From b7c80971482cb621c3b7ccd9888a1c7fa8262f5e Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <nikholaspce@gmail.com>
Date: Mon, 19 Jan 2026 03:13:09 +0000
Subject: [PATCH] Add komodo/mastodon/Pangolin.md

---
 komodo/mastodon/Pangolin.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 komodo/mastodon/Pangolin.md

diff --git a/komodo/mastodon/Pangolin.md b/komodo/mastodon/Pangolin.md
new file mode 100644
index 0000000..0b885cc
--- /dev/null
+++ b/komodo/mastodon/Pangolin.md
@@ -0,0 +1,12 @@
+# Pangolin reverse-proxy guidance (concise)
+ - Pangolin handles TLS and obtains certs for masto.pcenicni.social.
+ - Create two upstreams on Pangolin:
+     1) mastodon_web -> <Mastodon host IP>:3000
+     2) mastodon_stream -> <Mastodon host IP>:4000
+ - Site rules:
+     - Default proxy target: mastodon_web
+     - If header "Upgrade" equals "websocket" OR Connection contains "Upgrade", route to mastodon_stream.
+ - Ensure these headers are forwarded to the Mastodon host:
+     Host, X-Forwarded-For, X-Forwarded-Proto=https, X-Forwarded-Host
+ - Increase timeouts on the streaming upstream so long-lived websocket connections don't time out.
+ - If your Mastodon host is firewalled, allow inbound connections from the Pangolin VPS IP to ports 3000 and 4000 only.
\ No newline at end of file