pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-25 22:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Define resources and small formating updates

Browse Source
This commit is contained in:
Owen
2025-12-10 18:02:03 -05:00
parent ea68e3a6bc
commit de61a00717
11 changed files with 73 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
manage/sites/configure-site.mdx
View File

@@ -351,7 +351,7 @@ Default locations:
- **Windows**: `%PROGRAMDATA%\newt\newt-client\config.json`
- **Linux/Others**: `~/.config/newt-client/config.json`
### Docker Socket Integration
## Docker Socket Integration
Newt can integrate with the Docker socket to provide remote inspection of Docker containers. This allows Pangolin to query and retrieve detailed information about containers running on the Newt client, including metadata, network configuration, port mappings, and more.
@@ -398,7 +398,7 @@ services:
If the Docker socket is not available or accessible, Newt will gracefully disable Docker integration and continue normal operation.
</Note>
#### Hostnames vs IPs
**Hostnames vs IPs**
When the Docker Socket Integration is used, depending on the network which Newt is run with, either the hostname (generally considered the container name) or the IP address of the container will be sent to Pangolin:
@@ -407,19 +407,17 @@ When the Docker Socket Integration is used, depending on the network which Newt
- **Running in docker-compose without a network specification**: Docker compose creates a network for the compose by default, hostnames will be used
- **Running on docker-compose with defined network**: Hostnames will be used
#### Docker Enforce Network Validation
**Docker Enforce Network Validation**
When run as a Docker container, Newt can validate that the target being provided is on the same network as the Newt container and only return containers directly accessible by Newt. Validation will be carried out against either the hostname/IP Address and the Port number to ensure the running container is exposing the ports to Newt.
Validation is `false` by default. It can be enabled via setting the `--docker-enforce-network-validation` CLI argument or by setting the `DOCKER_ENFORCE_NETWORK_VALIDATION` environment variable.
<Warning>
If the Newt container is run with a network mode of `host`, this feature will not work. Running in `host` mode causes the container to share its resources with the host machine, making it impossible to retrieve specific host container information for network validation.
</Warning>
**Configuration:**
Validation is `false` by default. It can be enabled via setting the `--docker-enforce-network-validation` CLI argument or by setting the `DOCKER_ENFORCE_NETWORK_VALIDATION` environment variable.
### Updown Scripts
## Updown Scripts
You can pass in an updown script for Newt to call when it is adding or removing a target:
@@ -442,11 +440,11 @@ Returning a string from the script in the format of a target (`ip:dst` so `10.0.
You can look at `updown.py` as a reference script to get started!
</Note>
### mTLS Authentication
## mTLS Authentication
Newt supports mutual TLS (mTLS) authentication if the server is configured to request a client certificate. You can use either a PKCS12 (.p12/.pfx) file or split PEM files for the client cert, private key, and CA.
#### Option 1: PKCS12 (Legacy)
### Option 1: PKCS12 (Legacy)
<Note>
This is the original method and still supported.
@@ -469,7 +467,7 @@ newt \
--tls-client-cert ./client.p12
```
#### Option 2: Split PEM Files (Preferred)
### Option 2: Split PEM Files (Preferred)
You can now provide separate files for:

10
manage/sites/install-site.mdx
View File

@@ -37,7 +37,7 @@ Run Newt with the configuration from Pangolin:
newt \
--id 31frd0uzbjvp721 \
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
--endpoint https://example.com
--endpoint https://app.pangolin.net
```
<Note>
The quick installer will do this step for you.
@@ -53,7 +53,7 @@ Description=Newt
After=network.target
[Service]
ExecStart=/usr/local/bin/newt --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com
ExecStart=/usr/local/bin/newt --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://app.pangolin.net
Restart=always
User=root
@@ -82,7 +82,7 @@ Run Newt with CLI arguments from Pangolin:
```bash
docker run -it fosrl/newt --id 31frd0uzbjvp721 \
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
--endpoint https://example.com
--endpoint https://app.pangolin.net
```
### Docker Compose
@@ -109,7 +109,7 @@ A safer but slightly more complex way is to use [Compose Secrets](https://docs.d
{
"id": "2ix2t8xk22ubpfy",
"secret": "nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2",
"endpoint": "https://example.com",
"endpoint": "https://app.pangolin.net",
"tlsClientCert": ""
}
```
@@ -145,7 +145,7 @@ services:
command:
- --id 31frd0uzbjvp721
- --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
- --endpoint https://example.com
- --endpoint https://app.pangolin.net
```
Start the service: