12 lines
760 B
Markdown
12 lines
760 B
Markdown
# Pangolin reverse-proxy guidance (concise)
|
|
- Pangolin handles TLS and obtains certs for masto.pcenicni.social.
|
|
- Create two upstreams on Pangolin:
|
|
1) mastodon_web -> <Mastodon host IP>:3000
|
|
2) mastodon_stream -> <Mastodon host IP>:4000
|
|
- Site rules:
|
|
- Default proxy target: mastodon_web
|
|
- If header "Upgrade" equals "websocket" OR Connection contains "Upgrade", route to mastodon_stream.
|
|
- Ensure these headers are forwarded to the Mastodon host:
|
|
Host, X-Forwarded-For, X-Forwarded-Proto=https, X-Forwarded-Host
|
|
- Increase timeouts on the streaming upstream so long-lived websocket connections don't time out.
|
|
- If your Mastodon host is firewalled, allow inbound connections from the Pangolin VPS IP to ports 3000 and 4000 only. |