I think PasarGuard would benefit a lot from having built-in public domain / reverse proxy management inside the panel.
Right now, PasarGuard works well when accessed directly with the default port, for example:
https://dashboard.example.com:8000/dashboard/https://dashboard.example.com:8000/sub/TOKEN
There is also a URL Prefix setting for subscription links, which is useful. However, changing the URL Prefix only changes the generated subscription URL. It does not actually make the new domain or port work unless the user manually configures HAProxy, Nginx, Caddy, Traefik, or another reverse proxy.
For example, if I want clean public URLs like:
https://dashboard.example.com/dashboard/https://api.example.com/sub/TOKEN
I still need to manually configure a reverse proxy to forward traffic from port 443 to the internal PasarGuard backend, usually 127.0.0.1:8000.
The Single Port with HAProxy documentation explains how to solve this, but I think this is something many users would expect to manage directly from the panel.
A possible solution could be a new section in settings such as Public Access / Reverse Proxy / Domains, where the user can configure things like:
- Public dashboard domain
- Public subscription domain
- Public subscription path, for example
/sub
- Enable HTTPS / Auto SSL
- Redirect HTTP to HTTPS
- Expose only subscription routes on the subscription domain
- Keep the dashboard and subscription domains separated
- Generate or apply HAProxy/Caddy/Traefik configuration automatically
Example desired setup:
Internal panel:
127.0.0.1:8000
Public dashboard:
https://dashboard.example.com/dashboard/
Public subscription:
https://api.example.com/sub/TOKEN
This would make PasarGuard much easier to deploy for users who want clean production-ready URLs without exposing :8000 publicly.
It would also reduce confusion around the URL Prefix setting. Some users may assume that setting https://api.example.com as the URL Prefix is enough, but without a reverse proxy, the generated links will not work.
I understand that advanced users can already do this manually with HAProxy, Nginx, Caddy, or Traefik. But having this managed or at least generated by PasarGuard would improve the user experience a lot. Thanks.
I think PasarGuard would benefit a lot from having built-in public domain / reverse proxy management inside the panel.
Right now, PasarGuard works well when accessed directly with the default port, for example:
https://dashboard.example.com:8000/dashboard/https://dashboard.example.com:8000/sub/TOKENThere is also a URL Prefix setting for subscription links, which is useful. However, changing the URL Prefix only changes the generated subscription URL. It does not actually make the new domain or port work unless the user manually configures HAProxy, Nginx, Caddy, Traefik, or another reverse proxy.
For example, if I want clean public URLs like:
https://dashboard.example.com/dashboard/https://api.example.com/sub/TOKENI still need to manually configure a reverse proxy to forward traffic from port 443 to the internal PasarGuard backend, usually
127.0.0.1:8000.The Single Port with HAProxy documentation explains how to solve this, but I think this is something many users would expect to manage directly from the panel.
A possible solution could be a new section in settings such as Public Access / Reverse Proxy / Domains, where the user can configure things like:
/subExample desired setup:
This would make PasarGuard much easier to deploy for users who want clean production-ready URLs without exposing :8000 publicly.
It would also reduce confusion around the URL Prefix setting. Some users may assume that setting https://api.example.com as the URL Prefix is enough, but without a reverse proxy, the generated links will not work.
I understand that advanced users can already do this manually with HAProxy, Nginx, Caddy, or Traefik. But having this managed or at least generated by PasarGuard would improve the user experience a lot. Thanks.