diff --git a/.DS_Store b/.DS_Store index b2e7a33..c2132f6 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/about/how-pangolin-works.mdx b/about/how-pangolin-works.mdx new file mode 100644 index 0000000..fc31698 --- /dev/null +++ b/about/how-pangolin-works.mdx @@ -0,0 +1,52 @@ +--- +title: "How Pangolin Works" +--- + +## Architecture + +Pangolin is an open-source system composed of several interconnected components that work together to provide secure, application-specific access. The central server, often referred to as the point of presence, is the core of the system. In self-hosted deployments, the point of presence typically includes Pangolin, Gerbil, and Traefik with its custom plugin, Badger. + +A site represents a connection to an edge network. Pangolin can manage multiple edge networks simultaneously through its lightweight site client, Newt, which facilitates secure communication between the point of presence and the edge networks. + +## System Diagram + + + + +## Components + +### Pangolin + +Pangolin serves as the main control plane and orchestrates the system. It includes: +- An external-facing REST API for user interactions. +- A WebSocket server for managing connections to Newt clients. +- An internal REST API for communication between system components. +- A frontend server for the web interface. +- Integration with the main database for data storage. +- A built-in authentication system for Zero Trust Network Access (ZTNA). + +### Gerbil + +Gerbil is responsible for managing WireGuard tunnels. It acts as a peer management server, creating and maintaining secure, encrypted tunnels between edge networks (sites) and the point of presence. + +### Newt + +Newt is a lightweight, user-space client designed to run on edge networks. It: + +- Searches for the closest point of presence for optimal connectivity. +- Connects to the Pangolin server via WebSocket and to Gerbil using a fully user-space WireGuard implementation. +- Facilitates access to other resources on the edge network by creating TCP/UDP proxies. + +### Traefik + +Traefik is a high-performance, modular reverse proxy that routes requests to backend resources. It handles middleware, SSL termination, and provides extensibility through its plugin system. Key features include: + +- Badger: A custom authentication middleware plugin. +- Compatibility with security plugins like GeoBlock and CrowdSec for enhanced protection. + +### Badger + +Badger is Pangolin’s custom Traefik middleware plugin that enforces authentication. It: + +- Intercepts incoming requests to the Traefik reverse proxy. +- Redirects unauthenticated requests to the Pangolin server for authentication, ensuring secure access to backend resources. diff --git a/about/pangolin-vs-traditional-reverse-proxy.mdx b/about/pangolin-vs-traditional-reverse-proxy.mdx new file mode 100644 index 0000000..cc1c602 --- /dev/null +++ b/about/pangolin-vs-traditional-reverse-proxy.mdx @@ -0,0 +1,56 @@ +--- +title: "Pangolin vs. Reverse Proxy" +--- + +Pangolin shares many similarities with traditional reverse proxies, as it builds upon the same foundational principles. In fact, Pangolin leverages Traefik, one of the most popular reverse proxies, as its core component. + +Like a traditional reverse proxy, Pangolin acts as an intermediary between clients and backend servers. Requests are routed through Pangolin, which determines the appropriate backend server to handle the request. This ensures that clients never directly communicate with backend servers. Pangolin also handles key reverse proxy functionalities, including: + +- **Routing**: Directing traffic to the appropriate backend service. +- **SSL Termination**: Managing HTTPS encryption and decryption. +- **Logging**: Capturing and storing request/response data. +- **Middleware Management**: Supporting plugins and middleware for additional functionality. + +## Key Differences + +### Tunneling + +Traditional reverse proxies typically operate on the same network as the backend servers they connect to. This setup requires: + +- A public IP address for the network. +- Open ports (e.g., TCP 443 and 80) to allow external traffic. + +Pangolin eliminates these requirements by introducing tunneling, which allows it to operate on a completely separate server and network from the backend services. Key benefits of Pangolin's tunneling include: + +- **Centralized Management**: Multiple isolated edge networks can connect to a single Pangolin instance, meaning you only need to manage one reverse proxy server. +- **Encrypted Traffic**: All traffic between the edge network and the central Pangolin server is fully encrypted. +- **No Public IP or Open Ports**: Edge networks do not require a public IP address or open ports, reducing the attack surface and simplifying network configurations. + +This tunneling capability makes Pangolin particularly useful for environments with restrictive network policies, such as those behind Carrier-Grade NAT (CGNAT) or firewalls. + +### Identity-Aware Proxy (IAP) + +Pangolin incorporates Identity-Aware Proxy (IAP) functionality, enabling zero-trust access to backend services. Unlike traditional reverse proxies, which often rely on network-based trust, Pangolin evaluates every access request based on user identity, device, location, and other contextual factors. + +#### How IAP Works + +1. **User Request**: A user attempts to access a protected internal web app, API, or resource. +2. **Request Interception**: The request is intercepted by Pangolin's IAP instead of being routed directly to the backend. +3. **Authentication & Authorization**: Pangolin verifies the user’s identity using OAuth2/OpenID (e.g., Google, Azure AD, Okta). +4. **Context-Aware Checks**: Additional conditions, such as IP address, group membership, or geographic location, are evaluated. +5. **Access Decision**: If all checks are passed, the request is forwarded to the backend service; otherwise, access is denied. + +#### Access Control Features + +Pangolin provides a robust suite of access control mechanisms, including but not limited to: + +- **User and Role-Based Access Control (RBAC)**: Define granular permissions for users and roles. +- **Resource-Specific Security**: + - PIN codes and passwords for individual resources. + - Shareable links with expiration dates. +- **Authentication Options**: + - Email-based One-Time Passwords (OTP). + - Single Sign-On (SSO) with external identity providers via OIDC. + - Two-Factor Authentication (2FA) and passkeys. +- **Contextual Rules**: + - IP, CIDR, and path-based access rules. diff --git a/about/pangolin-vs-vpn.mdx b/about/pangolin-vs-vpn.mdx new file mode 100644 index 0000000..6a672f9 --- /dev/null +++ b/about/pangolin-vs-vpn.mdx @@ -0,0 +1,28 @@ +--- +title: "Pangolin vs. VPN" +--- + +Pangolin and VPNs both provide secure remote access, but they differ in functionality and use cases. VPNs grant full network-level access, requiring client-side software to connect, while Pangolin provides application-specific access directly through a web browser with authentication, eliminating the need for additional software on the user’s device. + +## Key Differences + +### Access Scope + + - **Pangolin**: Exposes specific applications or services securely. Users access resources via a browser, ensuring no full network access is granted. + - **VPN**: Provides unrestricted access to the entire private network, which can increase security risks if a device is compromised. + +### Access Control + + - **Pangolin**: Enforces zero-trust policies with role-based access control (RBAC), path-based rules, and authentication methods like SSO, OIDC, and 2FA. + - **VPN**: Relies on network segmentation or ACLs for security, with fewer granular controls. + +### Deployment + + - **Pangolin**: Operates as a centralized reverse proxy using encrypted WireGuard tunnels, requiring no public IPs or open ports on edge networks. + - **VPN**: Requires a VPN server, public IPs, and open ports for inbound connections. + +# Pangolin vs. Mesh VPN (e.g., Tailscale, Netbird) + +Pangolin and mesh VPNs like Tailscale or Netbird both provide secure remote access, but they differ in their approach and functionality. Mesh VPNs focus on creating peer-to-peer connections between devices for full network access, while Pangolin is designed to expose specific applications or services securely through points of presence, with no need for client-side software on user devices. + +Pangolin is a better choice for application-specific access with zero-trust security and no client-side software requirements. Mesh VPNs like Tailscale or Netbird are more suitable for full network access and peer-to-peer connectivity. For environments prioritizing granular access control and simplicity, Pangolin offers a more focused and secure solution. diff --git a/ai-tools/claude-code.mdx b/ai-tools/claude-code.mdx deleted file mode 100644 index bdc4e04..0000000 --- a/ai-tools/claude-code.mdx +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: "Claude Code setup" -description: "Configure Claude Code for your documentation workflow" -icon: "asterisk" ---- - -Claude Code is Anthropic's official CLI tool. This guide will help you set up Claude Code to help you write and maintain your documentation. - -## Prerequisites - -- Active Claude subscription (Pro, Max, or API access) - -## Setup - -1. Install Claude Code globally: - - ```bash - npm install -g @anthropic-ai/claude-code -``` - -2. Navigate to your docs directory. -3. (Optional) Add the `CLAUDE.md` file below to your project. -4. Run `claude` to start. - -## Create `CLAUDE.md` - -Create a `CLAUDE.md` file at the root of your documentation repository to train Claude Code on your specific documentation standards: - -````markdown -# Mintlify documentation - -## Working relationship -- You can push back on ideas-this can lead to better documentation. Cite sources and explain your reasoning when you do so -- ALWAYS ask for clarification rather than making assumptions -- NEVER lie, guess, or make up information - -## Project context -- Format: MDX files with YAML frontmatter -- Config: docs.json for navigation, theme, settings -- Components: Mintlify components - -## Content strategy -- Document just enough for user success - not too much, not too little -- Prioritize accuracy and usability of information -- Make content evergreen when possible -- Search for existing information before adding new content. Avoid duplication unless it is done for a strategic reason -- Check existing patterns for consistency -- Start by making the smallest reasonable changes - -## Frontmatter requirements for pages -- title: Clear, descriptive page title -- description: Concise summary for SEO/navigation - -## Writing standards -- Second-person voice ("you") -- Prerequisites at start of procedural content -- Test all code examples before publishing -- Match style and formatting of existing pages -- Include both basic and advanced use cases -- Language tags on all code blocks -- Alt text on all images -- Relative paths for internal links - -## Git workflow -- NEVER use --no-verify when committing -- Ask how to handle uncommitted changes before starting -- Create a new branch when no clear branch exists for changes -- Commit frequently throughout development -- NEVER skip or disable pre-commit hooks - -## Do not -- Skip frontmatter on any MDX file -- Use absolute URLs for internal links -- Include untested code examples -- Make assumptions - always ask for clarification -```` diff --git a/ai-tools/cursor.mdx b/ai-tools/cursor.mdx deleted file mode 100644 index fbb7761..0000000 --- a/ai-tools/cursor.mdx +++ /dev/null @@ -1,420 +0,0 @@ ---- -title: "Cursor setup" -description: "Configure Cursor for your documentation workflow" -icon: "arrow-pointer" ---- - -Use Cursor to help write and maintain your documentation. This guide shows how to configure Cursor for better results on technical writing tasks and using Mintlify components. - -## Prerequisites - -- Cursor editor installed -- Access to your documentation repository - -## Project rules - -Create project rules that all team members can use. In your documentation repository root: - -```bash -mkdir -p .cursor -``` - -Create `.cursor/rules.md`: - -````markdown -# Mintlify technical writing rule - -You are an AI writing assistant specialized in creating exceptional technical documentation using Mintlify components and following industry-leading technical writing practices. - -## Core writing principles - -### Language and style requirements - -- Use clear, direct language appropriate for technical audiences -- Write in second person ("you") for instructions and procedures -- Use active voice over passive voice -- Employ present tense for current states, future tense for outcomes -- Avoid jargon unless necessary and define terms when first used -- Maintain consistent terminology throughout all documentation -- Keep sentences concise while providing necessary context -- Use parallel structure in lists, headings, and procedures - -### Content organization standards - -- Lead with the most important information (inverted pyramid structure) -- Use progressive disclosure: basic concepts before advanced ones -- Break complex procedures into numbered steps -- Include prerequisites and context before instructions -- Provide expected outcomes for each major step -- Use descriptive, keyword-rich headings for navigation and SEO -- Group related information logically with clear section breaks - -### User-centered approach - -- Focus on user goals and outcomes rather than system features -- Anticipate common questions and address them proactively -- Include troubleshooting for likely failure points -- Write for scannability with clear headings, lists, and white space -- Include verification steps to confirm success - -## Mintlify component reference - -### Callout components - -#### Note - Additional helpful information - - -Supplementary information that supports the main content without interrupting flow - - -#### Tip - Best practices and pro tips - - -Expert advice, shortcuts, or best practices that enhance user success - - -#### Warning - Important cautions - - -Critical information about potential issues, breaking changes, or destructive actions - - -#### Info - Neutral contextual information - - -Background information, context, or neutral announcements - - -#### Check - Success confirmations - - -Positive confirmations, successful completions, or achievement indicators - - -### Code components - -#### Single code block - -Example of a single code block: - -```javascript config.js -const apiConfig = { - baseURL: 'https://api.example.com', - timeout: 5000, - headers: { - 'Authorization': `Bearer ${process.env.API_TOKEN}` - } -}; -``` - -#### Code group with multiple languages - -Example of a code group: - - -```javascript Node.js -const response = await fetch('/api/endpoint', { - headers: { Authorization: `Bearer ${apiKey}` } -}); -``` - -```python Python -import requests -response = requests.get('/api/endpoint', - headers={'Authorization': f'Bearer {api_key}'}) -``` - -```curl cURL -curl -X GET '/api/endpoint' \ - -H 'Authorization: Bearer YOUR_API_KEY' -``` - - -#### Request/response examples - -Example of request/response documentation: - - -```bash cURL -curl -X POST 'https://api.example.com/users' \ - -H 'Content-Type: application/json' \ - -d '{"name": "John Doe", "email": "john@example.com"}' -``` - - - -```json Success -{ - "id": "user_123", - "name": "John Doe", - "email": "john@example.com", - "created_at": "2024-01-15T10:30:00Z" -} -``` - - -### Structural components - -#### Steps for procedures - -Example of step-by-step instructions: - - - - Run `npm install` to install required packages. - - - Verify installation by running `npm list`. - - - - - Create a `.env` file with your API credentials. - - ```bash - API_KEY=your_api_key_here - ``` - - - Never commit API keys to version control. - - - - -#### Tabs for alternative content - -Example of tabbed content: - - - - ```bash - brew install node - npm install -g package-name - ``` - - - - ```powershell - choco install nodejs - npm install -g package-name - ``` - - - - ```bash - sudo apt install nodejs npm - npm install -g package-name - ``` - - - -#### Accordions for collapsible content - -Example of accordion groups: - - - - - **Firewall blocking**: Ensure ports 80 and 443 are open - - **Proxy configuration**: Set HTTP_PROXY environment variable - - **DNS resolution**: Try using 8.8.8.8 as DNS server - - - - ```javascript - const config = { - performance: { cache: true, timeout: 30000 }, - security: { encryption: 'AES-256' } - }; - ``` - - - -### Cards and columns for emphasizing information - -Example of cards and card groups: - - -Complete walkthrough from installation to your first API call in under 10 minutes. - - - - - Learn how to authenticate requests using API keys or JWT tokens. - - - - Understand rate limits and best practices for high-volume usage. - - - -### API documentation components - -#### Parameter fields - -Example of parameter documentation: - - -Unique identifier for the user. Must be a valid UUID v4 format. - - - -User's email address. Must be valid and unique within the system. - - - -Maximum number of results to return. Range: 1-100. - - - -Bearer token for API authentication. Format: `Bearer YOUR_API_KEY` - - -#### Response fields - -Example of response field documentation: - - -Unique identifier assigned to the newly created user. - - - -ISO 8601 formatted timestamp of when the user was created. - - - -List of permission strings assigned to this user. - - -#### Expandable nested fields - -Example of nested field documentation: - - -Complete user object with all associated data. - - - - User profile information including personal details. - - - - User's first name as entered during registration. - - - - URL to user's profile picture. Returns null if no avatar is set. - - - - - - -### Media and advanced components - -#### Frames for images - -Wrap all images in frames: - - -Main dashboard showing analytics overview - - - -Analytics dashboard with charts - - -#### Videos - -Use the HTML video element for self-hosted video content: - - - -Embed YouTube videos using iframe elements: - - - -#### Tooltips - -Example of tooltip usage: - - -API - - -#### Updates - -Use updates for changelogs: - - -## New features -- Added bulk user import functionality -- Improved error messages with actionable suggestions - -## Bug fixes -- Fixed pagination issue with large datasets -- Resolved authentication timeout problems - - -## Required page structure - -Every documentation page must begin with YAML frontmatter: - -```yaml ---- -title: "Clear, specific, keyword-rich title" -description: "Concise description explaining page purpose and value" ---- -``` - -## Content quality standards - -### Code examples requirements - -- Always include complete, runnable examples that users can copy and execute -- Show proper error handling and edge case management -- Use realistic data instead of placeholder values -- Include expected outputs and results for verification -- Test all code examples thoroughly before publishing -- Specify language and include filename when relevant -- Add explanatory comments for complex logic -- Never include real API keys or secrets in code examples - -### API documentation requirements - -- Document all parameters including optional ones with clear descriptions -- Show both success and error response examples with realistic data -- Include rate limiting information with specific limits -- Provide authentication examples showing proper format -- Explain all HTTP status codes and error handling -- Cover complete request/response cycles - -### Accessibility requirements - -- Include descriptive alt text for all images and diagrams -- Use specific, actionable link text instead of "click here" -- Ensure proper heading hierarchy starting with H2 -- Provide keyboard navigation considerations -- Use sufficient color contrast in examples and visuals -- Structure content for easy scanning with headers and lists - -## Component selection logic - -- Use **Steps** for procedures and sequential instructions -- Use **Tabs** for platform-specific content or alternative approaches -- Use **CodeGroup** when showing the same concept in multiple programming languages -- Use **Accordions** for progressive disclosure of information -- Use **RequestExample/ResponseExample** specifically for API endpoint documentation -- Use **ParamField** for API parameters, **ResponseField** for API responses -- Use **Expandable** for nested object properties or hierarchical information -```` diff --git a/ai-tools/windsurf.mdx b/ai-tools/windsurf.mdx deleted file mode 100644 index fce12bf..0000000 --- a/ai-tools/windsurf.mdx +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: "Windsurf setup" -description: "Configure Windsurf for your documentation workflow" -icon: "water" ---- - -Configure Windsurf's Cascade AI assistant to help you write and maintain documentation. This guide shows how to set up Windsurf specifically for your Mintlify documentation workflow. - -## Prerequisites - -- Windsurf editor installed -- Access to your documentation repository - -## Workspace rules - -Create workspace rules that provide Windsurf with context about your documentation project and standards. - -Create `.windsurf/rules.md` in your project root: - -````markdown -# Mintlify technical writing rule - -## Project context - -- This is a documentation project on the Mintlify platform -- We use MDX files with YAML frontmatter -- Navigation is configured in `docs.json` -- We follow technical writing best practices - -## Writing standards - -- Use second person ("you") for instructions -- Write in active voice and present tense -- Start procedures with prerequisites -- Include expected outcomes for major steps -- Use descriptive, keyword-rich headings -- Keep sentences concise but informative - -## Required page structure - -Every page must start with frontmatter: - -```yaml ---- -title: "Clear, specific title" -description: "Concise description for SEO and navigation" ---- -``` - -## Mintlify components - -### Callouts - -- `` for helpful supplementary information -- `` for important cautions and breaking changes -- `` for best practices and expert advice -- `` for neutral contextual information -- `` for success confirmations - -### Code examples - -- When appropriate, include complete, runnable examples -- Use `` for multiple language examples -- Specify language tags on all code blocks -- Include realistic data, not placeholders -- Use `` and `` for API docs - -### Procedures - -- Use `` component for sequential instructions -- Include verification steps with `` components when relevant -- Break complex procedures into smaller steps - -### Content organization - -- Use `` for platform-specific content -- Use `` for progressive disclosure -- Use `` and `` for highlighting content -- Wrap images in `` components with descriptive alt text - -## API documentation requirements - -- Document all parameters with `` -- Show response structure with `` -- Include both success and error examples -- Use `` for nested object properties -- Always include authentication examples - -## Quality standards - -- Test all code examples before publishing -- Use relative paths for internal links -- Include alt text for all images -- Ensure proper heading hierarchy (start with h2) -- Check existing patterns for consistency -```` diff --git a/api-reference/endpoint/create.mdx b/api-reference/endpoint/create.mdx deleted file mode 100644 index 5689f1b..0000000 --- a/api-reference/endpoint/create.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: 'Create Plant' -openapi: 'POST /plants' ---- diff --git a/api-reference/endpoint/delete.mdx b/api-reference/endpoint/delete.mdx deleted file mode 100644 index 657dfc8..0000000 --- a/api-reference/endpoint/delete.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: 'Delete Plant' -openapi: 'DELETE /plants/{id}' ---- diff --git a/api-reference/endpoint/get.mdx b/api-reference/endpoint/get.mdx deleted file mode 100644 index 56aa09e..0000000 --- a/api-reference/endpoint/get.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: 'Get Plants' -openapi: 'GET /plants' ---- diff --git a/api-reference/endpoint/webhook.mdx b/api-reference/endpoint/webhook.mdx deleted file mode 100644 index 3291340..0000000 --- a/api-reference/endpoint/webhook.mdx +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: 'New Plant' -openapi: 'WEBHOOK /plant/webhook' ---- diff --git a/api-reference/introduction.mdx b/api-reference/introduction.mdx deleted file mode 100644 index c835b78..0000000 --- a/api-reference/introduction.mdx +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: 'Introduction' -description: 'Example section for showcasing API endpoints' ---- - - - If you're not looking to build API reference documentation, you can delete - this section by removing the api-reference folder. - - -## Welcome - -There are two ways to build API documentation: [OpenAPI](https://mintlify.com/docs/api-playground/openapi/setup) and [MDX components](https://mintlify.com/docs/api-playground/mdx/configuration). For the starter kit, we are using the following OpenAPI specification. - - - View the OpenAPI specification file - - -## Authentication - -All API endpoints are authenticated using Bearer tokens and picked up from the specification file. - -```json -"security": [ - { - "bearerAuth": [] - } -] -``` diff --git a/api-reference/openapi.json b/api-reference/openapi.json deleted file mode 100644 index da5326e..0000000 --- a/api-reference/openapi.json +++ /dev/null @@ -1,217 +0,0 @@ -{ - "openapi": "3.1.0", - "info": { - "title": "OpenAPI Plant Store", - "description": "A sample API that uses a plant store as an example to demonstrate features in the OpenAPI specification", - "license": { - "name": "MIT" - }, - "version": "1.0.0" - }, - "servers": [ - { - "url": "http://sandbox.mintlify.com" - } - ], - "security": [ - { - "bearerAuth": [] - } - ], - "paths": { - "/plants": { - "get": { - "description": "Returns all plants from the system that the user has access to", - "parameters": [ - { - "name": "limit", - "in": "query", - "description": "The maximum number of results to return", - "schema": { - "type": "integer", - "format": "int32" - } - } - ], - "responses": { - "200": { - "description": "Plant response", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Plant" - } - } - } - } - }, - "400": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "post": { - "description": "Creates a new plant in the store", - "requestBody": { - "description": "Plant to add to the store", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NewPlant" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "plant response", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Plant" - } - } - } - }, - "400": { - "description": "unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/plants/{id}": { - "delete": { - "description": "Deletes a single plant based on the ID supplied", - "parameters": [ - { - "name": "id", - "in": "path", - "description": "ID of plant to delete", - "required": true, - "schema": { - "type": "integer", - "format": "int64" - } - } - ], - "responses": { - "204": { - "description": "Plant deleted", - "content": {} - }, - "400": { - "description": "unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - } - }, - "webhooks": { - "/plant/webhook": { - "post": { - "description": "Information about a new plant added to the store", - "requestBody": { - "description": "Plant added to the store", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NewPlant" - } - } - } - }, - "responses": { - "200": { - "description": "Return a 200 status to indicate that the data was received successfully" - } - } - } - } - }, - "components": { - "schemas": { - "Plant": { - "required": [ - "name" - ], - "type": "object", - "properties": { - "name": { - "description": "The name of the plant", - "type": "string" - }, - "tag": { - "description": "Tag to specify the type", - "type": "string" - } - } - }, - "NewPlant": { - "allOf": [ - { - "$ref": "#/components/schemas/Plant" - }, - { - "required": [ - "id" - ], - "type": "object", - "properties": { - "id": { - "description": "Identification number of the plant", - "type": "integer", - "format": "int64" - } - } - } - ] - }, - "Error": { - "required": [ - "error", - "message" - ], - "type": "object", - "properties": { - "error": { - "type": "integer", - "format": "int32" - }, - "message": { - "type": "string" - } - } - } - }, - "securitySchemes": { - "bearerAuth": { - "type": "http", - "scheme": "bearer" - } - } - } -} \ No newline at end of file diff --git a/changelog.mdx b/changelog.mdx new file mode 100644 index 0000000..2bd23a5 --- /dev/null +++ b/changelog.mdx @@ -0,0 +1,14 @@ +--- +title: "Changelog" +description: "Updates and announcements" +--- + + + Added a new Wintergreen flavor. + + Released a new version of the Spearmint flavor, now with 10% more mint. + + + + Released a new version of the Spearmint flavor. + diff --git a/development.mdx b/development.mdx deleted file mode 100644 index ac633ba..0000000 --- a/development.mdx +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: 'Development' -description: 'Preview changes locally to update your docs' ---- - - - **Prerequisites**: - - Node.js version 19 or higher - - A docs repository with a `docs.json` file - - -Follow these steps to install and run Mintlify on your operating system. - - - - -```bash -npm i -g mint -``` - - - - -Navigate to your docs directory where your `docs.json` file is located, and run the following command: - -```bash -mint dev -``` - -A local preview of your documentation will be available at `http://localhost:3000`. - - - - -## Custom ports - -By default, Mintlify uses port 3000. You can customize the port Mintlify runs on by using the `--port` flag. For example, to run Mintlify on port 3333, use this command: - -```bash -mint dev --port 3333 -``` - -If you attempt to run Mintlify on a port that's already in use, it will use the next available port: - -```md -Port 3000 is already in use. Trying 3001 instead. -``` - -## Mintlify versions - -Please note that each CLI release is associated with a specific version of Mintlify. If your local preview does not align with the production version, please update the CLI: - -```bash -npm mint update -``` - -## Validating links - -The CLI can assist with validating links in your documentation. To identify any broken links, use the following command: - -```bash -mint broken-links -``` - -## Deployment - -If the deployment is successful, you should see the following: - - - Screenshot of a deployment confirmation message that says All checks have passed. - - -## Code formatting - -We suggest using extensions on your IDE to recognize and format MDX. If you're a VSCode user, consider the [MDX VSCode extension](https://marketplace.visualstudio.com/items?itemName=unifiedjs.vscode-mdx) for syntax highlighting, and [Prettier](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) for code formatting. - -## Troubleshooting - - - - - This may be due to an outdated version of node. Try the following: - 1. Remove the currently-installed version of the CLI: `npm remove -g mint` - 2. Upgrade to Node v19 or higher. - 3. Reinstall the CLI: `npm i -g mint` - - - - - Solution: Go to the root of your device and delete the `~/.mintlify` folder. Then run `mint dev` again. - - - -Curious about what changed in the latest CLI version? Check out the [CLI changelog](https://www.npmjs.com/package/mintlify?activeTab=versions). diff --git a/development/contributing.mdx b/development/contributing.mdx new file mode 100644 index 0000000..0d51e04 --- /dev/null +++ b/development/contributing.mdx @@ -0,0 +1,218 @@ +--- +title: "Development Guide" +description: "Set up your local development environment for contributing to Pangolin" +--- + +This guide describes how to set up your local development environment for contributing to Pangolin. We recommend using Docker Compose for the most consistent development experience across different environments. + +## Prerequisites + + +- Text Editor (VSCode, Neovim, etc.) +- NodeJS v20.10.0 +- NPM v10.2.3 (or similar) +- Go v1.23.1 +- Git +- Docker & Docker Compose + + + +For managing multiple versions of Go, you may want to use [gvm](https://github.com/moovweb/gvm). +For managing multiple versions of NodeJS, you may want to use [nvm](https://github.com/nvm-sh/nvm). + + +## Setup Your Repository + +Below is an example if you're working on the Pangolin repository. + + + + [Fork](https://help.github.com/articles/fork-a-repo/) the repository(ies) to your own GitHub account and [clone](https://help.github.com/articles/cloning-a-repository/) to your local device: + + ```bash + git clone https://github.com/YOUR_USERNAME/pangolin.git + cd pangolin/ + ``` + + + + Add the remote `upstream`: + + ```bash + git remote add upstream https://github.com/fosrl/pangolin.git + ``` + + + + Create a new branch: + + ```bash + git checkout -b BRANCH_NAME dev + ``` + + + It is recommended to give your branch a meaningful name, relevant to the feature or fix you are working on. + + **Good examples**: + - `docs-docker` + - `feature-new-system` + - `fix-title-cards` + + **Bad examples**: + - `bug` + - `docs` + - `feature` + - `fix` + - `patch` + + + + + If you open a pull request, open it against the `dev` branch of the original repository. + + + +## Pangolin Development Setup + +### Option 1: Docker Compose (Recommended) + + + + - Consistent environment + - Easy setup and teardown + - Isolated dependencies + - Works on any OS + + + + - Docker installed + - Docker Compose installed + - 4GB+ RAM available + + + + + + Install package dependencies: + + ```bash + npm install + ``` + + + + Ensure you have a `config/` directory at the root with a `config.yml` inside. Refer to the [Pangolin Configuration docs](/self-host/advanced/config-file) or the `config.example.yml` in the repo for a sample of what to include in that file. + + + You may need to tweak this to run in dev, such as setting the `dashboard_url` to `http://localhost:3002`. + + + + + Generate the database schema and push it: + + ```bash + npm run db:sqlite:generate + npm run db:sqlite:push + ``` + + + + Start the development server using Docker Compose: + + ```bash + docker compose up --build + ``` + + + This will build and start all services in development mode with hot reloading enabled. + + + + + +When running Pangolin for the first time there will be no exit nodes. This means that there have been no Gerbil "exit nodes" registered in the database. When Gerbil first starts up and requests its config from Pangolin for the first time it gets registered as an exit node. + +The easiest way to resolve this is to run Gerbil and have it register in your dev environment. Download the Gerbil binary and run it with localhost: + +```bash +./gerbil \ +--remoteConfig http://localhost:3001/api/v1/gerbil/get-config \ +--reportBandwidthTo http://localhost:3001/api/v1/gerbil/receive-bandwidth \ +--generateAndSaveKeyTo=/var/key \ +--reachableAt=http://localhost:3003 +``` + + +### Option 2: Local Development + + +Local development requires more setup and may have environment-specific issues. Docker Compose is recommended for consistency. + + + + + Install package dependencies: + + ```bash + npm install + ``` + + + + Ensure you have a `config/` directory at the root with a `config.yml` inside. Refer to the [Pangolin Configuration docs](/self-host/advanced/config-file) or the `config.example.yml` in the repo for a sample of what to include in that file. + + + You may need to tweak this to run in dev, such as setting the `dashboard_url` to `http://localhost:3002`. + + + + + Generate the database schema and push it: + + ```bash + npm run db:sqlite:generate + npm run db:sqlite:push + ``` + + + + Start the development server: + + ```bash + npm run dev + ``` + + + +## Component Development + +### Gerbil + + + - Go v1.23.1 + + +```bash +make local +``` + +### Newt + + + - Go v1.23.1 + + +```bash +make local +``` + +### Olm + + + - Go v1.23.1 + + +```bash +make local +``` diff --git a/development/feature-requests-and-bug-reports.mdx b/development/feature-requests-and-bug-reports.mdx new file mode 100644 index 0000000..cb9b722 --- /dev/null +++ b/development/feature-requests-and-bug-reports.mdx @@ -0,0 +1,176 @@ +--- +title: "Feature Requests & Bug Reports" +description: "How to submit feature requests and report bugs for Pangolin" +--- + +We welcome contributions from the community to help improve Pangolin. To ensure your feedback is properly tracked and prioritized, please use the appropriate GitHub sections for different types of submissions. + + + + Submit in GitHub Discussions for community feedback and upvoting + + + + Submit in GitHub Issues for tracking and resolution + + + +## Feature Requests + + +**Use GitHub Discussions**: [Pangolin Discussions](https://github.com/fosrl/pangolin/discussions) + + +We encourage you to submit feature requests in the [GitHub Discussions section](https://github.com/fosrl/pangolin/discussions) of the Pangolin repository. This allows the community to: + +- **Upvote features** they want to see implemented +- **Provide feedback** and suggestions on proposed features +- **Discuss implementation details** and alternatives +- **Help prioritize** which features to work on next + +### How to Submit a Feature Request + + + + Search the [Discussions section](https://github.com/fosrl/pangolin/discussions) to see if your feature has already been requested. + + + + Click "New discussion" and select "Feature Requests" or "Ideas" as the category. + + + + Include: + - Clear description of the feature + - Use case and benefits + - Any implementation ideas + - Screenshots or mockups if applicable + + + + Respond to comments and help refine the feature proposal. + + + +### Feature Request Template + +```markdown +## Feature Request: [Brief Description] + +### What problem does this solve? +[Describe the problem or limitation this feature would address] + +### Proposed solution +[Describe how this feature would work] + +### Use cases +[Describe specific scenarios where this would be useful] + +### Additional context +[Any other relevant information, screenshots, or examples] +``` + + +Feature requests with community support (upvotes and positive feedback) are more likely to be prioritized for development. + + +## Bug Reports + + +**Use GitHub Issues**: [Pangolin Issues](https://github.com/fosrl/pangolin/issues) + + +Bug reports should be submitted in the [GitHub Issues section](https://github.com/fosrl/pangolin/issues) for proper tracking and resolution. This ensures: + +- **Proper tracking** of bugs through their lifecycle +- **Developer visibility** for quick resolution +- **Version tracking** and regression testing +- **Duplicate detection** and consolidation + +### How to Submit a Bug Report + + + + Search the [Issues section](https://github.com/fosrl/pangolin/issues) to see if the bug has already been reported. + + + + Click "New issue" and select "Bug report" as the template. + + + + Provide all requested information including: + - Steps to reproduce + - Expected vs actual behavior + - Environment details + - Error messages or logs + + + + Use appropriate labels to help categorize the issue. + + + +### Bug Report Template + +```markdown +## Bug Description +[Brief description of the bug] + +## Steps to Reproduce +1. [First step] +2. [Second step] +3. [Third step] + +## Expected Behavior +[What should happen] + +## Actual Behavior +[What actually happens] + +## Environment +- **Pangolin Version**: [version] +- **OS**: [operating system] +- **Browser**: [if applicable] +- **Docker Version**: [if using Docker] + +## Error Messages +[Any error messages or logs] + +## Additional Context +[Screenshots, configuration files, or other relevant information] +``` + + +Please provide as much detail as possible to help developers reproduce and fix the issue quickly. + + +## Before Submitting + + +- Search existing discussions and issues to avoid duplicates +- Provide clear, detailed information +- Include steps to reproduce (for bugs) +- Test on the latest version of Pangolin +- Check if the issue is environment-specific + + +## Alternative Channels + + + + For security vulnerabilities, please email security@fossorial.com instead of posting publicly. + + + + For general questions, use [GitHub Discussions](https://github.com/fosrl/pangolin/discussions) with the "Q&A" category, or come chat with us on [Discord](https://discord.gg/HCJR8Xhme4). + + + +## Contributing Code + +If you'd like to implement a feature or fix a bug yourself, please see our [Development Guide](/development/contributing) for setup instructions and coding guidelines. + + +We appreciate all contributions, whether they're feature requests, bug reports, or code contributions. Your feedback helps make Pangolin better for everyone. + diff --git a/docs.json b/docs.json index d65b8f2..aec5acf 100644 --- a/docs.json +++ b/docs.json @@ -1,68 +1,65 @@ { "$schema": "https://mintlify.com/docs.json", - "theme": "mint", - "name": "Mint Starter Kit", + "theme": "aspen", + "name": "Pangolin Docs", + "description": "Pangolin is a self-hosted alternative to Cloudflare Tunnels, designed to provide secure and highly-available ingress access to applications.", "colors": { - "primary": "#16A34A", - "light": "#07C983", - "dark": "#15803D" + "primary": "#F36117", + "light": "#F36117", + "dark": "#F36117" }, "favicon": "/favicon.svg", "navigation": { "tabs": [ { - "tab": "Guides", + "tab": "Docs", "groups": [ { - "group": "Getting started", + "group": "About", "pages": [ - "index", - "quickstart", - "development" + "about/how-pangolin-works", + "about/pangolin-vs-traditional-reverse-proxy", + "about/pangolin-vs-vpn" ] }, { - "group": "Customization", + "group": "Newt Sites", + "pages": ["newt/installation"] + }, + { + "group": "Fully Self-host Pangolin", "pages": [ - "essentials/settings", - "essentials/navigation" + "self-host/quick-install", + { + "group": "Manual Installation", + "pages": [ + "self-host/manual/docker-compose", + "self-host/manual/unraid" + ] + }, + "self-host/choosing-a-vps", + "self-host/dns-and-networking", + "self-host/how-to-update", + "self-host/supporter-program", + { + "group": "Advanced Configuration", + "pages": [ + "self-host/advanced/config-file", + "self-host/advanced/wild-card-domains", + "self-host/advanced/cloudflare-proxy", + "self-host/advanced/without-tunneling", + "self-host/advanced/container-cli-tool", + "self-host/advanced/database-options", + "self-host/advanced/integration-api" + ] + } ] }, { - "group": "Writing content", + "group": "Development", "pages": [ - "essentials/markdown", - "essentials/code", - "essentials/images", - "essentials/reusable-snippets" - ] - }, - { - "group": "AI tools", - "pages": [ - "ai-tools/cursor", - "ai-tools/claude-code", - "ai-tools/windsurf" - ] - } - ] - }, - { - "tab": "API reference", - "groups": [ - { - "group": "API documentation", - "pages": [ - "api-reference/introduction" - ] - }, - { - "group": "Endpoint examples", - "pages": [ - "api-reference/endpoint/get", - "api-reference/endpoint/create", - "api-reference/endpoint/delete", - "api-reference/endpoint/webhook" + "development/contributing", + "development/feature-requests-and-bug-reports" ] } ] @@ -71,45 +68,40 @@ "global": { "anchors": [ { - "anchor": "Documentation", - "href": "https://mintlify.com/docs", - "icon": "book-open-cover" + "anchor": "GitHub", + "href": "https://github.com/fosrl/pangolin", + "icon": "github" }, { - "anchor": "Community", - "href": "https://mintlify.com/community", - "icon": "slack" - }, - { - "anchor": "Blog", - "href": "https://mintlify.com/blog", - "icon": "newspaper" + "anchor": "Discord", + "href": "https://discord.gg/HCJR8Xhme4", + "icon": "discord" } ] } }, "logo": { - "light": "/logo/light.svg", - "dark": "/logo/dark.svg" + "light": "/logo/light.png", + "dark": "/logo/dark.png", + "href": "https://docs.digpangolin.com" }, "navbar": { "links": [ { - "label": "Support", - "href": "mailto:hi@mintlify.com" + "label": "Contact Us", + "href": "mailto:numbat@fossorial.io" } ], "primary": { "type": "button", - "label": "Dashboard", - "href": "https://dashboard.mintlify.com" + "label": "Pangolin Dashboard", + "href": "https://pangolin.fossorial.io" } }, "footer": { "socials": { - "x": "https://x.com/mintlify", - "github": "https://github.com/mintlify", - "linkedin": "https://linkedin.com/company/mintlify" + "github": "https://github.com/fosrl/pangolin", + "linkedin": "https://linkedin.com/company/digpangolin" } } -} \ No newline at end of file +} diff --git a/essentials/code.mdx b/essentials/code.mdx deleted file mode 100644 index ae2abbf..0000000 --- a/essentials/code.mdx +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: 'Code blocks' -description: 'Display inline code and code blocks' -icon: 'code' ---- - -## Inline code - -To denote a `word` or `phrase` as code, enclose it in backticks (`). - -``` -To denote a `word` or `phrase` as code, enclose it in backticks (`). -``` - -## Code blocks - -Use [fenced code blocks](https://www.markdownguide.org/extended-syntax/#fenced-code-blocks) by enclosing code in three backticks and follow the leading ticks with the programming language of your snippet to get syntax highlighting. Optionally, you can also write the name of your code after the programming language. - -```java HelloWorld.java -class HelloWorld { - public static void main(String[] args) { - System.out.println("Hello, World!"); - } -} -``` - -````md -```java HelloWorld.java -class HelloWorld { - public static void main(String[] args) { - System.out.println("Hello, World!"); - } -} -``` -```` diff --git a/essentials/images.mdx b/essentials/images.mdx deleted file mode 100644 index 1144eb2..0000000 --- a/essentials/images.mdx +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: 'Images and embeds' -description: 'Add image, video, and other HTML elements' -icon: 'image' ---- - - - -## Image - -### Using Markdown - -The [markdown syntax](https://www.markdownguide.org/basic-syntax/#images) lets you add images using the following code - -```md -![title](/path/image.jpg) -``` - -Note that the image file size must be less than 5MB. Otherwise, we recommend hosting on a service like [Cloudinary](https://cloudinary.com/) or [S3](https://aws.amazon.com/s3/). You can then use that URL and embed. - -### Using embeds - -To get more customizability with images, you can also use [embeds](/writing-content/embed) to add images - -```html - -``` - -## Embeds and HTML elements - - - -
- - - -Mintlify supports [HTML tags in Markdown](https://www.markdownguide.org/basic-syntax/#html). This is helpful if you prefer HTML tags to Markdown syntax, and lets you create documentation with infinite flexibility. - - - -### iFrames - -Loads another HTML page within the document. Most commonly used for embedding videos. - -```html - -``` diff --git a/essentials/markdown.mdx b/essentials/markdown.mdx deleted file mode 100644 index a45c1d5..0000000 --- a/essentials/markdown.mdx +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: 'Markdown syntax' -description: 'Text, title, and styling in standard markdown' -icon: 'text-size' ---- - -## Titles - -Best used for section headers. - -```md -## Titles -``` - -### Subtitles - -Best used for subsection headers. - -```md -### Subtitles -``` - - - -Each **title** and **subtitle** creates an anchor and also shows up on the table of contents on the right. - - - -## Text formatting - -We support most markdown formatting. Simply add `**`, `_`, or `~` around text to format it. - -| Style | How to write it | Result | -| ------------- | ----------------- | --------------- | -| Bold | `**bold**` | **bold** | -| Italic | `_italic_` | _italic_ | -| Strikethrough | `~strikethrough~` | ~strikethrough~ | - -You can combine these. For example, write `**_bold and italic_**` to get **_bold and italic_** text. - -You need to use HTML to write superscript and subscript text. That is, add `` or `` around your text. - -| Text Size | How to write it | Result | -| ----------- | ------------------------ | ---------------------- | -| Superscript | `superscript` | superscript | -| Subscript | `subscript` | subscript | - -## Linking to pages - -You can add a link by wrapping text in `[]()`. You would write `[link to google](https://google.com)` to [link to google](https://google.com). - -Links to pages in your docs need to be root-relative. Basically, you should include the entire folder path. For example, `[link to text](/writing-content/text)` links to the page "Text" in our components section. - -Relative links like `[link to text](../text)` will open slower because we cannot optimize them as easily. - -## Blockquotes - -### Singleline - -To create a blockquote, add a `>` in front of a paragraph. - -> Dorothy followed her through many of the beautiful rooms in her castle. - -```md -> Dorothy followed her through many of the beautiful rooms in her castle. -``` - -### Multiline - -> Dorothy followed her through many of the beautiful rooms in her castle. -> -> The Witch bade her clean the pots and kettles and sweep the floor and keep the fire fed with wood. - -```md -> Dorothy followed her through many of the beautiful rooms in her castle. -> -> The Witch bade her clean the pots and kettles and sweep the floor and keep the fire fed with wood. -``` - -### LaTeX - -Mintlify supports [LaTeX](https://www.latex-project.org) through the Latex component. - -8 x (vk x H1 - H2) = (0,1) - -```md -8 x (vk x H1 - H2) = (0,1) -``` diff --git a/essentials/navigation.mdx b/essentials/navigation.mdx deleted file mode 100644 index 60adeff..0000000 --- a/essentials/navigation.mdx +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: 'Navigation' -description: 'The navigation field in docs.json defines the pages that go in the navigation menu' -icon: 'map' ---- - -The navigation menu is the list of links on every website. - -You will likely update `docs.json` every time you add a new page. Pages do not show up automatically. - -## Navigation syntax - -Our navigation syntax is recursive which means you can make nested navigation groups. You don't need to include `.mdx` in page names. - - - -```json Regular Navigation -"navigation": { - "tabs": [ - { - "tab": "Docs", - "groups": [ - { - "group": "Getting Started", - "pages": ["quickstart"] - } - ] - } - ] -} -``` - -```json Nested Navigation -"navigation": { - "tabs": [ - { - "tab": "Docs", - "groups": [ - { - "group": "Getting Started", - "pages": [ - "quickstart", - { - "group": "Nested Reference Pages", - "pages": ["nested-reference-page"] - } - ] - } - ] - } - ] -} -``` - - - -## Folders - -Simply put your MDX files in folders and update the paths in `docs.json`. - -For example, to have a page at `https://yoursite.com/your-folder/your-page` you would make a folder called `your-folder` containing an MDX file called `your-page.mdx`. - - - -You cannot use `api` for the name of a folder unless you nest it inside another folder. Mintlify uses Next.js which reserves the top-level `api` folder for internal server calls. A folder name such as `api-reference` would be accepted. - - - -```json Navigation With Folder -"navigation": { - "tabs": [ - { - "tab": "Docs", - "groups": [ - { - "group": "Group Name", - "pages": ["your-folder/your-page"] - } - ] - } - ] -} -``` - -## Hidden pages - -MDX files not included in `docs.json` will not show up in the sidebar but are accessible through the search bar and by linking directly to them. diff --git a/essentials/reusable-snippets.mdx b/essentials/reusable-snippets.mdx deleted file mode 100644 index 376e27b..0000000 --- a/essentials/reusable-snippets.mdx +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: "Reusable snippets" -description: "Reusable, custom snippets to keep content in sync" -icon: "recycle" ---- - -import SnippetIntro from '/snippets/snippet-intro.mdx'; - - - -## Creating a custom snippet - -**Pre-condition**: You must create your snippet file in the `snippets` directory. - - - Any page in the `snippets` directory will be treated as a snippet and will not - be rendered into a standalone page. If you want to create a standalone page - from the snippet, import the snippet into another file and call it as a - component. - - -### Default export - -1. Add content to your snippet file that you want to re-use across multiple - locations. Optionally, you can add variables that can be filled in via props - when you import the snippet. - -```mdx snippets/my-snippet.mdx -Hello world! This is my content I want to reuse across pages. My keyword of the -day is {word}. -``` - - - The content that you want to reuse must be inside the `snippets` directory in - order for the import to work. - - -2. Import the snippet into your destination file. - -```mdx destination-file.mdx ---- -title: My title -description: My Description ---- - -import MySnippet from '/snippets/path/to/my-snippet.mdx'; - -## Header - -Lorem impsum dolor sit amet. - - -``` - -### Reusable variables - -1. Export a variable from your snippet file: - -```mdx snippets/path/to/custom-variables.mdx -export const myName = 'my name'; - -export const myObject = { fruit: 'strawberries' }; -``` - -2. Import the snippet from your destination file and use the variable: - -```mdx destination-file.mdx ---- -title: My title -description: My Description ---- - -import { myName, myObject } from '/snippets/path/to/custom-variables.mdx'; - -Hello, my name is {myName} and I like {myObject.fruit}. -``` - -### Reusable components - -1. Inside your snippet file, create a component that takes in props by exporting - your component in the form of an arrow function. - -```mdx snippets/custom-component.mdx -export const MyComponent = ({ title }) => ( -
-

{title}

-

... snippet content ...

-
-); -``` - - - MDX does not compile inside the body of an arrow function. Stick to HTML - syntax when you can or use a default export if you need to use MDX. - - -2. Import the snippet into your destination file and pass in the props - -```mdx destination-file.mdx ---- -title: My title -description: My Description ---- - -import { MyComponent } from '/snippets/custom-component.mdx'; - -Lorem ipsum dolor sit amet. - - -``` diff --git a/essentials/settings.mdx b/essentials/settings.mdx deleted file mode 100644 index 884de13..0000000 --- a/essentials/settings.mdx +++ /dev/null @@ -1,318 +0,0 @@ ---- -title: 'Global Settings' -description: 'Mintlify gives you complete control over the look and feel of your documentation using the docs.json file' -icon: 'gear' ---- - -Every Mintlify site needs a `docs.json` file with the core configuration settings. Learn more about the [properties](#properties) below. - -## Properties - - -Name of your project. Used for the global title. - -Example: `mintlify` - - - - - An array of groups with all the pages within that group - - - The name of the group. - - Example: `Settings` - - - - The relative paths to the markdown files that will serve as pages. - - Example: `["customization", "page"]` - - - - - - - - Path to logo image or object with path to "light" and "dark" mode logo images - - - Path to the logo in light mode - - - Path to the logo in dark mode - - - Where clicking on the logo links you to - - - - - - Path to the favicon image - - - - Hex color codes for your global theme - - - The primary color. Used for most often for highlighted content, section - headers, accents, in light mode - - - The primary color for dark mode. Used for most often for highlighted - content, section headers, accents, in dark mode - - - The primary color for important buttons - - - The color of the background in both light and dark mode - - - The hex color code of the background in light mode - - - The hex color code of the background in dark mode - - - - - - - - Array of `name`s and `url`s of links you want to include in the topbar - - - The name of the button. - - Example: `Contact us` - - - The url once you click on the button. Example: `https://mintlify.com/docs` - - - - - - - - - Link shows a button. GitHub shows the repo information at the url provided including the number of GitHub stars. - - - If `link`: What the button links to. - - If `github`: Link to the repository to load GitHub information from. - - - Text inside the button. Only required if `type` is a `link`. - - - - - - - Array of version names. Only use this if you want to show different versions - of docs with a dropdown in the navigation bar. - - - - An array of the anchors, includes the `icon`, `color`, and `url`. - - - The [Font Awesome](https://fontawesome.com/search?q=heart) icon used to feature the anchor. - - Example: `comments` - - - The name of the anchor label. - - Example: `Community` - - - The start of the URL that marks what pages go in the anchor. Generally, this is the name of the folder you put your pages in. - - - The hex color of the anchor icon background. Can also be a gradient if you pass an object with the properties `from` and `to` that are each a hex color. - - - Used if you want to hide an anchor until the correct docs version is selected. - - - Pass `true` if you want to hide the anchor until you directly link someone to docs inside it. - - - One of: "brands", "duotone", "light", "sharp-solid", "solid", or "thin" - - - - - - - Override the default configurations for the top-most anchor. - - - The name of the top-most anchor - - - Font Awesome icon. - - - One of: "brands", "duotone", "light", "sharp-solid", "solid", or "thin" - - - - - - An array of navigational tabs. - - - The name of the tab label. - - - The start of the URL that marks what pages go in the tab. Generally, this - is the name of the folder you put your pages in. - - - - - - Configuration for API settings. Learn more about API pages at [API Components](/api-playground/demo). - - - The base url for all API endpoints. If `baseUrl` is an array, it will enable for multiple base url - options that the user can toggle. - - - - - - The authentication strategy used for all API endpoints. - - - The name of the authentication parameter used in the API playground. - - If method is `basic`, the format should be `[usernameName]:[passwordName]` - - - The default value that's designed to be a prefix for the authentication input field. - - E.g. If an `inputPrefix` of `AuthKey` would inherit the default input result of the authentication field as `AuthKey`. - - - - - - Configurations for the API playground - - - - Whether the playground is showing, hidden, or only displaying the endpoint with no added user interactivity `simple` - - Learn more at the [playground guides](/api-playground/demo) - - - - - - Enabling this flag ensures that key ordering in OpenAPI pages matches the key ordering defined in the OpenAPI file. - - This behavior will soon be enabled by default, at which point this field will be deprecated. - - - - - - - A string or an array of strings of URL(s) or relative path(s) pointing to your - OpenAPI file. - - Examples: - - ```json Absolute - "openapi": "https://example.com/openapi.json" - ``` - ```json Relative - "openapi": "/openapi.json" - ``` - ```json Multiple - "openapi": ["https://example.com/openapi1.json", "/openapi2.json", "/openapi3.json"] - ``` - - - - - - An object of social media accounts where the key:property pair represents the social media platform and the account url. - - Example: - ```json - { - "x": "https://x.com/mintlify", - "website": "https://mintlify.com" - } - ``` - - - One of the following values `website`, `facebook`, `x`, `discord`, `slack`, `github`, `linkedin`, `instagram`, `hacker-news` - - Example: `x` - - - The URL to the social platform. - - Example: `https://x.com/mintlify` - - - - - - Configurations to enable feedback buttons - - - - Enables a button to allow users to suggest edits via pull requests - - - Enables a button to allow users to raise an issue about the documentation - - - - - - Customize the dark mode toggle. - - - Set if you always want to show light or dark mode for new users. When not - set, we default to the same mode as the user's operating system. - - - Set to true to hide the dark/light mode toggle. You can combine `isHidden` with `default` to force your docs to only use light or dark mode. For example: - - - ```json Only Dark Mode - "modeToggle": { - "default": "dark", - "isHidden": true - } - ``` - - ```json Only Light Mode - "modeToggle": { - "default": "light", - "isHidden": true - } - ``` - - - - - - - - - A background image to be displayed behind every page. See example with - [Infisical](https://infisical.com/docs) and [FRPC](https://frpc.io). - diff --git a/favicon.svg b/favicon.svg index b785c73..5e81a57 100644 --- a/favicon.svg +++ b/favicon.svg @@ -1,19 +1,22 @@ - - - - - - - - - - - - - - - - - - + + + + + + + + diff --git a/images/fossorial-dashboard.png b/images/fossorial-dashboard.png new file mode 100644 index 0000000..e66dec1 Binary files /dev/null and b/images/fossorial-dashboard.png differ diff --git a/images/gerbil_config.png b/images/gerbil_config.png new file mode 100644 index 0000000..c4221a2 Binary files /dev/null and b/images/gerbil_config.png differ diff --git a/images/gerbil_logs.png b/images/gerbil_logs.png new file mode 100644 index 0000000..59e7626 Binary files /dev/null and b/images/gerbil_logs.png differ diff --git a/images/pangolin_config.png b/images/pangolin_config.png new file mode 100644 index 0000000..d9978b7 Binary files /dev/null and b/images/pangolin_config.png differ diff --git a/images/redeem-key.png b/images/redeem-key.png new file mode 100644 index 0000000..82fdc0f Binary files /dev/null and b/images/redeem-key.png differ diff --git a/images/supporter-tiers.png b/images/supporter-tiers.png new file mode 100644 index 0000000..b936f4a Binary files /dev/null and b/images/supporter-tiers.png differ diff --git a/images/swagger.png b/images/swagger.png new file mode 100644 index 0000000..88d2156 Binary files /dev/null and b/images/swagger.png differ diff --git a/images/system-diagram.svg b/images/system-diagram.svg new file mode 100644 index 0000000..8f1fb2d --- /dev/null +++ b/images/system-diagram.svg @@ -0,0 +1,4 @@ + + + +
Pangolin
      Gerbil
Newt
http 80
https 443
http 8080
         Traefik
User
User
Edge Server
Cloud VPS
Badger
Websocket
WireGuard
Container
Server
VPN
HTTP
KEY:
 diff --git a/images/traefik_config.png b/images/traefik_config.png new file mode 100644 index 0000000..9c8e014 Binary files /dev/null and b/images/traefik_config.png differ diff --git a/images/traefik_networking.png b/images/traefik_networking.png new file mode 100644 index 0000000..232a095 Binary files /dev/null and b/images/traefik_networking.png differ diff --git a/images/traefik_repo.png b/images/traefik_repo.png new file mode 100644 index 0000000..5c6c67a Binary files /dev/null and b/images/traefik_repo.png differ diff --git a/images/unraid_store.png b/images/unraid_store.png new file mode 100644 index 0000000..adf47bf Binary files /dev/null and b/images/unraid_store.png differ diff --git a/index.mdx b/index.mdx index 15c23fb..69956ad 100644 --- a/index.mdx +++ b/index.mdx @@ -1,97 +1,43 @@ --- -title: "Introduction" -description: "Welcome to the new home for your documentation" +title: "Introduction to Pangolin" --- -## Setting up +Pangolin is an open source and self-hostable tunneled reverse proxy server with identity-aware access control. Think self-hosted Cloudflare Tunnels. -Get your documentation site up and running in minutes. - - - Follow our three step quickstart guide. + + Screenshot of resources page from the Pangolin Dashboard. -## Make it yours +Pangolin establishes secure connections from edge networks to cloud exit nodes, bypassing the need for public inbound ports and complex firewall configurations. Pangolin is incredibly useful for exposing local services, IoT devices, or internal applications to the internet without direct exposure, enhancing security by reducing attack surface and simplifying network management. Additionally, Pangolin acts as an identity-aware proxy by authenticating every request against admin-defined access controls and rules. -Design a docs site that looks great and empowers your users. + + + Learn how the Pangolin system works from the server to the edge network. + + + Learn about the many different ways you can use Pangolin's capabilities. + + - Edit your docs locally and preview them in real time. + Install and manage the Pangolin server on your own infrastructure. - Customize the design and colors of your site to match your brand. - - - Organize your docs to help users find what they need and succeed with your product. - - - Auto-generate API documentation from OpenAPI specifications. + Install Newt, the edge client, almost anywhere. -## Create beautiful pages +## What is a fossorial animal? -Everything you need to create world-class documentation. +The Pangolin system is made up of many components, all with unique animal names. These animals are called fossorial animals. - - - Use MDX to style your docs pages. - - - Add sample code to demonstrate how to use your product. - - - Display images and other media. - - - Write once and reuse across your docs. - - - -## Need inspiration? - - - Browse our showcase of exceptional documentation sites. - +A fossorial animal is one adapted to digging which lives primarily but not solely, underground. Some examples are badgers, naked mole-rats, clams, meerkats, and mole salamanders, as well as many beetles, wasps, and bees. diff --git a/lib/fetchLatestRelease.js b/lib/fetchLatestRelease.js new file mode 100644 index 0000000..5d799c1 --- /dev/null +++ b/lib/fetchLatestRelease.js @@ -0,0 +1,15 @@ +export async function fetchLatestRelease(repo) { + try { + const response = await fetch( + `https://api.github.com/repos/${repo}/releases/latest`, + ); + if (!response.ok) { + throw new Error(`Failed to fetch release info: ${response.statusText}`); + } + const data = await response.json(); + const latestVersion = data.tag_name; + return latestVersion; + } catch (error) { + console.error("Error fetching latest release:", error); + } +} diff --git a/logo/.DS_Store b/logo/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/logo/.DS_Store differ diff --git a/logo/dark.png b/logo/dark.png new file mode 100644 index 0000000..c45cb47 Binary files /dev/null and b/logo/dark.png differ diff --git a/logo/dark.svg b/logo/dark.svg deleted file mode 100644 index 8b343cd..0000000 --- a/logo/dark.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - diff --git a/logo/light.png b/logo/light.png new file mode 100644 index 0000000..b8a19a9 Binary files /dev/null and b/logo/light.png differ diff --git a/logo/light.svg b/logo/light.svg deleted file mode 100644 index 03e62bf..0000000 --- a/logo/light.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - diff --git a/newt/installation.mdx b/newt/installation.mdx new file mode 100644 index 0000000..8497fc6 --- /dev/null +++ b/newt/installation.mdx @@ -0,0 +1,163 @@ +--- +title: "Installation" +description: "Install Newt VPN client as a binary or Docker container" +--- + +Newt can be installed as either a static binary executable or a Docker container. Configuration is passed via CLI arguments in both cases. + + +You **must first create a site and copy the Newt config** in Pangolin before running Newt. + + + + + - Static executable + - Cross-platform support + - Easy to install and run + - Systemd service support + + + + - Containerized deployment + - Environment variables + - Docker Compose support + - Easy management + + + +## Binary Installation + +### Quick Install (Recommended) + +Use this command to automatically install Newt. It detects your system architecture automatically and always pulls the latest version, adding Newt to your PATH: + +```bash +curl -fsSL https://docs.fossorial.io/get-newt.sh | bash +``` + +### Manual Download + +Binaries for Linux, macOS, and Windows are available in the [GitHub releases](https://github.com/fosrl/newt/releases) for ARM and AMD64 (x86_64) architectures. + +Download and install manually: + +```bash +wget -O newt "https://github.com/fosrl/newt/releases/download/{version}/newt_{architecture}" && chmod +x ./newt +``` + + +Replace `{version}` with the desired version and `{architecture}` with your architecture. Check the [release notes](https://github.com/fosrl/newt/releases) for the latest information. + + +### Running Newt + +Run Newt with the configuration from Pangolin: + +```bash +newt \ +--id 31frd0uzbjvp721 \ +--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ +--endpoint https://example.com +``` + +### Permanent Installation + +Install to your PATH (may need to run as root): + +```bash +mv ./newt /usr/local/bin +``` + + +The quick installer will do this step for you. + + +### Systemd Service + +Create a basic systemd service: + +```ini title="/etc/systemd/system/newt.service" +[Unit] +Description=Newt +After=network.target + +[Service] +ExecStart=/usr/local/bin/newt --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com +Restart=always +User=root + +[Install] +WantedBy=multi-user.target +``` + + +Make sure to move the binary to `/usr/local/bin/newt` before creating the service! + + +## Docker Installation + +### Pull the Image + +Pull the latest Newt image from Docker Hub: + +```bash +docker pull fosrl/newt:latest +``` + +### Run with Docker + +Run Newt with CLI arguments from Pangolin: + +```bash +docker run -it fosrl/newt --id 31frd0uzbjvp721 \ +--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ +--endpoint https://example.com +``` + +### Docker Compose + +#### Environment Variables (Recommended) + +```yaml title="docker-compose.yml" +services: + newt: + image: fosrl/newt + container_name: newt + restart: unless-stopped + environment: + - PANGOLIN_ENDPOINT=https://example.com + - NEWT_ID=2ix2t8xk22ubpfy + - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 +``` + +#### CLI Arguments + +```yaml title="docker-compose.yml" +services: + newt: + image: fosrl/newt + container_name: newt + restart: unless-stopped + command: + - --id 31frd0uzbjvp721 + - --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 + - --endpoint https://example.com +``` + +Start the service: + +```bash +docker compose up -d +``` + +## Platform-Specific Installation + +### Unraid + +Newt is available in the Unraid Community Applications store. Search for "Newt" and follow the installation prompts. Enter the ID, secret, and endpoint from Pangolin in the template fields. + +Newt on CA + +### Portainer and Other UIs + +Container management UIs like Portainer typically allow passing commands and environment variables to containers similar to Docker Compose. Look for a commands or arguments configuration section and follow the relevant guides. diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 15b832f..0000000 --- a/package-lock.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "docs-v2", - "lockfileVersion": 3, - "requires": true, - "packages": {} -} diff --git a/quickstart.mdx b/quickstart.mdx deleted file mode 100644 index c711458..0000000 --- a/quickstart.mdx +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: "Quickstart" -description: "Start building awesome documentation in minutes" ---- - -## Get started in three steps - -Get your documentation site running locally and make your first customization. - -### Step 1: Set up your local environment - - - - During the onboarding process, you created a GitHub repository with your docs content if you didn't already have one. You can find a link to this repository in your [dashboard](https://dashboard.mintlify.com). - - To clone the repository locally so that you can make and preview changes to your docs, follow the [Cloning a repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) guide in the GitHub docs. - - - 1. Install the Mintlify CLI: `npm i -g mint` - 2. Navigate to your docs directory and run: `mint dev` - 3. Open `http://localhost:3000` to see your docs live! - - Your preview updates automatically as you edit files. - - - -### Step 2: Deploy your changes - - - - Install the Mintlify GitHub app from your [dashboard](https://dashboard.mintlify.com/settings/organization/github-app). - - Our GitHub app automatically deploys your changes to your docs site, so you don't need to manage deployments yourself. - - - For a first change, let's update the name and colors of your docs site. - - 1. Open `docs.json` in your editor. - 2. Change the `"name"` field to your project name. - 3. Update the `"colors"` to match your brand. - 4. Save and see your changes instantly at `http://localhost:3000`. - - Try changing the primary color to see an immediate difference! - - - -### Step 3: Go live - - - 1. Commit and push your changes. - 2. Your docs will update and be live in moments! - - -## Next steps - -Now that you have your docs running, explore these key features: - - - - - Learn MDX syntax and start writing your documentation. - - - - Make your docs match your brand perfectly. - - - - Include syntax-highlighted code blocks. - - - - Auto-generate API docs from OpenAPI specs. - - - - - - **Need help?** See our [full documentation](https://mintlify.com/docs) or join our [community](https://mintlify.com/community). - diff --git a/self-host/.DS_Store b/self-host/.DS_Store new file mode 100644 index 0000000..19e3519 Binary files /dev/null and b/self-host/.DS_Store differ diff --git a/self-host/advanced/cloudflare-proxy.mdx b/self-host/advanced/cloudflare-proxy.mdx new file mode 100644 index 0000000..1a40a37 --- /dev/null +++ b/self-host/advanced/cloudflare-proxy.mdx @@ -0,0 +1,56 @@ +--- +title: "Cloudflare Proxy" +--- + +Pangolin works with Cloudflare proxy (orange cloud) enabled, but requires specific configuration: + + +**Terms of Service**: Enabling Cloudflare proxy binds you to Cloudflare's terms of service as traffic routes through their network. + + +### SSL Configuration + +**Recommended setup:** +1. **Use wildcard certificates** with DNS-01 challenge +2. **Set SSL/TLS mode to Full (Strict)** +3. **Disable port 80** (not needed with wildcard certs) + + +Pangolin will **not work** with Cloudflare's Full or Automatic SSL/TLS modes. Only Full (Strict) mode is supported. + + +### WireGuard Configuration + +Since Cloudflare proxy obscures the destination IP, you must explicitly set your VPS IP in the [config file](/self-host/advanced/config-file): + +```yaml +gerbil: + base_endpoint: "YOUR_VPS_IP_ADDRESS" # Required with Cloudflare proxy +``` + + + + Find your VPS public IP address: + + ```bash + curl ifconfig.io + ``` + + + + Add the IP to your `config.yml`: + + ```yaml + gerbil: + base_endpoint: "104.21.16.1" # Replace with your actual IP + ``` + + + + Restart Pangolin to apply the changes: + + ```bash + docker-compose restart + ``` + + diff --git a/self-host/advanced/config-file.mdx b/self-host/advanced/config-file.mdx new file mode 100644 index 0000000..0436a44 --- /dev/null +++ b/self-host/advanced/config-file.mdx @@ -0,0 +1,566 @@ +--- +title: "Configuration File" +description: "Configure Pangolin using the config.yml file with detailed settings for all components" +--- + +The `config.yml` file controls all aspects of your Pangolin deployment, including server settings, domain configuration, email setup, and security options. This file is mounted at `config/config.yml` in your Docker container. + +## Setting up your `config.yml` + +To get started, create a basic configuration file with the essential settings: + +Minimal Pangolin configuration: + +```yaml title="config.yml" +app: + dashboard_url: "http://pangolin.example.com" + +domains: + domain1: + base_domain: "pangolin.example.com" + cert_resolver: "letsencrypt" + +server: + secret: "your-strong-secret" + +gerbil: + base_endpoint: "pangolin.example.com" + +flags: + require_email_verification: false + disable_signup_without_invite: true + disable_user_create_org: true +``` + + + +Generate a strong secret for `server.secret`. Use at least 32 characters with a mix of letters, numbers, and special characters. + + +## Reference + +This section contains the complete reference for all configuration options in `config.yml`. + +### Application Settings + + + Core application configuration including dashboard URL, logging, and general settings. + + + + The URL where your Pangolin dashboard is hosted. + + **Examples**: `https://example.com`, `https://pangolin.example.com` + + This URL is used for generating links, redirects, and authentication flows. You can run Pangolin on a subdomain or root domain. + + + + The logging level for the application. + + **Options**: `debug`, `info`, `warn`, `error` + + **Default**: `info` + + + + Whether to save logs to files in the `config/logs/` directory. + + **Default**: `false` + + + When enabled, logs rotate automatically: + - Max file size: 20MB + - Max files: 7 days + + + + + Whether to log failed authentication attempts for security monitoring. + + **Default**: `false` + + + + +### Server Configuration + + + Server ports, networking, and authentication settings. + + + + The port for the front-end API that handles external requests. + + **Example**: `3000` + + + + The port for the internal private-facing API. + + **Example**: `3001` + + + + The port for the frontend server (Next.js). + + **Example**: `3002` + + + + The port for the integration API (optional). + + **Example**: `3003` + + + + The hostname of the Pangolin container for internal communication. + + **Example**: `pangolin` + + + If using Docker Compose, this should match your container name. + + + + + The name of the session cookie for storing authentication tokens. + + **Example**: `p_session_token` + + **Default**: `p_session_token` + + + + Query parameter name for passing access tokens in requests. + + **Example**: `p_token` + + **Default**: `p_token` + + + + HTTP headers for passing access tokens in requests. + + + + Header name for access token ID. + + **Example**: `P-Access-Token-Id` + + + + Header name for access token. + + **Example**: `P-Access-Token` + + + + + + Query parameter for session request tokens. + + **Example**: `p_session_request` + + **Default**: `p_session_request` + + + + Cross-Origin Resource Sharing (CORS) configuration. + + + + Allowed origins for cross-origin requests. + + **Example**: `["https://pangolin.example.com"]` + + + + Allowed HTTP methods for CORS requests. + + **Example**: `["GET", "POST", "PUT", "DELETE", "PATCH"]` + + + + Allowed HTTP headers in CORS requests. + + **Example**: `["X-CSRF-Token", "Content-Type"]` + + + + Whether to allow credentials in CORS requests. + + **Default**: `true` + + + + + + Number of proxy headers to trust for client IP detection. + + **Example**: `1` + + **Default**: `1` + + + Use `1` if running behind a single reverse proxy like Traefik. + + + + + Dashboard session duration in hours. + + **Example**: `720` (30 days) + + **Default**: `720` + + + + Resource session duration in hours. + + **Example**: `720` (30 days) + + **Default**: `720` + + + + Secret key for encrypting sensitive data. + + **Environment Variable**: `SERVER_SECRET` + + **Minimum Length**: 8 characters + + **Example**: `"d28@a2b.2HFTe2bMtZHGneNYgQFKT2X4vm4HuXUXBcq6aVyNZjdGt6Dx-_A@9b3y"` + + + Generate a strong, random secret. This is used for encrypting sensitive data and should be kept secure. + + + + + +### Domain Configuration + + + Domain settings for SSL certificates and routing. + + At least one domain must be configured. + + + + Domain configuration with a unique key of your choice. + + + + The base domain for this configuration. + + **Example**: `example.com` + + + + The Traefik certificate resolver name. + + **Example**: `letsencrypt` + + + This must match the certificate resolver name in your Traefik configuration. + + + + + Whether to prefer wildcard certificates for this domain. + + **Example**: `true` + + + Useful for domains with many subdomains to reduce certificate management overhead. + + + + + + + +### Traefik Integration + + + Traefik reverse proxy configuration settings. + + + + The Traefik entrypoint name for HTTP traffic. + + **Example**: `web` + + + Must match the entrypoint name in your Traefik configuration. + + + + + The Traefik entrypoint name for HTTPS traffic. + + **Example**: `websecure` + + + Must match the entrypoint name in your Traefik configuration. + + + + + The default certificate resolver for domains created through the UI. + + **Example**: `letsencrypt` + + + This only applies to domains created through the Pangolin dashboard. + + + + + Whether to prefer wildcard certificates for UI-created domains. + + **Example**: `true` + + + This only applies to domains created through the Pangolin dashboard. + + + + + Additional Traefik middlewares to apply to resource routers. + + **Example**: `["middleware1", "middleware2"]` + + + These middlewares must be defined in your Traefik dynamic configuration. + + + + + +### Gerbil Tunnel Controller + + + Gerbil tunnel controller settings for WireGuard tunneling. + + + + Domain name included in WireGuard configuration for tunnel connections. + + **Example**: `pangolin.example.com` + + + + Starting port for WireGuard tunnels. + + **Example**: `51820` + + + + Whether to assign unique subdomains to Gerbil exit nodes. + + **Default**: `false` + + + Keep this set to `false` for most deployments. + + + + + IP address CIDR range for Gerbil exit node subnets. + + **Example**: `10.0.0.0/8` + + + + Block size for Gerbil exit node CIDR ranges. + + **Example**: `24` + + + + Block size for site CIDR ranges connected to Gerbil. + + **Example**: `26` + + + + +### Rate Limiting + + + Rate limiting configuration for API requests. + + + + Global rate limit settings for all external API requests. + + + + Time window for rate limiting in minutes. + + **Example**: `1` + + + + Maximum number of requests allowed in the time window. + + **Example**: `100` + + + + + + +### Email Configuration + + + SMTP settings for sending transactional emails. + + + + SMTP server hostname. + + **Example**: `smtp.gmail.com` + + + + SMTP server port. + + **Example**: `587` (TLS) or `465` (SSL) + + + + SMTP username. + + **Example**: `no-reply@example.com` + + + + SMTP password. + + **Environment Variable**: `EMAIL_SMTP_PASS` + + + + Whether to use secure connection (SSL/TLS). + + **Default**: `false` + + + Enable this when using port 465 (SSL). + + + + + From address for sent emails. + + **Example**: `no-reply@example.com` + + + Usually the same as `smtp_user`. + + + + + Whether to fail on invalid server certificates. + + **Default**: `true` + + + + +### Feature Flags + + + Feature flags to control application behavior. + + + + Whether to require email verification for new users. + + **Default**: `false` + + + Only enable this if you have email configuration set up. + + + + + Whether to disable public user registration. + + **Default**: `false` + + + Users can still sign up with valid invites when enabled. + + + + + Whether to prevent users from creating organizations. + + **Default**: `false` + + + Server admins can always create organizations. + + + + + Whether to allow resources on base domains. + + **Default**: `true` + + + When disabled, only subdomain resources are allowed. + + + + + Whether to enable the integration API. + + **Default**: `false` + + + + +### Database Configuration + + + PostgreSQL database configuration (optional). + + + + PostgreSQL connection string. + + **Example**: `postgresql://user:password@host:port/database` + + + See [PostgreSQL documentation](../database/postgres) for setup instructions. + + + + + +## Environment Variables + +Some configuration values can be set using environment variables for enhanced security: + + + + **Variable**: `SERVER_SECRET` + + **Config**: `server.secret` + + Use this to avoid hardcoding secrets in your config file. + + + + **Variable**: `EMAIL_SMTP_PASS` + + **Config**: `email.smtp_pass` + + Keep SMTP passwords secure using environment variables. + + diff --git a/self-host/advanced/container-cli-tool.mdx b/self-host/advanced/container-cli-tool.mdx new file mode 100644 index 0000000..9bf768d --- /dev/null +++ b/self-host/advanced/container-cli-tool.mdx @@ -0,0 +1,34 @@ +--- +title: "Internal CLI (pangctl)" +description: "Command-line tool for managing your Pangolin instance" +--- + +The Pangolin container includes a CLI tool called `pangctl` that provides commands to help you manage your Pangolin instance. + +## Accessing the CLI + +Run the following command on the host where the Pangolin container is running: + +```bash +docker exec -it pangolin pangctl +``` + +## Available Commands + +To see all available commands: + +```bash +docker exec -it pangolin pangctl --help +``` + +## Set Admin Credentials + +Set or reset admin credentials for your Pangolin instance: + +```bash +docker exec -it pangolin pangctl set-admin-credentials --email "admin@example.com" --password "Password123!" +``` + + +Use a strong password and keep your admin credentials secure. + diff --git a/self-host/advanced/database-options.mdx b/self-host/advanced/database-options.mdx new file mode 100644 index 0000000..75db2e4 --- /dev/null +++ b/self-host/advanced/database-options.mdx @@ -0,0 +1,100 @@ +--- +title: "Database Options" +description: "Configure SQLite or PostgreSQL database for Pangolin" +--- + +Pangolin supports two database options: SQLite for simplicity and PostgreSQL for production deployments. + + + + - No configuration required + - Easy to use and portable + - Built into the main image + - Perfect for development + + + + - Production-ready database + - Better performance at scale + - Requires separate image + - Advanced configuration options + + + +## SQLite + +By default, Pangolin uses SQLite for its ease of use and portability. + +**Docker Image**: `fosrl/pangolin:` + + +No configuration is required to use SQLite with Pangolin. + + +## PostgreSQL + +You can optionally use PostgreSQL for production deployments. + +**Docker Image**: `fosrl/pangolin:postgresql-` + +### Configuration + +Add the following section to your Pangolin configuration file: + +```yaml title="config.yml" +postgres: + connection_string: postgresql://:@:/ +``` + + +Replace the placeholders with your actual PostgreSQL connection details. + + +### Docker Compose Example + +This example sets up PostgreSQL with health checks to ensure the database is ready before Pangolin starts: + +```yaml title="docker-compose.yml" +name: pangolin +services: + pangolin: + image: fosrl/pangolin:postgresql-latest # Don't use latest in production + container_name: pangolin + restart: unless-stopped + depends_on: + postgres: + condition: service_healthy + volumes: + - ./config:/app/config + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] + interval: "10s" + timeout: "10s" + retries: 15 + + # ... other services ... + + postgres: + image: postgres:17 + container_name: postgres + restart: unless-stopped + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + volumes: + - ./config/postgres:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 10s + timeout: 5s + retries: 5 +``` + + +This example is not necessarily production-ready. Adjust the configuration according to your needs and security requirements. + + + +Do not use `latest` tags in production. Use specific version tags for stability. + + diff --git a/self-host/advanced/integration-api.mdx b/self-host/advanced/integration-api.mdx new file mode 100644 index 0000000..bb24a53 --- /dev/null +++ b/self-host/advanced/integration-api.mdx @@ -0,0 +1,71 @@ +--- +title: "Enable Integration API" +description: "Enable and configure the Integration API for external access" +--- + +The Integration API provides programmatic access to Pangolin functionality. It includes OpenAPI documentation via Swagger UI. + +## Enable Integration API + +Update your Pangolin configuration file: + +```yaml title="config.yml" +flags: + enable_integration_api: true +``` + +If you want to specify a port other than the default `3003`, you can do so in the config as well: + +```yaml title="config.yml" +server: + integration_port: 3003 # Specify different port +``` + +## Configure Traefik Routing + +Add the following configuration to your `dynamic_config.yml` to expose the Integration API at `https://api.example.com/v1`: + +```yaml title="dynamic_config.yml" +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + + routers: + int-api-router-redirect: + rule: "Host(`api.example.com`)" + service: int-api-service + entryPoints: + - web + middlewares: + - redirect-to-https + + int-api-router: + rule: "Host(`api.example.com`)" + service: int-api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + services: + int-api-service: + loadBalancer: + servers: + - url: "http://pangolin:3003" +``` + +## Access Documentation + +Once configured, access the Swagger UI documentation at: + +``` +https://api.example.com/v1/docs +``` + +Swagger UI Preview + + +The Integration API will be accessible at `https://api.example.com/v1` for external applications. + diff --git a/self-host/advanced/postgresql.mdx b/self-host/advanced/postgresql.mdx new file mode 100644 index 0000000..122121d --- /dev/null +++ b/self-host/advanced/postgresql.mdx @@ -0,0 +1,101 @@ +--- +title: "Database Options" +description: "Configure SQLite or PostgreSQL database for Pangolin" +--- + +## Overview + +> Choose between SQLite (default) or PostgreSQL for your database + +Pangolin supports two database options: SQLite for simplicity and PostgreSQL for production deployments. + + + + - No configuration required + - Easy to use and portable + - Built into the main image + - Perfect for development + + + + - Production-ready database + - Better performance at scale + - Requires separate image + - Advanced configuration options + + + +## SQLite + +By default, Pangolin uses SQLite for its ease of use and portability. + +**Docker Image**: `fosrl/pangolin:` + + +No configuration is required to use SQLite with Pangolin. + + +## PostgreSQL + +You can optionally use PostgreSQL for production deployments. + +**Docker Image**: `fosrl/pangolin:postgresql-` + +### Configuration + +Add the following section to your Pangolin configuration file: + +```yaml title="config.yml" +postgres: + connection_string: postgresql://:@:/ +``` + + +Replace the placeholders with your actual PostgreSQL connection details. + + +### Docker Compose Example + +This example sets up PostgreSQL with health checks to ensure the database is ready before Pangolin starts: + +```yaml title="docker-compose.yml" +name: pangolin +services: + pangolin: + image: fosrl/pangolin:postgresql-latest + container_name: pangolin + restart: unless-stopped + depends_on: + postgres: + condition: service_healthy + volumes: + - ./config:/app/config + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] + interval: "10s" + timeout: "10s" + retries: 15 + + postgres: + image: postgres:17 + container_name: postgres + restart: unless-stopped + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + volumes: + - ./config/postgres:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 10s + timeout: 5s + retries: 5 +``` + + +This example is not necessarily production-ready. Adjust the configuration according to your needs and security requirements. + + + +Do not use `latest` tags in production. Use specific version tags for stability. + \ No newline at end of file diff --git a/self-host/advanced/wild-card-domains.mdx b/self-host/advanced/wild-card-domains.mdx new file mode 100644 index 0000000..054ed8d --- /dev/null +++ b/self-host/advanced/wild-card-domains.mdx @@ -0,0 +1,249 @@ +--- +title: "Wildcard Domains" +description: "Configure wildcard SSL certificates for automatic subdomain security with DNS-01 challenge" +--- + +Wildcard certificates allow you to secure unlimited subdomains with a single SSL certificate, eliminating the need to generate individual certificates for each subdomain. Pangolin uses Traefik's built-in Let's Encrypt integration to automatically manage these certificates. + + +Before setting up wildcard certificates, you must have a domain that you own and control. You must also have access to the DNS records for this domain. + + + +Since Pangolin uses Traefik as a reverse proxy, it has built-in support for Let's Encrypt certificates. This allows you to easily secure your Pangolin instance and all proxied resources with HTTPS. Let's Encrypt provides free SSL certificates, which are automatically renewed. + + +If you used the default settings during installation, your Traefik instance should be set up to use `HTTP-01` challenge for certificate generation. This challenge is the easiest to configure and requires that the Traefik instance be accessible from the internet on port 80. + + +It is highly recommended that you read the [official Traefik documentation](https://doc.traefik.io/traefik/https/acme/) on ACME and Let's Encrypt before proceeding. + + +## Benefits of Wildcard Certificates + + + + Secure unlimited subdomains with one certificate, reducing management overhead. + + + + Add new subdomains without waiting for certificate generation (up to a few minutes). + + + + Reduce Let's Encrypt rate limit impact by using fewer certificate requests. + + + +### Examples + +- A wildcard cert `*.example.com` could protect: + - `api.example.com` + - `blog.example.com` + - `dashboard.example.com` +- Another wildcard `*.subdomain.example.com` could protect: + - `api.subdomain.example.com` + - `blog.subdomain.example.com` + + +The [rate limits](https://letsencrypt.org/docs/rate-limits/) for Let's Encrypt are per domain. Using a wildcard certificate reduces the number of domains you have, which can help you avoid hitting these limits. + + +## Setting Up Wildcard Certificates + + + + Make sure the stack is not running before making configuration changes. + + + + Update the Traefik configuration to use the DNS-01 challenge instead of the HTTP-01 challenge. This tells Traefik to use your DNS provider to create the DNS records needed for the challenge. + + + + Set the `prefer_wildcard_cert` flag to `true` in the Pangolin configuration file for your domain. + + + + +This setting will try to encourage Traefik to request one wildcard certificate for each level of the domain used by your existing resources. + +**Example**: If you have two resources `blog.example.com` and `blog.subdomain.example.com`, Traefik should try to request a wildcard certificate for `*.example.com` and `*.subdomain.example.com` automatically for you. + + +## Traefik Configuration + +### Default Config for HTTP-01 Challenge + +This is the default config generated by the installer. This is shown here for reference to compare with the wildcard config below. + + + + Tell Traefik to use the `web` entrypoint for the HTTP challenge. + + ```yaml title="traefik_config.yml" highlight={4,5} + certificatesResolvers: + letsencrypt: + acme: + httpChallenge: + entryPoint: web + email: admin@example.com + storage: "/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + ``` + + + + Set the cert resolver to `letsencrypt` and the entrypoint to `websecure` in the dynamic config. + + ```yaml title="dynamic_config.yml" + next-router: + rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + ``` + + + +### Wildcard Config for DNS-01 Challenge + + + + Tell Traefik to use your DNS provider for the DNS challenge. In this example, we are using Cloudflare. + + ```yaml title="traefik_config.yml" highlight={4,5} + certificatesResolvers: + letsencrypt: + acme: + dnsChallenge: + provider: "cloudflare" # your DNS provider + # see https://doc.traefik.io/traefik/https/acme/#providers + email: "admin@example.com" + storage: "/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + ``` + + + + Add the domain and wildcard domain to the domains section of the next (front end) router in the dynamic config. This tells Traefik to generate a wildcard certificate for the base domain and all subdomains. + + ```yaml title="dynamic_config.yml" highlight={9-12} + next-router: + rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + domains: + - main: "example.com" + sans: + - "*.example.com" + ``` + + + + Add the environment variables for your DNS provider to the Traefik service in the docker compose file. This allows Traefik to authenticate with your DNS provider to create the DNS records needed for the challenge. + + ```yaml title="docker-compose.yml" highlight={11-13} + traefik: + image: traefik:v3.4.0 + container_name: traefik + restart: unless-stopped + network_mode: service:gerbil + depends_on: + pangolin: + condition: service_healthy + command: + - --configFile=/etc/traefik/traefik_config.yml + # Add the environment variables for your DNS provider. + environment: + CLOUDFLARE_DNS_API_TOKEN: "your-cloudflare-api-token" + volumes: + - ./config/traefik:/etc/traefik:ro + - ./config/letsencrypt:/letsencrypt + ``` + + + + +If you're using Cloudflare, make sure your API token has the permissions Zone/Zone/Read and Zone/DNS/Edit and make sure it applies to all zones. + + + +Traefik supports most DNS providers. You can find a full list of supported providers and how to configure them in the [Traefik documentation on providers](https://doc.traefik.io/traefik/https/acme/#providers). + + +## Verify it Works + + + + You can ensure Traefik doesn't try to use the old certs by deleting the previously used `acme.json` file. This will force Traefik to generate a new certificate on the next start. + + + + + + Start the stack and watch the logs. You should notice that Traefik is making calls to your DNS provider to create the necessary records to complete the challenge. + + + + For debugging purposes, you may find it useful to set the log level of Traefik to `debug` in the `traefik_config.yml` file. + + + + After Traefik is done waiting for the cert to verify, try to create a new resource with an unused subdomain. Traefik should not try to generate a new certificate, but instead use the wildcard certificate. The domain should also be secured immediately instead of waiting for a new certificate to be generated. + + + + You can also check the volume (in the example above at `config/letsencrypt/`) for the correct certificates. In the `acme.json` file you should see something similar to the following. Note the `*.` in the domain. + + + +```json highlight={5} +{ + "Certificates": [ + { + "domain": { + "main": "*.example.com" + }, + "certificate": "...", + "key": "...", + "Store": "default" + } + ] +} +``` + +## Troubleshooting + + + + **Problem**: Wildcard certificate not being created. + + **Solutions**: + - Verify DNS provider credentials are correct + - Check that API token has proper permissions + - Ensure domain ownership and DNS access + - Review Traefik logs for specific error messages + + + + **Problem**: DNS-01 challenge not completing. + + **Solutions**: + - Verify DNS provider is supported by Traefik + - Check API token permissions and scope + - Ensure DNS propagation has completed + - Review provider-specific configuration + + + + **Problem**: Traefik using old HTTP-01 certificates. + + **Solution**: Delete the `acme.json` file to force new certificate generation. + + diff --git a/self-host/advanced/without-tunneling.mdx b/self-host/advanced/without-tunneling.mdx new file mode 100644 index 0000000..bda5393 --- /dev/null +++ b/self-host/advanced/without-tunneling.mdx @@ -0,0 +1,30 @@ +--- +title: "Without Tunneling" +description: "Use Pangolin as a local reverse proxy without Gerbil tunneling" +--- + +Use Pangolin as a local reverse proxy and authentication manager + +You can use Pangolin without Gerbil and tunneling. In this configuration, Pangolin acts as a normal reverse proxy and authentication manager that can be deployed on your local network to provide access to resources. + + +You can also use "local" sites to expose resources on the same VPS as Pangolin in addition to remote sites. + + +## Setup + +### Using the Installer + +When asked if you want to install Gerbil for tunneling, select **No**. Gerbil will be removed from the Docker Compose configuration. + +### Manual Installation + +Follow the [manual install steps](/self-host/manual/docker-compose), but **Gerbil is not required**. Your Docker Compose should not include the Gerbil container. + +## How It Works + +When Gerbil starts up, it registers itself with Pangolin. By not installing Gerbil, you will only have the option to choose the "Local" connection method. This means Traefik will use the local network to reach your resources. + + +All setup remains the same, except Pangolin and Traefik must now be on the same network as the resources you want to proxy to. + diff --git a/self-host/choosing-a-vps.mdx b/self-host/choosing-a-vps.mdx new file mode 100644 index 0000000..95e07d6 --- /dev/null +++ b/self-host/choosing-a-vps.mdx @@ -0,0 +1,113 @@ +--- +title: "Choosing a VPS" +description: "Compare hosting options and find the best VPS for your Pangolin deployment" +--- + +Pangolin generally requires minimal resources to run effectively. A basic VPS with **1 vCPU, 1GB RAM, and 8GB SSD** is sufficient for most deployments. + + + + - **CPU**: 1 vCPU + - **RAM**: 1GB + - **Storage**: 8GB SSD + - **Bandwidth**: 1TB/month + + + + - **CPU**: 2 vCPU + - **RAM**: 2GB + - **Storage**: 20GB SSD + - **Bandwidth**: 2TB/month + + + +## Recommended Options + + +We're part of RackNerd's affiliate program. Using our links helps support Pangolin development at no extra cost to you. + + + + +**$0.91/month** - Perfect for personal use and small deployments + +- 1 vCPU, 1GB RAM, 20GB SSD +- Excellent performance for the price +- Reliable uptime and support + + + +**$1.47/month** - Ideal for small teams and growing deployments + +- 2 vCPU, 2GB RAM, 30GB SSD +- Great value for performance + + + +**$2.49/month** - Best for larger teams and production use + +- 3 vCPU, 3.5GB RAM, 60GB SSD +- Room for growth and scaling + + + +## VPS Provider Comparison + +| Provider | Plan | CPU | RAM | Storage | Price/Month | Price/Year | Best For | +|----------|------|-----|-----|---------|-------------|------------|----------| +| **[RackNerd](https://my.racknerd.com/aff.php?aff=13788)** | Starter | 1 vCPU | 1GB | 20GB SSD | $0.91 | $10.96 | Budget users | +| **[RackNerd](https://my.racknerd.com/aff.php?aff=13788)** | Basic | 2 vCPU | 2GB | 30GB SSD | $1.47 | $17.66 | Small teams | +| **[RackNerd](https://my.racknerd.com/aff.php?aff=13788)** | Standard | 3 vCPU | 3.5GB | 60GB SSD | $2.49 | $29.89 | Growing teams | +| **[Hetzner Cloud](https://www.hetzner.com/cloud)** | CX11 | 2 vCPU | 4GB | 40GB SSD | $4.59 | $55.08 | Performance | +| **[UpCloud](https://upcloud.com/pricing/)** | 1xCPU | 1 vCPU | 1GB | 10GB SSD | $3.30 | $39.60 | European users | +| **[Vultr](https://www.vultr.com/pricing)** | Cloud Compute | 1 vCPU | 1GB | 25GB SSD | $5.00 | $60.00 | Global presence | +| **[Linode](https://www.linode.com/pricing/)** | Nanode | 1 vCPU | 1GB | 25GB SSD | $5.00 | $60.00 | Developer friendly | +| **[DigitalOcean](https://www.digitalocean.com/pricing/droplets)** | Basic | 1 vCPU | 1GB | 25GB SSD | $6.00 | $72.00 | Easy setup | +| **[OVHcloud](https://www.ovhcloud.com/en/vps/)** | Starter | 2 vCPU | 2GB | 40GB SSD | $5.50 | $66.00 | European users | +| **[AWS EC2](https://instances.vantage.sh/)** | t3.micro | 2 vCPU | 1GB | 8GB SSD | $8.50 | $102.00 | Enterprise | + + +Prices shown are approximate and may vary based on location, promotions, and currency exchange rates. Check provider websites for current pricing. + + +## Selection Criteria + +When choosing your VPS provider, consider these factors: + + + + **Resource usage depends on several key factors:** + + **Primary factors:** + - **Number of connected sites**: More sites = higher CPU and memory usage + - **Data throughput**: Amount of traffic transiting through the server + + **Secondary factors:** + - **Dashboard UI usage**: Active admin sessions and configuration changes + - **Database activity**: User management, logging, and analytics queries + + + + **Choose a data center close to your users:** + - **North America**: RackNerd, DigitalOcean, Vultr + - **Europe**: Hetzner, OVHcloud, UpCloud + - **Asia Pacific**: Vultr, Linode, DigitalOcean + - **Global**: AWS, Google Cloud, Azure + + + + **Consider these factors:** + - **Uptime guarantees**: Most providers offer 99.9%+ + - **Support quality**: 24/7 support vs. community forums + - **Backup options**: Automated backups vs. manual + - **Monitoring**: Built-in monitoring tools + + + + **Hidden costs to watch for:** + - **Bandwidth overages**: Most plans include 1-2TB/month + - **Backup storage**: Additional charges for automated backups + - **IPv4 addresses**: Some providers charge extra + - **Support tiers**: Premium support may cost extra + + diff --git a/self-host/dns-and-networking.mdx b/self-host/dns-and-networking.mdx new file mode 100644 index 0000000..05cab75 --- /dev/null +++ b/self-host/dns-and-networking.mdx @@ -0,0 +1,201 @@ +--- +title: "DNS & Networking" +description: "Configure your domain, DNS records, and network settings for Pangolin deployment" +--- + +Pangolin requires proper DNS configuration and network setup to function correctly. This guide covers domain setup, DNS records, port configuration, and networking considerations. + +## DNS Configuration + +### Basic DNS Records + +You'll need to create A (or AAAA for IPv6) records pointing to your VPS IP address. + + + + Create a wildcard subdomain record for your domain: + + ``` + Type: A + Name: * + Value: YOUR_VPS_IP_ADDRESS + TTL: 300 (or default) + ``` + + + This allows any subdomain (e.g., `app.example.com`, `api.example.com`) to resolve to your VPS. + + + + + If you plan to use your root domain as a resource: + + ``` + Type: A + Name: @ (or leave blank) + Value: YOUR_VPS_IP_ADDRESS + TTL: 300 (or default) + ``` + + + This is only needed if you want to use `example.com` (not just subdomains) as a resource. + + + + + DNS changes can take 5 minutes to 48 hours to propagate globally. + + + Use Google DNS (8.8.8.8) or your provider's DNS to test changes faster. + + + + +## Port Configuration + +### Required Ports + +Pangolin requires these ports to be open on your VPS: + + + + **HTTP/SSL Verification** + + - Let's Encrypt domain validation + - Non-SSL resources + - Can be disabled with wildcard certs + + + + **HTTPS Traffic** + + - Pangolin web dashboard + - SSL-secured resources + - Essential for operation + + + + **WireGuard Tunnel** + + - Newt client connections + - Gerbil tunnel endpoint + - Secure traffic routing + + + +### Docker Port Exposure + +By default, Pangolin exposes these ports on all interfaces: + +```yaml +gerbil: + ports: + - "80:80" # HTTP/SSL verification and non-SSL resources + - "443:443" # HTTPS for web UI and SSL resources + - "51820:51820" # WireGuard for Newt and client connections +``` + +### Firewall Configuration + +Ensure your VPS firewall allows these ports: + + + + Configure security groups/firewall rules in your cloud provider's dashboard to allow: + + - TCP ports 80 and 443 + - UDP port 51820 + + + + ```bash + sudo ufw allow 80/tcp + sudo ufw allow 443/tcp + sudo ufw allow 51820/udp + sudo ufw enable + ``` + + + + ```bash + sudo firewall-cmd --permanent --add-port=80/tcp + sudo firewall-cmd --permanent --add-port=443/tcp + sudo firewall-cmd --permanent --add-port=51820/udp + sudo firewall-cmd --reload + ``` + + + +## Internal Network Configuration + +### Default Subnet Settings + +Pangolin uses these default network settings: + +```yaml +gerbil: + block_size: 24 + site_block_size: 30 + subnet_group: 100.89.137.0/20 +``` + +**What this means:** +- **Gerbil network**: Uses first /24 subnet in `100.89.137.0/20` range +- **Site allocation**: Each site gets a /30 subnet (4 IPs) +- **CGNAT range**: Avoids conflicts with most private networks + + +The `100.89.137.0/20` range is in the CGNAT (Carrier-Grade NAT) space, which should avoid conflicts with typical private networks (192.168.x.x, 10.x.x.x, 172.16-31.x.x). + + + +**Important**: If this subnet conflicts with your network, change it in your config **before** registering your first Gerbil. + + +### Customizing Network Settings + +If you need to change the default network: + +```yaml +gerbil: + block_size: 24 # Size of Gerbil's network block + site_block_size: 30 # Size of each site's network block + subnet_group: 10.0.0.0/8 # Custom subnet range + start_port: 51820 # WireGuard server port +``` + + +For heavy WireGuard usage, consider increasing `site_block_size` to 29 (8 IPs) or 28 (16 IPs) per site. + + +## Docker Networking + +### Local Services + +When deploying services in Docker alongside Pangolin: + + + + **For services in the same Docker Compose:** + + - Use service names as hostnames + - Example: `http://pangolin:8080` + - Docker Compose creates internal network automatically + + + + **To access services on the host machine:** + + - Use `172.17.0.1` (Docker bridge gateway) + - Or use `host.docker.internal` (Docker Desktop) + - Example: `http://172.17.0.1:3000` + + + + **For services outside Docker:** + + - Use the host's public IP address + - Ensure firewall allows the required ports + - Consider using VPN or secure tunnels + + diff --git a/self-host/how-to-update.mdx b/self-host/how-to-update.mdx new file mode 100644 index 0000000..58acda7 --- /dev/null +++ b/self-host/how-to-update.mdx @@ -0,0 +1,100 @@ +--- +title: "How to Update" +description: "Keep your Pangolin deployment up to date with the latest features and security patches" +--- + +Updating Pangolin is straightforward since it's a collection of Docker images. Simply pull the latest images and restart the stack. Migration scripts run automatically to update your database and configuration files when needed. + +## Before You Update + + +**Always backup your data before updating.** Copy your `config` directory to a safe location so you can roll back if needed. + + + +**Recommended**: Update incrementally between major versions. For example, update from 1.0.0 → 1.1.0 → 1.2.0 instead of jumping directly from 1.0.0 → 1.2.0. + + +## Update Process + + + + Stop all running containers: + +```bash +sudo docker compose down +``` + + + + Find the latest version numbers: + + - **Pangolin**: [GitHub Releases](https://github.com/fosrl/pangolin/releases) + - **Gerbil**: [GitHub Releases](https://github.com/fosrl/gerbil/releases) + - **Traefik**: [Docker Hub](https://hub.docker.com/_/traefik) + + + Look for the latest stable release (not pre-release or beta versions). + + + + + Edit your `docker-compose.yml` file and update the image versions: + +```yaml title="docker-compose.yml" +services: + pangolin: + image: fosrl/pangolin:1.7.3 # Update to latest version + # ... rest of config + + gerbil: + image: fosrl/gerbil:1.2.1 # Update to latest version + # ... rest of config + + traefik: + image: traefik:v3.4.0 # Update if needed + # ... rest of config + ``` + + + Update each service you want to upgrade. You can update them individually or all at once. + + + + + Download the updated Docker images: + +```bash +sudo docker compose pull +``` + + + + Start the updated containers: + +```bash +sudo docker compose up -d +``` + + + + Watch the logs to ensure everything starts correctly: + +```bash +sudo docker compose logs -f +``` + + + + Test that everything is working: + + 1. Access your Pangolin dashboard + 2. Check that all sites are accessible + 3. Verify tunnel connections (if using Gerbil) + 4. Test any custom configurations + + + If everything works, your update is complete! + + + diff --git a/self-host/manual/docker-compose.mdx b/self-host/manual/docker-compose.mdx new file mode 100644 index 0000000..c0b39e7 --- /dev/null +++ b/self-host/manual/docker-compose.mdx @@ -0,0 +1,308 @@ +--- +title: "Docker Compose" +description: "Deploy Pangolin manually using Docker Compose without the automated installer" +--- + +This guide walks you through setting up Pangolin manually using Docker Compose without the automated installer. This approach gives you full control over the configuration and deployment process. + +This guide assumes you already have a Linux server with Docker and Docker Compose installed. If you don't, please refer to the [official Docker documentation](https://docs.docker.com/get-docker/) for installation instructions. You must also have root access to the server. + +## Prerequisites + +Checkout the [quick install guide](self-host/quick-install) for more info regarding what is needed before you install Pangolin. + +## File Structure + +Create the following directory structure for your Pangolin deployment: + +``` +. +├── config/ +│ ├── config.yml (*) +│ ├── db/ +│ │ └── db.sqlite +│ ├── key +│ ├── letsencrypt/ +│ │ └── acme.json +│ ├── logs/ +│ └── traefik/ +│ ├── traefik_config.yml (*) +│ └── dynamic_config.yml (*) +└── docker-compose.yml (*) +``` + + +Files marked with `(*)` must be created manually. Volumes and other files are generated automatically by the services. + + + + + **`config/config.yml`**: Main Pangolin configuration file + - Contains all Pangolin settings and options + - See [Configuration Guide](/pangolin/configuration/config) for details + + **`config/traefik/traefik_config.yml`**: Traefik static configuration + - Global Traefik settings and entry points + - SSL certificate resolver configuration + + **`config/traefik/dynamic_config.yml`**: Traefik dynamic configuration + - HTTP routers and services for Pangolin + - Load balancer and middleware configuration + + + + **`config/db/db.sqlite`**: SQLite database file + - Created automatically on first startup + - Contains all Pangolin data and settings + + **`config/key`**: Private key file + - Generated by Gerbil service + - Used for WireGuard tunnel encryption + + **`config/letsencrypt/acme.json`**: SSL certificate storage + - Managed by Traefik + - Contains Let's Encrypt certificates + + + + **`docker-compose.yml`**: Service definitions + - Defines Pangolin, Gerbil, and Traefik services + - Network configuration and volume mounts + - Health checks and dependencies + + + + + + ```bash + mkdir -p config/traefik config/db config/letsencrypt config/logs + ``` + + + + Create the main configuration files (see below): + + - `docker-compose.yml` (in project root) + - `config/traefik/traefik_config.yml` + - `config/traefik/dynamic_config.yml` + - `config/config.yml` + + + + Edit the configuration files to replace: + + - `pangolin.example.com` with your actual domain + - `admin@example.com` with your email address + + + Ensure your domain DNS is properly configured to point to your server's IP address. + + + + +## Starting the Stack + + + + ```bash + sudo docker compose up -d + ``` + + + + ```bash + sudo docker compose logs -f + ``` + + + + ```bash + sudo docker compose ps + ``` + + All services should show "Up" status after a few minutes. + + + + Navigate to `https://your-domain.com/auth/initial-setup` to complete the initial setup. + + + The dashboard should load with SSL certificate automatically configured. + + + + +## Docker Compose Configuration + +Create `docker-compose.yml` in your project root: + +```yaml title="docker-compose.yml" +services: + pangolin: + image: fosrl/pangolin:latest # https://github.com/fosrl/pangolin/releases + container_name: pangolin + restart: unless-stopped + volumes: + - ./config:/app/config + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] + interval: "3s" + timeout: "3s" + retries: 15 + + gerbil: + image: fosrl/gerbil:latest # https://github.com/fosrl/gerbil/releases + container_name: gerbil + restart: unless-stopped + depends_on: + pangolin: + condition: service_healthy + command: + - --reachableAt=http://gerbil:3003 + - --generateAndSaveKeyTo=/var/config/key + - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config + - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth + volumes: + - ./config/:/var/config + cap_add: + - NET_ADMIN + - SYS_MODULE + ports: + - 51820:51820/udp + - 443:443 # Port for traefik because of the network_mode + - 80:80 # Port for traefik because of the network_mode + + traefik: + image: traefik:v3.4.0 + container_name: traefik + restart: unless-stopped + network_mode: service:gerbil # Ports appear on the gerbil service + depends_on: + pangolin: + condition: service_healthy + command: + - --configFile=/etc/traefik/traefik_config.yml + volumes: + - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration + - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates + +networks: + default: + driver: bridge + name: pangolin +``` + +## Traefik Static Configuration + +Create `config/traefik/traefik_config.yml`: + +```yaml title="config/traefik/traefik_config.yml" +api: + insecure: true + dashboard: true + +providers: + http: + endpoint: "http://pangolin:3001/api/v1/traefik-config" + pollInterval: "5s" + file: + filename: "/etc/traefik/dynamic_config.yml" + +experimental: + plugins: + badger: + moduleName: "github.com/fosrl/badger" + version: "latest" + +log: + level: "INFO" + format: "common" + +certificatesResolvers: + letsencrypt: + acme: + httpChallenge: + entryPoint: web + email: admin@example.com # REPLACE WITH YOUR EMAIL + storage: "/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + +entryPoints: + web: + address: ":80" + websecure: + address: ":443" + transport: + respondingTimeouts: + readTimeout: "30m" + http: + tls: + certResolver: "letsencrypt" + +serversTransport: + insecureSkipVerify: true +``` + +## Traefik Dynamic Configuration + +Create `config/traefik/dynamic_config.yml`: + +```yaml title="config/traefik/dynamic_config.yml" +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + + routers: + # HTTP to HTTPS redirect router + main-app-router-redirect: + rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN + service: next-service + entryPoints: + - web + middlewares: + - redirect-to-https + + # Next.js router (handles everything except API and WebSocket paths) + next-router: + rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # API router (handles /api/v1 paths) + api-router: + rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + services: + next-service: + loadBalancer: + servers: + - url: "http://pangolin:3002" # Next.js server + + api-service: + loadBalancer: + servers: + - url: "http://pangolin:3000" # API/WebSocket server +``` + +## Pangolin Configuration + +Create `config/config.yml` with your Pangolin settings. See the [configuration guide](/self-host/advanced/config-file) for detailed options and examples. diff --git a/self-host/manual/unraid.mdx b/self-host/manual/unraid.mdx new file mode 100644 index 0000000..d23341d --- /dev/null +++ b/self-host/manual/unraid.mdx @@ -0,0 +1,356 @@ +--- +title: "Unraid Deployment" +description: "Deploy Pangolin on Unraid for local reverse proxy and tunneling" +--- + +## Overview + +This guide explains how to use Pangolin and Traefik as a local reverse proxy without Gerbil and its tunneling features. The second (optional) part will expand on this and show how to enable tunneling by setting up Gerbil. + +All containers are available in the Unraid Community Apps (CA) store. If you're not familiar with Unraid, you can find more information on their [website](https://unraid.net/). + +This installation has a lot of moving parts and is a bit non-standard for Unraid because Pangolin and its components were designed to run as micro-services on a VPS in tunneling mode. However, some may want to use "Local" reverse proxying on their Unraid server or use their Unraid server as a tunnel controller with Gerbil. For either of these use cases, follow the steps outlined in this guide. + +## Prerequisites + +- A working Unraid server. +- A domain name with access to configure DNS and the ability to port forward on your network. + - The networking is the same as for the VPS, just on your local network, so please refer to [networking page](/self-host/dns-and-networking) for more info. + +## Create a Docker Network + +Before starting, create a new docker network on Unraid. This will simplify things, and allow the containers to communicate with each other via their container names. If you already have a network, there is no need to create another one. + +1. Open the web terminal in Unraid. +2. Run the following command: + + +You can use any name you want for the network. We will use `mynetwork` in this guide. + + +```bash +docker network create mynetwork +``` + +For more info on this, see this [tutorial by IBRACORP](https://www.youtube.com/watch?v=7fzBDCI8O2w). + +## 1. Setup Pangolin and Traefik + +This first part will enable Pangolin to work in "Local" reverse proxy mode. Newt and WireGuard will **not** be able to be used after finishing this first part. However, if you want to use those features, you still need to follow this first part of the tutorial because we show how to set up Pangolin and Traefik first. + +### Install and Setup Pangolin + +#### 1. Create the Config Files + +Pangolin uses a yaml file for configuration. If this is not present on start up, the container will throw an error and exit. + +Create a `config.yml` file in the `config` folder. + +See the [Configuration](/pangolin/configuration/config) section for what to put in this file. + +``` +pangolin/ +├─ config/ +│ ├─ config.yml +``` + +#### 2. Install Pangolin via the CA Store + +#### 3. Configure Pangolin + +Set the network to the one you created earlier. + +Pangolin configuration settings in Unraid + +**Ports:** + +Due to the way Pangolin was designed to work with docker compose and a config file, the way it handles ports is a little different as compared to other popular Unraid containers. For all host ports: + +The host ports, container ports, and ports in the config should match for simplicity. This is because the Pangolin config also has ports in it. If you decide to use a non-default port, you would need to edit the port in the template and the config file. + +For example, to change the port for the WebUI: + +- Click edit on the port +- Set the "Container Port" to the new port you want to use +- Set the "Host Port" to the new port you want to use +- Edit Pangolin's config file and set `server.next_port` to the new port you want to use + +#### 4. Start the Pangolin Container + + +Pangolin will not start without a config file. If you have not created the config file or the config file is invalid, the container will throw an error and exit. + + +#### 5. Log in to the dashboard + +After successful installation: + +1. Complete the initial admin user setup via the dashboard at `https:///auth/initial-setup` +2. You can log in using the admin email and password you provided +3. Create your first "Local" site for local reverse proxying + +### Install and Setup Traefik + +Before starting with Traefik, shut down the Pangolin container. + +#### 1. Create the Config Files + +Update the appdata path with new files for Traefik. At this point there may be some extra files generated by Pangolin. + +``` +pangolin/ +├─ config/ +│ ├─ config.yml +│ ├─ letsencrypt/ +│ ├─ traefik/ +│ │ ├─ dynamic_config.yml +│ │ ├─ traefik_config.yml +``` + +**`pangolin/config/traefik/traefik_config.yml`:** + +```yaml title="pangolin/config/traefik/traefik_config.yml +api: + insecure: true + dashboard: true + +providers: + http: + endpoint: "http://pangolin:3001/api/v1/traefik-config" + pollInterval: "5s" + file: + filename: "/etc/traefik/dynamic_config.yml" + +experimental: + plugins: + badger: + moduleName: "github.com/fosrl/badger" + version: "latest" + +log: + level: "INFO" + format: "common" + +certificatesResolvers: + letsencrypt: + acme: + httpChallenge: + entryPoint: web + email: admin@example.com # REPLACE THIS WITH YOUR EMAIL + storage: "/letsencrypt/acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + +entryPoints: + web: + address: ":80" + websecure: + address: ":443" + transport: + respondingTimeouts: + readTimeout: "30m" + http: + tls: + certResolver: "letsencrypt" + +serversTransport: + insecureSkipVerify: true +``` + +**`pangolin/config/traefik/dynamic_config.yml`:** + +The dynamic configuration file is where you define the HTTP routers and services for the Pangolin frontend and backend. Below is an example configuration for a Next.js frontend and an API backend. + +The domain you enter here is what will be used to access the main Pangolin dashboard. Make sure you have the DNS set up correctly for this domain. Point it to the IP address of the server running Pangolin. + +```yaml title="pangolin/config/traefik/dynamic_config.yml" +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + + routers: + # HTTP to HTTPS redirect router + main-app-router-redirect: + rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN + service: next-service + entryPoints: + - web + middlewares: + - redirect-to-https + + # Next.js router (handles everything except API and WebSocket paths) + next-router: + rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # API router (handles /api/v1 paths) + api-router: + rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(`pangolin.example.com`)" # REPLACE THIS WITH YOUR DOMAIN + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + services: + next-service: + loadBalancer: + servers: + - url: "http://pangolin:3002" # Next.js server + + api-service: + loadBalancer: + servers: + - url: "http://pangolin:3000" # API/WebSocket server +``` + +#### 2. Install Traefik via the CA Store + +This section will use the Traefik template from the "IBRACORP" repository. If you already have a Traefik installation running, you should manually configure your Traefik config to work with Pangolin. + +Traefik repository selection in Community Apps + +#### 3. Configure Traefik + +Traefik configuration settings in Unraid + + +Please refer to the official Traefik docs for more information on the Traefik configuration beyond this guide. + + +**Match your config to the one above. You will have to remove some of the default variables in the template that are not needed. You can always add them back if you need them later.** + +**Network Type:** + +Set the network type to the one you created earlier. + +**Post Arguments:** + +Tell Traefik where the config file is located by adding the following to the "Post Arguments" field. This is not the host path, but the path inside the container. + +```bash +--configFile=/etc/traefik/traefik_config.yml +``` + +**Config Folder:** + +If you're using the Traefik config generated by Pangolin, point this to the same appdata path as Pangolin, but append `/traefik`, like this: `/config/traefik`. + +**Lets Encrypt (Host Path 2 in screenshot):** + +Traefik will store the certification information here. You can make this path anywhere you want. For simplicity, we're placing it in the same config path at `/config/letsencrypt`. + +**Ports:** + +You will need to port forward the https and http ports listed in the config on your network's router. + +#### 4. Port Forwarding + +You will need to port forward the ports you set in the Traefik config on your network's router. This is so that Traefik can receive traffic from the internet. You should forward 443 to the https port and 80 to the http port you set in the Traefik config. + +## 2. Add Gerbil for Tunneling (Optional) + + +If you do not want to use the tunneling feature of Pangolin and only want to use it as a local reverse proxy, you can stop here. + + +Before setting up Gerbil, shut down Traefik and Pangolin. + +If you plan to use tunneling features of Pangolin with Newt or WireGuard, you will need to add Gerbil to the stack. Gerbil is the tunnel controller for Pangolin and is used to manage the tunnels between the Pangolin server and the client. + +Luckily, adding Gerbil is fairly easy. + +The important concept to understand going forward, is we need to network Traefik through Gerbil. All Traefik traffic goes through the Gerbil container and exits. + +#### 1. Install Gerbil via the CA Store + +#### 2. Configure Gerbil + +Set the network to the one you created earlier. + +Gerbil configuration settings in Unraid + +**Important things to consider:** + +**Internal Communication:** + +Anywhere you see `http://pangolin:3001` must match. The hostname should be the name of the Pangolin container on the docker network you're using. This is because it is routed using the internal docker DNS address. The port must also match the port you have set for the internal port in Pangolin. These defaults will work unless you changed these values earlier when setting up Pangolin. + +**WireGuard Port:** + +The port you use for WireGuard must also match what you set the port to in the Pangolin config. By default we use a slightly different port than the standard WireGuard port to avoid conflicts with the built in WireGuard server in Unraid. + +**HTTP and HTTPS Ports:** + +You must open these ports because Traefik will be routed through Gerbil. These ports should match the ports you set in the Traefik config earlier. In the next step, we will set the network mode for Traefik which will close the ports on the Traefik side, and prevent conflicts. Before doing this, if you start the Traefik container at the same time as the Gerbil container with the same ports mapped to the host, you will get an error. + +#### 3. Network Traefik Through Gerbil + +As discussed earlier we need to network Traefik through Gerbil. This is pretty easy. We will do all of this in the Traefik container settings. + +Toggle advanced settings, and add the following to the "Extra Parameters" section. + +```bash +--net=container:Gerbil +``` + +Then, set "Network Type" to "None". + +Traefik networking configuration through Gerbil + +#### 4. Start the stack + +We recommend to start the whole stack in the following order: + +1. Pangolin +2. Gerbil +3. Traefik + +#### 5. Port Forwarding + +You will need to port forward the WireGuard port you set in the Gerbil config on your network's router. This is so that the client can connect to the server. + +#### 6. Verify Tunnels are Functional + +Your logs for Gerbil should look something like this: + + +You probably won't have the peer connection messages but in general, you should see the WireGuard interface being started. + + +Gerbil logs showing WireGuard interface startup + +Log back into the Pangolin dashboard and create a new site with Newt or basic WireGuard. Copy the credentials to your client and connect. You should see the tunnel status change to "Online" after a few moments if the connection is successful. Remember to also monitor the logs on the client and server. diff --git a/self-host/quick-install.mdx b/self-host/quick-install.mdx new file mode 100644 index 0000000..85ef8ec --- /dev/null +++ b/self-host/quick-install.mdx @@ -0,0 +1,155 @@ +--- +title: "Quick Install Guide" +description: "Deploy your own Pangolin reverse proxy server in under 10 minutes with our automated installer" +--- + +## Prerequisites + +Before you begin, ensure you have: + +- **Linux server** with root access and public IP address +- **Domain name** pointing to your server's IP address for the dashboard +- **Email address** for Let's Encrypt SSL certificates and admin log in +- **Open ports on firewall** for 80 (TCP), 443 (TCP), and 51820 (UDP) + + +**Recommended**: Ubuntu 20.04+ or Debian 11+ for best compatibility and performance. + + +## Choose Your Server + +Need help choosing? See our [complete VPS guide](/self-host/choosing-a-vps) for suggestions. + +## DNS & Networking + +Before installing Pangolin, ensure you've set up DNS for your domain(s) and opened the required port on your firewall. See our guide on [DNS & networking](/self-host/dns-and-networking) for more information. + +## Installation Process + + + + Connect to your server via SSH and download the installer: + + ```bash + wget -O installer "https://github.com/fosrl/pangolin/releases/download/${release}/installer_linux_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')" + chmod +x ./installer + ``` + + The installer supports both AMD64 (x86_64) and ARM64 architectures. + + + + Execute the installer with root privileges: + + ```bash + sudo ./installer + ``` + + The installer places all files in the current directory. Move the installer to your desired installation directory before running it. + + + + The installer will prompt you for essential configuration: + + - **Base Domain**: Enter your root domain without subdomains (e.g., `example.com`) + - **Dashboard Domain**: Press Enter to accept the default `pangolin.example.com` or enter a custom domain + - **Let's Encrypt Email**: Provide an email for SSL certificates and admin login + - **Tunneling**: Choose whether to install Gerbil for tunneled connections (default: yes). You can run Pangolin without tunneling. It will function as a standard reverse proxy. + + + + + Email functionality is optional and can be added later. + + + Choose whether to enable SMTP email functionality: + + - **Default**: No (recommended for initial setup) + - **If enabled**: You'll need SMTP server details (host, port, username, password) + + + + + Confirm that you want to install and start the containers: + + - The installer will pull Docker images (pangolin, gerbil, traefik) + - Containers will be started automatically + - This process takes 2-3 minutes depending on your internet connection + + You'll see progress indicators as each container is pulled and started. + + + + The installer will ask if you want to install CrowdSec for additional security: + + - **Default**: No (recommended for initial setup) + - **If enabled**: You'll need to confirm you're willing to manage CrowdSec configuration + + + CrowdSec adds complexity and requires manual configuration for optimal security. Only enable if you're comfortable managing it. + + + + CrowdSec can be installed later if needed. The basic installation provides sufficient security for most use cases. + + + + +## Post-Installation Setup + +Once installation completes successfully, you'll see: + +``` +Installation complete! + +To complete the initial setup, please visit: +https://pangolin.example.com/auth/initial-setup +``` + + + + Navigate to the URL shown in the installer output: + + ``` + https:///auth/initial-setup + ``` + + + The dashboard should load with SSL certificate automatically configured. It might take a few minutes for the first cert to validate, so don't worry if the brwoser throws an insecure warning. + + + + + Complete the initial admin user setup: + + - Enter your admin email address + - Set a strong password + - Verify your email (if email is configured) + + + Use a strong, unique password for your admin account. This account has full system access. + + + + + After logging in: + + 1. Click "Create Organization" + 2. Enter organization name and description + + + You're now ready to start adding applications and configuring your reverse proxy! + + + + +## Video Walkthrough + + diff --git a/self-host/supporter-program.mdx b/self-host/supporter-program.mdx new file mode 100644 index 0000000..fba1b60 --- /dev/null +++ b/self-host/supporter-program.mdx @@ -0,0 +1,128 @@ +--- +title: "Supporter Program" +description: "Support Pangolin development and remove UI elements with a supporter key" +--- + +Pangolin self-hosted will always be free and open source, but maintaining the project takes time and resources. The supporter program helps fund ongoing development — including bug fixes, new features, and community support. + +## Supporter Tiers + + + + **Perfect for small teams** + + - **User limit**: 5 or fewer users + - **Support button**: Removed from UI + - **Usage**: Unlimited servers and installations + - **Upgrade**: Available to Full Supporter + + + Once you add your 6th user, the support button will return. Remove a user or upgrade to Full Supporter to hide it again. + + + + + **Perfect for larger teams** + + - **User limit**: Unlimited users + - **Support button**: Permanently removed + - **Usage**: Unlimited servers and installations + - **Best value**: For growing teams + + + The support button and other marks will never return, regardless of user count. + + + + +Supporter tier comparison showing Limited vs Full Supporter benefits + +## How to Get Your Supporter Key + + + + Go to our [GitHub Sponsors page](https://github.com/sponsors/fosrl) and purchase either: + + - **Limited Supporter**: $25 one-time + - **Full Supporter**: $95 one-time + + + + After purchase, visit [supporters.fossorial.io](https://supporters.fossorial.io) and: + + 1. Log in with your GitHub account + 2. Copy your supporter key + + + + In your Pangolin dashboard: + + 1. Click the supporter button + 2. Enter your supporter key + 3. Click "Redeem" + + + +Pangolin supporter key redemption interface + +## Frequently Asked Questions + + + + **Unlimited usage** + + You can use your supporter key on as many servers and installations as you want. There are no restrictions on the number of deployments. + + + + **Yes, but requires new purchase** + + To upgrade from Limited to Full Supporter: + + 1. Purchase the Full Supporter ($95) tier on GitHub + 2. Your account will be automatically upgraded + 3. Restart your Pangolin server to update the status + + + Due to GitHub's tier system, you must purchase the higher tier even if you already have the lower one. This results in an extra donation, which we appreciate! + + + + + **Temporary hiding available** + + You can click "Hide for 7 days" at the bottom of the supporter dialog to temporarily hide the button without purchasing a supporter key. + + + + **Thanks for the extra donation!** + + You can only obtain one supporter key per tier. Additional purchases of the same tier won't change your key, but we appreciate the extra support! + + + + **No refunds available** + + GitHub Sponsors does not allow us to refund donations. Please make sure you're comfortable supporting the project before purchasing a tier. + + + + **Limited Supporter restrictions** + + If you have a Limited Supporter key and add your 6th user: + + - The support button will return to the UI + - You can either remove a user or upgrade to Full Supporter + - Your key remains valid for other installations + + + Full Supporter keys have no user limits. + + + diff --git a/snippets/snippet-intro.mdx b/snippets/snippet-intro.mdx deleted file mode 100644 index e20fbb6..0000000 --- a/snippets/snippet-intro.mdx +++ /dev/null @@ -1,4 +0,0 @@ -One of the core principles of software development is DRY (Don't Repeat -Yourself). This is a principle that applies to documentation as -well. If you find yourself repeating the same content in multiple places, you -should consider creating a custom snippet to keep your content in sync.