Pangolin (CE)

Generated on 22 Oct 2025 from the Pangolin (CE) catalog page

Pangolin is a self-hosted tunneled reverse proxy server with identity and context aware access control, designed to easily expose and protect applications running anywhere. Pangolin acts as a central hub and connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports or requiring a VPN.

Software Included

Package Version License
Pangolin latest ALGP-3.0
Docker CE 28.5.1 Apache License, Version 2.0

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the Pangolin (CE) 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB Pangolin (CE) Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "fossorial-pangolince1"}' \
        "https://api.digitalocean.com/v2/droplets"

Getting Started After Deploying Pangolin (CE)

Pangolin Deployment Guide

This guide walks you through deploying and configuring Pangolin using the DigitalOcean Marketplace 1-Click App.

Deployment Steps

1. Create a Droplet from the Marketplace

  1. Log in to your DigitalOcean account.
  2. Navigate to the Marketplace and search for “Pangolin”.
  3. Click on the Pangolin 1-Click App.
  4. Configure your Droplet:
    • Choose a plan (recommended: at least 1 CPU and 1GB RAM; it can be deployed on DigitalOcean’s $6 s-1vcpu-1gb)
    • Select a datacenter region
    • Add SSH keys for authentication
    • Choose a hostname (e.g., pangolin-server)
  5. Click “Create Droplet”.

2. DNS Configuration

Before proceeding with setup, you need to configure your domain to point to your new Droplet:

  1. Obtain your Droplet’s IP address from the DigitalOcean control panel.
  2. Go to your domain registrar or DNS provider.
  3. Create an A record that points your domain or subdomain to your Droplet’s IP address.
   Type: A
   Name: pangolin (or @ for root domain)
   Value: your_droplet_ip
   TTL: 3600 (or as low as possible for faster propagation)
  1. Wait for DNS propagation (can take 5 minutes to several hours).

3. Initial Setup

  1. Once your Droplet is created, connect to it via SSH:
   ssh root@your_droplet_ip

  1. The first-login setup script will run automatically, guiding you through the initial configuration:

    • Enter your domain name
    • Provide your email for SSL certificates
    • The script will run the Pangolin installer
    • The script will generate an admin sign-up secret for you to use on your first login

  2. After the installer completes, you’ll be able to access the Pangolin dashboard.

4. Dashboard Setup

  1. Open a web browser and navigate to https://your-domain.com.
  2. Follow the on-screen instructions to:
    • Create an admin account using the sign-up secret provided during setup
    • Set up your organization
    • Configure your first site

5. Connecting Remote Sites

Pangolin allows you to connect remote sites using either the Newt client or standard WireGuard.

6. Exposing Resources

  1. In the Pangolin dashboard, go to Resources > Add Resource.

  2. Configure your resource:

    • Name: A descriptive name
    • Type: HTTP/HTTPS, TCP, or UDP
    • Target: The IP and port of the service on your private site
    • Domain: The domain or subdomain to access the resource
    • Access Control: Set authentication and permission rules

  3. Save the resource configuration.

  4. Your private resource is now securely accessible through Pangolin.

7. Security Considerations

  • The Pangolin Droplet comes with UFW firewall pre-configured to allow only necessary ports.
  • Set up 2FA for your admin account in the Pangolin dashboard.
  • Consider setting up CrowdSec for additional protection against brute force attacks.
  • Regularly update your Pangolin installation with the latest security patches.

8. Maintenance and Updates

To update Pangolin in the future:

  1. SSH into your Droplet:
   ssh root@your_droplet_ip
  1. Follow the docs for how to update the containers: https://docs.pangolin.net/self-host/how-to-update

Troubleshooting

Cannot Access Dashboard

  1. Verify DNS configuration with dig your-domain.com.
  2. Check that your domain points to your Droplet’s IP address.
  3. Ensure SSL certificates were issued correctly:
   cd /opt/pangolin
   docker compose logs traefik
  1. Check firewall settings on both the Pangolin server and remote site.
  2. Verify network connectivity with ping or traceroute.

Need Help?

We can't find any results for your search.

Try using different keywords or simplifying your search terms.