- cross-posted to:
- selfhosted@lemmy.world
- cross-posted to:
- selfhosted@lemmy.world
You must log in or # to comment.
Oh some of these are interesting. Definitely want investigate Pangolin having cobbled together my own wire guard setup.
I’ve used it and it’s great. Basically an alternative to Cloudflare Tunnels. There’s still some minor pain points with getting auth set up, but you can basically just have a VPS that runs it as a central access point for less secure services.
Yeah that sounds nice. I already use a VPS for this, but I would love to put other devices on the VPN with the vps for different services and such.
I basically run only this on the cheapest VPS I can find. Then everything else is just tunneled from my local machines and exposed on domains with permissions managed by Pangolin. You can set up permission groups and such.
That way I can have groups for like family, myself, and sharing that all have access to different services.
You can also create temporary links that allow you to share access to a resource for only a set time period or set number of uses.
So for services that already have a means of authentication, do you leave them unprotected by Pangolin? Take, Jellyfin, I have that set up to be accessible at a subdomain, and I imagine it wouldn’t work correctly if Pangolin was attempting to perform some kind of authentication step before connecting to the resource.
So far I like it, but the “authentication” part seems like something I wouldn’t really be using. But getting my box at home connected to the VPS was a sinch, and I love that. I might add my NAS to it so I can put a client on my laptop so I can access it remotely to map shared drives and such.
You don’t need to use their authentication step. It just makes it easy to expose services that you don’t necessarily have authentication for since it’s acting as both a tunnel and reverse proxy.
I use it to create subdomains and such, also means I don’t need to expose any ports on my home server since the only thing that’s actually exposed is the Pangolin instance on my VPS.
You can run into issues with services that require a consistent domain name since the pangolin record won’t necessarily match your local domain.
Since their authentication is just a layer on top of whatever you have, it means you can be a bit less strict with your internal auth and lean more on their layer to prevent access to login pages that may not be secure. Since all traffic routed through Pangolin will get SSL encryption, it also means you can skip SSL locally if you don’t care about people snooping traffic on your LAN.
Yeah, I just finished migrating everything, and it’s very cool. I’m going to give the clients a spin at some point. It would be cool to be able to map a network folder from my NAS even though I’m away from my home network for example.
I access most of my services via their domain address when at home anyway. Ideally, I’d have some kind of local DNS that would see those domain requests and route them locally, but I’ve never really found a practical solution to that. It feels like I’d be maintaining two reverse proxies to get that done.
To keep the DNS lookup local on your own network, you would need to maintain a separate local reverse proxy. That can be used to drive the Pangolin proxy though by just using the domain name defined in the local proxy since the newt instance is checking your local domain on the reverse side.
That way you don’t need to use IP addresses in your pangolin instance and can use domains defined by your local proxy.
Bento PDF seems cool. If I can hit it with an API call, that could actually be useful for standardizing PDF deliverables at my job.
