Pangolin Stack Debugging Commands 📊

28/01/2025 networking 5 mins read

Pangolin Stack Debugging Commands #

Container Management & Health

Basic Container Commands

# View all container stats (CPU, memory, network I/O)
docker stats

# View specific container stats
docker stats pangolin
docker stats gerbil
docker stats traefik

# Check container logs
docker compose logs -f
docker compose logs pangolin -f
docker compose logs gerbil -f
docker compose logs traefik -f

# Restart specific services
docker compose restart pangolin
docker compose restart gerbil
docker compose restart traefik

# Check container health status
docker inspect --format='{{.State.Health.Status}}' pangolin
docker inspect --format='{{.State.Health.Status}}' gerbil
docker inspect --format='{{.State.Health.Status}}' traefik

Container Inspection

# Get detailed container information
docker inspect pangolin
docker inspect gerbil
docker inspect traefik

# Check container environment variables
docker exec pangolin env
docker exec gerbil env
docker exec traefik env

# View running processes in containers
docker top pangolin
docker top gerbil
docker top traefik

Network Debugging

Network Inspection

# List all networks
docker network ls

# Inspect network details
docker network inspect pangolin_default

# Get container IP addresses
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pangolin
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' gerbil
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' traefik

# Check network connectivity between containers
docker exec pangolin ping gerbil
docker exec gerbil ping traefik

Port Mapping

# List all port mappings
docker port pangolin
docker port gerbil
docker port traefik

# Check listening ports
docker exec pangolin netstat -tulpn
docker exec gerbil netstat -tulpn
docker exec traefik netstat -tulpn

Volume Management

Volume Inspection

# List all volumes
docker volume ls

# Inspect volume details
docker volume inspect pangolin_config
docker volume inspect traefik_config

# Check volume contents
docker exec pangolin ls -la /app/config
docker exec traefik ls -la /etc/traefik

Config File Access

# View configuration files
docker exec pangolin cat /app/config/config.yml
docker exec traefik cat /etc/traefik/traefik_config.yml
docker exec traefik cat /etc/traefik/dynamic_config.yml

# Check file permissions
docker exec pangolin ls -l /app/config
docker exec traefik ls -l /etc/traefik

Service-Specific Commands

Pangolin

# Check Pangolin API health
curl -I http://localhost:3001/api/v1/health

# View Pangolin logs
docker exec pangolin tail -f /app/config/logs/pangolin.log

# Check database status
docker exec pangolin ls -l /app/config/db

Gerbil

# Check WireGuard interface status
docker exec gerbil wg show
docker exec gerbil ip addr show

# View Gerbil peers
docker exec gerbil wg show all

# Check Gerbil logs
docker exec gerbil tail -f /var/log/gerbil.log

Traefik

# Check Traefik dashboard (if enabled)
curl -I http://localhost:8080

# View Traefik configurations
docker exec traefik cat /etc/traefik/traefik.yml

# Check SSL certificates
docker exec traefik ls -l /letsencrypt

# View access logs
docker exec traefik tail -f /var/log/access.log

Security & Certificate Management

SSL/TLS

# Check Let's Encrypt certificates
docker exec traefik cat /letsencrypt/acme.json

# View certificate expiration
docker exec traefik openssl x509 -in /letsencrypt/acme.json -text -noout

# Test SSL configuration
curl -vI https://your-domain.com

Authentication

# Check Badger plugin status
docker exec traefik curl http://localhost:8080/api/http/middlewares

# Test authentication endpoints
curl -I https://your-domain.com/api/v1/auth/status

CrowdSec Security Monitoring

Basic CrowdSec Operations

# Monitor CrowdSec container resources
docker stats crowdsec

# View CrowdSec metrics
curl http://localhost:6060/metrics | grep appsec
docker exec -it crowdsec cscli metrics

# Check CrowdSec logs
docker exec -it crowdsec tail -f /var/log/crowdsec.log
docker exec -it crowdsec ls -l /var/log/traefik/
docker exec -it crowdsec cscli explain /var/log/traefik/traefik.log

Decision Management

# List current decisions
docker exec -it crowdsec cscli decisions list

# Add captcha challenge for an IP
docker exec crowdsec cscli decisions add --ip 10.10.10.45 --type captcha -d 1h

# Ban an IP address
docker exec crowdsec cscli decisions add -i 10.10.10.45 -t ban -d 1h

Bouncer Management

# List all bouncers
docker exec crowdsec cscli bouncers list

# Add Traefik bouncer
docker exec crowdsec cscli bouncers add traefik-bouncer

# Remove Traefik bouncer
docker exec crowdsec cscli bouncers delete traefik-bouncer

Configuration and Integration

# View CrowdSec acquisition configuration
docker exec crowdsec cat /etc/crowdsec/acquis.yaml

# Restart CrowdSec and Traefik
docker compose restart traefik crowdsec

# Check CrowdSec network configuration
docker network inspect root_default | grep -A 5 pangolin

Performance Monitoring

Resource Usage

# Check container resource limits
docker inspect --format='{{.HostConfig.Resources}}' pangolin
docker inspect --format='{{.HostConfig.Resources}}' gerbil
docker inspect --format='{{.HostConfig.Resources}}' traefik

# Monitor real-time metrics
docker stats --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}"

Network Performance

# Check network throughput
docker exec gerbil iftop -i wg0

# Monitor network connections
docker exec traefik netstat -ant | grep ESTABLISHED

Troubleshooting Tips

Always check logs first when encountering issues:

docker compose logs --tail=100 -f

Verify network connectivity between services:

docker network inspect pangolin_default

Check configuration file syntax:

docker exec pangolin yaml lint /app/config/config.yml
docker exec traefik traefik validate /etc/traefik/traefik_config.yml

Monitor system resources:

docker stats --no-stream

Verify service health endpoints:

curl -I http://localhost:3001/api/v1/health
curl -I http://localhost:3003/health # Gerbil
curl -I http://localhost:8080/ping # Traefik