u/ovizii

I am busy moving from a fully manual setup including traefik + TS to pangolin.

Is pangolin ready to fully replace TS?
I tried changing the default networks pangolin uses for gerbil and newt to a different range so it won't interfere with TS but am still hitting a few problems.

It looks like I can replace most of TS's functionality with pangolin but am not sure on a few key points. i.e. currently I use an adguardhome instance as my DNS for all clients and machines across TS. I basically enforce the DNS so not quite sure if this can be fully replicated with pangolin?

Any pointers are welcome.

P.S. The basic issue I have while running both is that with the TS enforced DNS, I can't seem to manage to connect to any private HTTPS resources as TS's DNS resolves to the external IP. I only get to see the "Private Placeholder Screen" even though pangolin on my client device is connected to the network but.

I use an additional tool which can inject blocklists into crowdsec. Recently it got blocked by crowdsec despite me having an allowlist for all private ranges.

Any ideas what is going on?

The error:

crowdsec-monitor-api  | Deleting 26 alert(s) for blocklist "Abuse.ch" from CrowdSec...
crowdsec-monitor-api  | Error deleting alert 14609: 403 - {"message":"access forbidden from this IP (172.16.0.165)"}
crowdsec-monitor-api  | Background CrowdSec sync failed for blocklist "Abuse.ch": Failed to delete blocklist decisions from CrowdSec

The allowlist:

docker exec -ti crowdsec bash
root@crowdsec:/# cscli allowlist inspect PrivateRanges
──────────────────────────────────────────────
 Allowlist: PrivateRanges                     
──────────────────────────────────────────────
 Name                PrivateRanges            
 Description         Private IP Ranges        
 Created at          2026-04-22T10:32:54.492Z 
 Updated at          2026-04-30T07:26:02.981Z 
 Managed by Console  no                       
──────────────────────────────────────────────

───────────────────────────────────────────────────────────────────────────────────────────────
 Value           Comment                                      Expiration  Created at           
───────────────────────────────────────────────────────────────────────────────────────────────
 ::1                                                          never       2026-04-22T10:33:36Z 
 127.0.0.0/8                                                  never       2026-04-22T10:33:42Z 
 192.168.0.0/16                                               never       2026-04-22T10:33:50Z 
 10.0.0.0/8                                                   never       2026-04-22T10:33:59Z 
 172.16.0.0/12                                                never       2026-04-22T10:34:06Z 
 100.64.0.0/10   CGNAT range, used by Tailscale and Pangolin  never       2026-04-30T07:26:02Z 
───────────────────────────────────────────────────────────────────────────────────────────────
root@crowdsec:/# 

I'm testing a script to upload freshly downloaded financial statements straight via the API.

My first test-run uploaded 3 documents. Checking the file tasks I see nothing under queued and started, nothing from today under failed and 2 of the 3 uploaded documents under: Complete.

Checking my inbox, I do see all 3 documents though.

Makes me wonder ,why was the 3rd document not logged? Any way t odebug this?

I made a mistake when assigning the range and am already using the org, so I'd rather not delete it and start from scratch 😞

https://preview.redd.it/xhmsrnpo2ayg1.png?width=556&format=png&auto=webp&s=f741281d90312c9cb1b8254b3575b0d6ca2e6638

I have a newt site and a local site. When going to Network => Sites => local sites seem to offer no health check. There is simply a "-" where the newt sites shows a green "Online".

Now if I navigate to Network => Resources => public and look at a public resource on the local site, in the "Sites" column, if I click the drop-down it shows the local site in green and as online.

Now why wouldn't this also be possible in the sites view?

Bonus Question:
Why can't we create a health check for public resources on a local site but can set them up if going to Management => Alerting => Health Checks?