User:Jackrosenberg/Pangolin: Difference between revisions
Appearance
m Env file explanation (will do more tomorrow) |
Added the format of the setup token since it is specific |
||
| Line 37: | Line 37: | ||
=== EnvironmentFile === | === EnvironmentFile === | ||
Pangolin requires a [https://docs.pangolin.net/manage/sites/credentials#secret server secret], used for handshake authentication. Additionally, you may provide the setup token as shown below, which saves the trouble of finding it in logs with <code> journalctl -eu pangolin | grep token</code>. Naturally, don't use these secrets. | Pangolin requires a [https://docs.pangolin.net/manage/sites/credentials#secret server secret], used for handshake authentication. Additionally, you may provide the setup token as shown below, which saves the trouble of finding it in logs with <code> journalctl -eu pangolin | grep token</code>. The format for the setup token<ref>https://github.com/fosrl/pangolin/blob/d4138e2141816669ad9b3b139f4b0db019ad26b4/server/setup/ensureSetupToken.ts#L19-L22</ref> is <code>^[a-z0-9]{32}$</code>. Naturally, don't use these secrets. | ||
{{file|pangolin.env|env| | {{file|pangolin.env|env| | ||
Latest revision as of 00:17, 10 July 2026

Pangolin is an identity-aware VPN and proxy for remote access to anything, anywhere.
Prerequisites
To use pangolin you'll need a domain and a public accessible static IP address.
See the setup docs for more information.
Installation
TODO
❄︎ configuration.nix
{
services.pangolin = {
enable = true;
# this part is technically not needed,
# but omitting it will allow
# ANYONE TO CREATE ACCOUNTS AND
# ORGANIZATIONS ON YOUR PANGOLIN INSTANCE
settings = {
flags = {
disable_signup_without_invite = true;
disable_user_create_org = true;
};
};
baseDomain = "example.com";
letsEncryptEmail = "john_doe@proton.me"; # an email you have access to
openFirewall = true;
environmentFile = "/etc/nixos/secrets/pangolin.env";
};
}
EnvironmentFile
Pangolin requires a server secret, used for handshake authentication. Additionally, you may provide the setup token as shown below, which saves the trouble of finding it in logs with journalctl -eu pangolin | grep token. The format for the setup token[1] is ^[a-z0-9]{32}$. Naturally, don't use these secrets.
≡︎ pangolin.env
SERVER_SECRET=2w34etdr546rftygu8678yuhihg87objpvfctoyvihdr4u6
PANGOLIN_SETUP_TOKEN=123456789abcdefg