home-server/komodo/mastodon/Pangolin.md

Pangolin reverse-proxy guidance (concise)

• Pangolin handles TLS and obtains certs for masto.pcenicni.social.
• Create two upstreams on Pangolin:
  1. mastodon_web -> :3000
  2. mastodon_stream -> :4000
• Site rules:
  • Default proxy target: mastodon_web
  • If header "Upgrade" equals "websocket" OR Connection contains "Upgrade", route to mastodon_stream.
• Ensure these headers are forwarded to the Mastodon host: Host, X-Forwarded-For, X-Forwarded-Proto=https, X-Forwarded-Host
• Increase timeouts on the streaming upstream so long-lived websocket connections don't time out.
• If your Mastodon host is firewalled, allow inbound connections from the Pangolin VPS IP to ports 3000 and 4000 only.