graph TB
subgraph Internet
VPS[VPS with Pangolin]
CF[DNS Provider]
end
subgraph "Home Network"
Router
subgraph "Home Server"
NEWT[Newt Client]
subgraph "Hypervisor (Proxmox/Unraid/TrueNAS)"
VM1[Web Apps]
VM2[Media Server]
VM3[Home Automation]
CT1[Container Services]
end
end
end
Router -- "No Port Forward Needed" --> Internet
VPS <--> CF
VPS <-- "WireGuard Tunnel" --> NEWT
NEWT --> VM1
NEWT --> VM2
NEWT --> VM3
NEWT --> CT1
style VPS fill:#f9f,stroke:#333,stroke-width:4px
style NEWT fill:#bbf,stroke:#333,stroke-width:2px
Unlocking Your Home Lab’s Full Potential with Pangolin
Part 1: Understanding Pangolin and Its Benefits for Home Users
Pangolin is a game-changing self-hosted tunneled reverse proxy system that solves many common challenges faced by home lab enthusiasts. Think of it as your own private Cloudflare Tunnels, but with complete control over your infrastructure. For home users running Proxmox, Unraid, or TrueNAS, Pangolin offers a powerful way to securely expose your services to the internet without the typical headaches of port forwarding, dynamic DNS, or complex VPN setups.
Part 2: Common Home Lab Challenges Solved by Pangolin
Traditional home lab setups often face several hurdles that Pangolin elegantly addresses:
-
CGNAT and Port Forwarding: Many ISPs use Carrier-Grade NAT or block port forwarding, making it difficult to access your services from outside. Pangolin bypasses this entirely by establishing an outbound tunnel.
-
Dynamic IP Addresses: Home internet connections typically have dynamic IPs that change periodically. Pangolin eliminates this concern by maintaining a stable connection to your VPS.
-
Security Concerns: Opening ports on your router creates potential security vulnerabilities. Pangolin keeps your network closed while still allowing secure access to specific services.
-
Authentication Management: Managing different authentication systems for various services can be cumbersome. Pangolin provides centralized authentication and access control.
Part 3: Real-World Implementation Examples
Let’s explore three practical scenarios where Pangolin shines in a home lab environment:
Scenario 1: Media Server Access
Imagine you’re running a Plex or Jellyfin server on Unraid. Instead of opening port 32400 and dealing with remote access settings, you can:
- Deploy Newt on your Unraid server
- Create a resource in Pangolin pointing to your media server
- Access it securely through a subdomain like
plex.yourdomain.com
Scenario 2: Home Automation Dashboard
For a Home Assistant installation running in Proxmox:
- Configure Newt to connect to your Pangolin instance
- Create a secure resource for Home Assistant
- Access your dashboard at
home.yourdomain.comwith Pangolin’s SSO
Scenario 3: Development Environment
When running development services on TrueNAS:
- Use Pangolin to expose multiple services like GitLab, Jenkins, or development databases
- Implement role-based access control for different team members
- Maintain security without exposing your entire network
Part 4: Setting Up Pangolin in Your Environment
The setup process varies slightly depending on your hypervisor of choice:
For Unraid Users:
- Install Newt from the Community Applications store
- Configure with your Pangolin instance credentials
- Create resources in the Pangolin dashboard
For Proxmox Users:
- Create a lightweight container (LXC) or VM for Newt
- Install Newt using Docker or the binary
- Configure networking to access your VMs and containers
For TrueNAS Users:
- Deploy Newt as a Docker container
- Configure access to your jails or VMs
- Set up resources in Pangolin
Part 5: Advanced Features and Best Practices
To get the most out of Pangolin in your home lab:
- Use Wildcard Certificates:
- Configure DNS challenges with your provider
- Enable wildcard certificates in Pangolin
- Enjoy instant SSL for new subdomains
- Implement Role-Based Access:
- Create different roles for family members
- Restrict access based on user needs
- Use temporary share links for guests
- Monitor Usage:
- Track bandwidth usage per tunnel
- Monitor service availability
- Set up alerts for connectivity issues
Part 6: Future-Proofing Your Home Lab
Pangolin’s modular design means your setup can grow with your needs:
- Scaling Capabilities:
- Add multiple sites for different locations
- Expand services without reconfiguring networking
- Integrate with existing authentication systems
- Disaster Recovery:
- Keep configurations in version control
- Maintain backup VPS instances
- Document your setup for quick recovery
The true power of Pangolin lies in its ability to transform a complex home lab environment into a professionally managed infrastructure without the traditional overhead. Whether you’re running a small media server or a complex development environment, Pangolin provides the security, accessibility, and management features needed for a modern home lab setup.
Remember to regularly update both your Pangolin instance and Newt clients to benefit from the latest security features and improvements. With proper setup and maintenance, Pangolin can serve as the cornerstone of your home lab’s networking infrastructure.
sequenceDiagram
participant U as User
participant T as Traefik
participant B as Badger
participant P as Pangolin
participant N as Newt
participant S as Service
U->>T: Request service.yourdomain.com
T->>B: Check authentication
B->>P: Verify session
alt No valid session
P->>U: Redirect to login
U->>P: Login credentials
P->>U: Set session cookie
U->>T: Request with cookie
end
B->>P: Validate session
P->>B: Session valid
T->>N: Forward request
N->>S: Access service
S->>U: Service response
Note over T,B: Badger ensures all requests are authenticated
Note over N,S: Newt proxies traffic through secure tunnel