So for services that already have a means of authentication, do you leave them unprotected by Pangolin? Take, Jellyfin, I have that set up to be accessible at a subdomain, and I imagine it wouldn’t work correctly if Pangolin was attempting to perform some kind of authentication step before connecting to the resource.
So far I like it, but the “authentication” part seems like something I wouldn’t really be using. But getting my box at home connected to the VPS was a sinch, and I love that. I might add my NAS to it so I can put a client on my laptop so I can access it remotely to map shared drives and such.
You don’t need to use their authentication step. It just makes it easy to expose services that you don’t necessarily have authentication for since it’s acting as both a tunnel and reverse proxy.
I use it to create subdomains and such, also means I don’t need to expose any ports on my home server since the only thing that’s actually exposed is the Pangolin instance on my VPS.
You can run into issues with services that require a consistent domain name since the pangolin record won’t necessarily match your local domain.
Since their authentication is just a layer on top of whatever you have, it means you can be a bit less strict with your internal auth and lean more on their layer to prevent access to login pages that may not be secure. Since all traffic routed through Pangolin will get SSL encryption, it also means you can skip SSL locally if you don’t care about people snooping traffic on your LAN.
Yeah, I just finished migrating everything, and it’s very cool. I’m going to give the clients a spin at some point. It would be cool to be able to map a network folder from my NAS even though I’m away from my home network for example.
I access most of my services via their domain address when at home anyway. Ideally, I’d have some kind of local DNS that would see those domain requests and route them locally, but I’ve never really found a practical solution to that. It feels like I’d be maintaining two reverse proxies to get that done.
To keep the DNS lookup local on your own network, you would need to maintain a separate local reverse proxy. That can be used to drive the Pangolin proxy though by just using the domain name defined in the local proxy since the newt instance is checking your local domain on the reverse side.
That way you don’t need to use IP addresses in your pangolin instance and can use domains defined by your local proxy.
So for services that already have a means of authentication, do you leave them unprotected by Pangolin? Take, Jellyfin, I have that set up to be accessible at a subdomain, and I imagine it wouldn’t work correctly if Pangolin was attempting to perform some kind of authentication step before connecting to the resource.
So far I like it, but the “authentication” part seems like something I wouldn’t really be using. But getting my box at home connected to the VPS was a sinch, and I love that. I might add my NAS to it so I can put a client on my laptop so I can access it remotely to map shared drives and such.
You don’t need to use their authentication step. It just makes it easy to expose services that you don’t necessarily have authentication for since it’s acting as both a tunnel and reverse proxy.
I use it to create subdomains and such, also means I don’t need to expose any ports on my home server since the only thing that’s actually exposed is the Pangolin instance on my VPS.
You can run into issues with services that require a consistent domain name since the pangolin record won’t necessarily match your local domain.
Since their authentication is just a layer on top of whatever you have, it means you can be a bit less strict with your internal auth and lean more on their layer to prevent access to login pages that may not be secure. Since all traffic routed through Pangolin will get SSL encryption, it also means you can skip SSL locally if you don’t care about people snooping traffic on your LAN.
Yeah, I just finished migrating everything, and it’s very cool. I’m going to give the clients a spin at some point. It would be cool to be able to map a network folder from my NAS even though I’m away from my home network for example.
I access most of my services via their domain address when at home anyway. Ideally, I’d have some kind of local DNS that would see those domain requests and route them locally, but I’ve never really found a practical solution to that. It feels like I’d be maintaining two reverse proxies to get that done.
To keep the DNS lookup local on your own network, you would need to maintain a separate local reverse proxy. That can be used to drive the Pangolin proxy though by just using the domain name defined in the local proxy since the newt instance is checking your local domain on the reverse side.
That way you don’t need to use IP addresses in your pangolin instance and can use domains defined by your local proxy.