:
  middlewares:
    # Your existing Pangolin middlewares...

    # ADD THIS: ELLIO EDL Middleware
    ellio-edl:
      plugin:
        ellio:
          bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN"
          logLevel: "info" 
          ipStrategy: "direct"  # Adjust based on your setup
          # Optional: Add machine identifier
          # machineId: "pangolin-production"

 routers:
    # HTTP to HTTPS redirect router
    main-app-router-redirect:
      rule: "Host(`pangolin.example.com`)"
      service: next-service
      entryPoints:
        - web
      middlewares:
        - ellio-ipblock # Optionally protect Pangolin dashboard (even before redirect to HTTPS)
        - redirect-to-https

    # Next.js router (handles everything except API and WebSocket paths)
    next-router:
      rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)"
      service: next-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - ellio-ipblock # Optionally protect Pangolin dashboard

    # API router (handles /api/v1 paths)
    api-router:
      rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)"
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - ellio-ipblock  # Optionally protect Pangolin dashboard

Step 2: Apply ELLIO Middleware to Services

Add the ELLIO middleware to the services you want to protect:

Global Application via Pangolin Config

config/config.yml
# Your existing Pangolin configuration...

traefik:
  # Your existing Pangolin Traefik settings...
  
  # ADD THIS: Apply ELLIO middleware to all services
  additional_middlewares: ["ellio-edl@file"]

Troubleshooting 503 errors

If you experience problems or instabilities after adding the ELLIO plugin (or any extra plugin), try disabling the "Enable Docker Socket" option in your Pangolin site settings.

Step 3: Deploy and Test

Note: For advanced configurations like CloudFlare setup, see CloudFlare Setup.

Restart Traefik

# Navigate to your Pangolin directory and restart Traefik
docker-compose restart traefik

# Check logs for successful plugin loading
docker-compose logs traefik | grep -i ellio

Verify Integration

Test the setup by checking the Traefik logs and ELLIO platform:

Check plugin loading: Look for ELLIO initialization messages in Traefik logs
Test access control: Add a test IP to your EDL and verify it gets blocked
Monitor events: Check the ELLIO platform for blocked request events

Prerequisites​

Step 1: Add ELLIO Plugin to Pangolin​

Update Traefik Static Configuration​

Update Dynamic Configuration​

Step 2: Apply ELLIO Middleware to Services​

Step 3: Deploy and Test​

Restart Traefik​

Verify Integration​