Skip to content

Instantly share code, notes, and snippets.

@coltondick

coltondick/Pangolin-Custom-Request-Headers.md

Last active September 10, 2025 18:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save coltondick/6e3e158b3fa48016006813b86a5b583e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save coltondick/6e3e158b3fa48016006813b86a5b583e to your computer and use it in GitHub Desktop.
Download ZIP
Configure Custom Request Header in Pangolin
Raw
Pangolin-Custom-Request-Headers.md

  1. Navigate to your pangolin-root directory.

  2. Edit your Pangolin docker-compose.yml and add the rules volume mapping - ./config/traefik/rules:/rules:

      traefik:
    image: traefik:v3.3.3
    container_name: traefik
    restart: unless-stopped

    network_mode: service:gerbil # Ports appear on the gerbil service

    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --configFile=/etc/traefik/traefik_config.yml
    volumes:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
      - ./traefik/plugins-storage:/plugins-storage:rw
      - ./traefik/plugins-storage:/plugins-local:rw
      - ./config/traefik/rules:/rules
      - ./public_html:/var/www/html:ro

  3. Create a rules directory in your ./config/traefik directory: mkdir -p ./config/traefik/rules

  4. Move the dynamic_config.yml into the new rules directory mv ./config/traefik/dynamic_config.yml ./config/traefik/rules/

  5. Update traefik_config.yml

    providers:
  http:
    endpoint: "http://pangolin:3001/api/v1/traefik-config"
    pollInterval: "5s"
  file:
    directory: /rules
    watch: true

  6. Restart the Pangolin stack:

    docker compose down
docker compose up -d --force-recreate

  7. Add a new Resource in Pangolin to expose the Traefik dashboard: image

  8. Enable authentication on the traefik dashboard: image

  9. Locate the router (the site) that you need to add Custom Request Headers to and make note of the name and service. For example: name: 28-router & service: 28-service@http

  10. Create a new file in the rules directory: touch ./config/traefik/rules/custom-request-headers.yml

  11. Edit the newly created file and add the following ensuring to update it to :

    http:
  middlewares:
    inject-auth:
      headers:
        customRequestHeaders:
          Authorization: "Bearer ABCDEFGH" # Changeme 

  routers:
    28-router-auth-bypass: # Update the name to the noted name and append -auth-bypass
      rule: "Host(`aiolists.example.tld`)"
      entryPoints:
        - websecure
      middlewares:
        - inject-auth
      service: "28-service@http" # Update the service to the exact service that you noted
      priority: 10000   # highest priority so this router always wins   
      tls:
        certResolver: "letsencrypt"

  12. Save the file, and restart traefik docker restart traefik

  13. Verify that there are no issues in the log docker logs -f traefik

  14. Test whether or not you can bypass the Pangolin auth now using your custom header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment