.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Pangolin is an open-source and identity-aware tunneled reverse proxy server. Pangolin’s distributed architecture with nodes provide highly available ingress to ensure applications always remain accessible. Pangolin establishes secure connections from edge networks to nodes, bypassing the need for public inbound ports and complex firewall configurations. Pangolin is incredibly useful for exposing local services, IoT devices, or internal applications to the internet without direct exposure, enhancing security by reducing attack surface and simplifying network management. Additionally, Pangolin acts as an identity-aware proxy by authenticating every request against admin-defined access controls and rules. For more info about Pangolin, visit the official documentation page.
Requirements:
- Domain name pointing to your server’s IP address for the dashboard - this is MANDATORY, you cannot use your public IP address, you need your own domain and to be able to add an A record in its DNS zone to point to the Pangolin dashboard!
- Email address for Let’s Encrypt SSL certificates and admin log in
- Open ports on firewall for 80 (TCP), 443 (TCP), 51820 (UDP), and 21820 (UDP for clients) - by default all ports are opened on your VPS
The installer will start automatically at first login via SSH and will prompt you for essential configuration:
- Base Domain: Enter your root domain without subdomains (e.g., example.com)
- Dashboard Domain: Press Enter to accept the default pangolin.example.com or enter a custom domain
- Let’s Encrypt Email: Provide an email for SSL certificates and admin login
- Tunneling: Choose whether to install Gerbil for tunneled connections (default: yes). You can run Pangolin without tunneling. It will function as a standard reverse proxy.
Choose whether to enable SMTP email functionality:
- Default: No (recommended for initial setup)
- If enabled: You’ll need SMTP server details (host, port, username, password)
Confirm that you want to install and start the containers:
- The installer will pull Docker images (pangolin, gerbil, traefik)
- Containers will be started automatically
- This process takes 2-3 minutes depending on your internet connection
- You’ll see progress indicators as each container is pulled and started.
The installer will ask if you want to install CrowdSec for additional security:
- Default: No (recommended for initial setup)
- If enabled: You’ll need to confirm you’re willing to manage CrowdSec configuration - CrowdSec adds complexity and requires manual configuration for optimal security. Only enable if you’re comfortable managing it.
Once installation completes successfully, it will generate a setup token (copy it as you will need it in the next step) and you’ll see:
Installation complete!
To complete the initial setup, please visit:https://pangolin.example.com/auth/initial-setup
Navigate to the URL shown in the installer output (https://<your-dashboard-domain>/auth/initial-setup) and complete the admin and site setup. You will need to ENTER THE SETUP TOKEN generated at the end of the installation. The dashboard should load with SSL certificate automatically configured. It might take a few minutes for the first cert to validate, so don’t worry if the browser throws an insecure warning.
