calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-01-28 22:00:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
524 Commits 19 Branches 85 Tags
0e04e82b880f29163953aa97b568fd7cedaf1fbd
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Owen Schwartz 0e04e82b88 Squashed commit of the following: 
commit c276d2193da5dbe7af5197bdf7e2bcce6f87b0cf
Author: Owen Schwartz <owen@txv.io>
Date:   Tue Jan 28 22:06:04 2025 -0500

    Okay actually now

commit 9afdc0aadc3f4fb4e811930bacff70a9e17eab9f
Author: Owen Schwartz <owen@txv.io>
Date:   Tue Jan 28 21:58:44 2025 -0500

    Migrations working finally

commit a7336b3b2466fe74d650b9c253ecadbe1eff749d
Merge: e7c7203 fdb1ab4
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 22:19:15 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit e7c7203330b1b08e570048b10ef314b55068e466
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 22:18:09 2025 -0500

    Working on migration

commit a4704dfd44b10647257c7c7054c0dae806d315bb
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:40:52 2025 -0500

    Add flag to allow raw resources

commit d74f7a57ed11e2a6bf1a7e0c28c29fb07eb573a0
Merge: 6817788 d791b9b
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:28:50 2025 -0500

    Merge branch 'tcp-udp-traffic' of https://github.com/fosrl/pangolin into tcp-udp-traffic

commit 68177882781b54ef30b62cca7dee8bbed7c5a2fa
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:28:32 2025 -0500

    Get everything working

commit d791b9b47f9f6ca050d6edfd1d674438f8562d99
Author: Milo Schwartz <mschwartz10612@gmail.com>
Date:   Mon Jan 27 17:46:19 2025 -0500

    fix orgId check in verifyAdmin

commit 6ac30afd7a449a126190d311bd98d7f1048f73a4
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 23:19:33 2025 -0500

    Trying to figure out traefik...

commit 9886b42272882f8bb6baff2efdbe26cee7cac2b6
Merge: 786e67e 85e9129
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 21:53:32 2025 -0500

    Merge branch 'tcp-udp-traffic' of https://github.com/fosrl/pangolin into tcp-udp-traffic

commit 786e67eadd6df1ee8df24e77aed20c1f1fc9ca67
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 21:51:37 2025 -0500

    Bug fixing

commit 85e9129ae313b2e4a460a8bc53a0af9f9fbbafb2
Author: Milo Schwartz <mschwartz10612@gmail.com>
Date:   Sun Jan 26 18:35:24 2025 -0500

    rethrow errors in migration and remove permanent redirect

commit bd82699505fc7510c27f72cd80ea0ce815d8c5ef
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:49:12 2025 -0500

    Fix merge issue

commit 933dbf3a02b1f19fd1f627410b2407fdf05cd9bf
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:46:13 2025 -0500

    Add sql to update resources and targets

commit f19437bad847c8dbf57fddd2c48cd17bab20ddb0
Merge: 58980eb 9f1f291
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:19:51 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit 58980ebb64d1040b4d224c76beb38c2254f3c5d9
Merge: 1de682a d284d36
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:10:09 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit 1de682a9f6039f40e05c8901c7381a94b0d018ed
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:08:29 2025 -0500

    Working on migrations

commit dc853d2bc02b11997be5c3c7ea789402716fb4c2
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 16:56:49 2025 -0500

    Finish config of resource pages

commit 37c681c08d7ab73d2cad41e7ef1dbe3a8852e1f2
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 16:07:25 2025 -0500

    Finish up table

commit 461c6650bbea0d7439cc042971ec13fdb52a7431
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 15:54:46 2025 -0500

    Working toward having dual resource types

commit f0894663627375e16ce6994370cb30b298efc2dc
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 22:31:25 2025 -0500

    Add qutoes

commit edc535b79b94c2e65b290cd90a69fe17d27245e9
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 22:28:45 2025 -0500

    Add readTimeout to allow long file uploads

commit 194892fa14b505bd7c2b31873dc13d4b8996c0e1
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 20:37:34 2025 -0500

    Rework traefik config generation

commit ad3f896b5333e4706d610c3198f29dcd67610365
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 13:01:47 2025 -0500

    Add proxy port to api

commit ca6013b2ffda0924a696ec3141825a54a4e5297d
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 12:58:01 2025 -0500

    Add migration

commit 2258d76cb3a49d3db7f05f76d8b8a9f1c248b5e4
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 12:55:02 2025 -0500

    Add new proxy port
2025-01-28 22:26:45 -05:00
.github
add cicd
2025-01-24 23:18:27 -05:00
bruno
Newt registration?
2024-11-15 21:53:58 -05:00
config
Squashed commit of the following:
2025-01-28 22:26:45 -05:00
install
Squashed commit of the following:
2025-01-28 22:26:45 -05:00
public
docs and logos (#7)
2025-01-06 22:43:17 -05:00
server
Squashed commit of the following:
2025-01-28 22:26:45 -05:00
src
Squashed commit of the following:
2025-01-28 22:26:45 -05:00
.dockerignore
docs and logos (#7)
2025-01-06 22:43:17 -05:00
.editorconfig
add .editorconfig and fix db imports in scripts
2024-09-28 17:42:07 -04:00
.eslintrc.json
typescript issues and add eslint back
2024-11-24 11:52:46 -05:00
.gitignore
add cicd
2025-01-24 23:18:27 -05:00
.nvmrc
add shad
2024-10-06 09:55:45 -04:00
.prettierrc
env context and refactor api support different ports
2024-12-12 22:46:58 -05:00
components.json
Format files and fix http response
2024-10-06 18:05:20 -04:00
CONTRIBUTING.md
docs and logos (#7)
2025-01-06 22:43:17 -05:00
docker-compose.example.yml
remove base_url from config (#13)
2025-01-07 22:41:35 -05:00
Dockerfile
optionally generate traefik files, set cors in config, and set trust proxy in config
2025-01-15 23:26:31 -05:00
drizzle.config.ts
refactor and reorganize
2025-01-01 21:41:31 -05:00
esbuild.mjs
Merge branch 'main' of https://github.com/fosrl/pangolin
2024-12-26 11:45:39 -05:00
LICENSE
Update repo to fosrl and add license
2025-01-04 21:24:32 -05:00
Makefile
change target form verbiage and update readme
2025-01-11 13:32:06 -05:00
next.config.mjs
disable eslint in build mode bc it's annoying
2024-10-06 20:03:53 -04:00
package.json
refactor auth to work cross domain and with http resources closes #100
2025-01-26 14:42:02 -05:00
postcss.config.mjs
bootstrapped
2024-09-27 21:39:03 -04:00
README.md
add authors to readme
2025-01-11 22:37:50 -05:00
SECURITY.md
add security policy
2025-01-08 21:47:26 -05:00
tailwind.config.ts
Format files and fix http response
2024-10-06 18:05:20 -04:00
tsconfig.json
migrate to next 15 and react 19
2024-10-23 13:30:23 -04:00

README.md

Pangolin

Documentation Docker Stars Discord Youtube

Pangolin is a self-hosted tunneled reverse proxy management server with identity and access management, designed to securely expose private resources through use with the Traefik reverse proxy and WireGuard tunnel clients like Newt. With Pangolin, you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, and simplifying complex network setups, all with a clean and simple UI.

Installation and Documentation

Authors and Maintainers

Preview

Preview

Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected to the central server.

Key Features

Reverse Proxy Through WireGuard Tunnel

  • Expose private resources on your network without opening ports.
  • Secure and easy to configure site-to-site connectivity via a custom user space WireGuard client, Newt.
  • Built-in support for any WireGuard client.
  • Automated SSL certificates (https) via LetsEncrypt.

Identity & Access Management

  • Centralized authentication system using platform SSO. Users will only have to manage one login.
  • Totp with backup codes for two-factor authentication.
  • Create organizations, each with multiple sites, users, and roles.
  • Role-based access control to manage resource access permissions.
  • Additional authentication options include:
    • Email whitelisting with one-time passcodes.
    • Temporary, self-destructing share links.
    • Resource specific pin codes.
    • Resource specific passwords.

Simple Dashboard UI

  • Manage sites, users, and roles with a clean and intuitive UI.
  • Monitor site usage and connectivity.
  • Light and dark mode options.
  • Mobile friendly.

Easy Deployment

  • Docker Compose based setup for simplified deployment.
  • Future-proof installation script for streamlined setup and feature additions.
  • Run on any VPS.
  • Use your preferred WireGuard client to connect, or use Newt, our custom user space client for the best experience.

Modular Design

  • Extend functionality with existing Traefik plugins, such as Fail2Ban or CrowdSec, which integrate seamlessly.
  • Attach as many sites to the central server as you wish.

Screenshots

Pangolin has a straightforward and simple dashboard UI:

Sites Example Users Example Share Link Example
Sites Users Share Link
Authentication Example Connectivity Example
Authentication Connectivity

Workflow Example

Deployment and Usage Example

  1. Deploy the Central Server:

    • Deploy the Docker Compose stack containing Pangolin, Gerbil, and Traefik onto a VPS hosted on a cloud platform like Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.

  2. Domain Configuration:

    • Point your domain name to the VPS and configure Pangolin with your preferred settings.

  3. Connect Private Sites:

    • Install Newt or use another WireGuard client on private sites.
    • Automatically establish a connection from these sites to the central server.

  4. Configure Users & Roles

    • Define organizations and invite users.
    • Implement user- or role-based permissions to control resource access.

Use Case Example - Bypassing Port Restrictions in Home Lab:
Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.

Use Case Example - IoT Networks:
IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.

Similar Projects and Inspirations

Pangolin was inspired by several existing projects and concepts:

  • Cloudflare Tunnels:
    A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.

  • Authentik and Authelia:
    These projects inspired Pangolins centralized authentication system for proxies, enabling robust user and role management.

Licensing

Pangolin is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.

Contributions

Please see CONTRIBUTING in the repository for guidelines and best practices.

Please post bug reports and other functional issues in the Issues section of the repository. For all feature requests, or other ideas, please use the Discussions section.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
crowdsecdockerhome-labidentity-managementiotletsencryptoidcproxyreverse-proxyself-hostedsingle-sign-ontraefikvpnwireguardzero-trustzero-trust-network-accessztna
Readme AGPL-3.0 61 MiB
Languages
TypeScript 98.1%
Go 0.9%
JavaScript 0.4%
Makefile 0.4%
CSS 0.1%