fosrl/pangolin 1.0.0-beta.9

on GitHub

What's Changed

• Add support for creating raw TCP/UDP resources
• Support load balancing between multiple targets on a resource
• Refactor resource authentication to use exchange method by passing temporary session token in query param
  • Necessary for multi-domain auth (full multi-domain support coming soon)
  • Necessary to allow auth http (no-ssl) resources (some browsers still break this)
  • Add resource_session_request_param to config
  • Remove resource_session_cookie_name from config
• Make http (no-ssl) resources functional
• Set readTimeout in Traefik config to prevent large file transfer limit
• Allow using wildcard email in email whitelist, like: *@example.com
• Make emails case-insensitive
• Add additional_middlewares to traefik section of config to allow setting custom middleware to resources
• Add log statements for failed authentication attempts
  • Enabled by setting log_failed_attempts to true in config
• Updates to SMTP section of config
  • All fields are not optional allowing use with unauthenticated SMTP server
  • Option to set smtp_secure (defaults to false)
  • Fall back to smtp_user if no no-repy is set
• Add dashboard_session_length_hours and resource_session_length_hours to allow setting custom session length
• Remove permanent redirect from redirect-to-https middleware
• Surround strings in config with double quotes
• Use ID value in selectors for data-selected
• Log password reset code to console to allow password reset if no SMTP configured (temporary fix)
• Create sqlite db backup before running automated migration script on startup
• Add in-memory caching to authentication middleware very-session requests

Full Changelog: https://github.com/fosrl/pangolin/compare/1.0.0-beta.8..1.0.0-beta.9

Acknowledgements

• We recently opened up our GitHub sponsors page, and thank you to those of you who have already sponsored us!
• Thank you to @hhftechnology for writing a how-to guide to manually configure Crowdsec. We plan to automate this in the future.
• Thank you to @nkkfs for beginning the internationalization process with Polish.

How to Update

Note: The auto migration script included in the updated images should handle automatic migrations. No manual intervention should be required. But just in case, the following are important:

1. Make sure the Badger version is at least v1.0.0-beta.3 in the static traefik_config.yml

2. Make sure you have these set, especially resource_session_request_param.

server:
    ...
    secure_cookies: true
    session_cookie_name: "p_session_token"
    resource_access_token_param: "p_token"
    resource_session_request_param: "p_session_request"
    ...

1. Update Newt to at least 1.0.0-beta.5. This is a requirement but if you plan to use TCP/UDP raw resources.