| ▲ | fossorialowen 4 days ago |
| Hello Eveyone, this is the other maintainer here. Just wanted to add some more detail about the other components of this system: Pangolin uses Traefik under the hood to do the actual HTTP proxying. A plugin, Badger, provides a way to authenticate every request with Pangolin. A second service, Gerbil, provides a WireGuard management server that Pangolin can use to create peers for connectivity. And finally, there is Newt, a CLI tool and Docker container that connects back to Gerbil with WireGuard fully in user space and proxies your local resources. This means that you do not need to run a privileged process or container in order to expose your services! |
|
| ▲ | PeterStuer 4 days ago | parent | next [-] |
| Been using this for a few months for serving from home with a tiny VPS at Hetzner tunneling the traffic to Newt behind my home firewall. My experience went very smooth and stable. The one issue I thought I had turned out to be not related to Pangolin at all. https://github.com/orgs/fosrl/discussions/950 |
| |
| ▲ | v5v3 4 days ago | parent [-] | | What's Newt? | | |
| ▲ | PeterStuer 4 days ago | parent [-] | | Newt ( https://github.com/fosrl/newt ) is a custom userspace Wireguard client that you run on the 'edge server' side (typically behind your home firewall) that is part of the Pangolin system. It reaches out to your Pangolin server (typically hosted on a small VPS with a static IP) and will take care of negotiating the Wireguard tunnel and managing dispatch to the different services you exposed and mapped on your LAN. Easiest way to understand the full stack is to have a look at https://docs.fossorial.io/Getting%20Started/overview wich includes a nice System Overview Diagram. |
|
|
|
| ▲ | oulipo 4 days ago | parent | prev | next [-] |
| Would be nice if there were a mini-tutorial in the doc for each of the use-cases you mention here, so we could quickly test it and see if it helps |
| |
|
| ▲ | hardwaresofton 4 days ago | parent | prev | next [-] |
| > Pangolin uses Traefik under the hood to do the actual HTTP proxying. Traefik is awesome, and one of the biggest reasons is it's extensibility and robustness. It absolutely does not get enough attention! |
| |
| ▲ | jtbaker 4 days ago | parent [-] | | I’m using it as my ingress controller on my K3S homelab and it has definitely been a nice DX so far. The one thing I haven’t been able to figure out how to do with it is do compression (gzip/br/zstd) there, so I’m handling it in the application layer, which feels suboptimal. Any tips? Seems like a table stakes sort of feature in the space that shouldn’t be too hard to implement. | | |
| ▲ | hardwaresofton 4 days ago | parent [-] | | Did the compress middleware not work for you? https://doc.traefik.io/traefik/middlewares/http/compress/ Are you trying to compress the request that has already come in to your cluster? I'm not sure there's a ton of value to be extracted there, since the requests have already made their way across the internet uncompressed to your ingress point. If there's a "long way" to go after hitting your ingress controller then maybe there's something to be gained... |
|
|
|
| ▲ | 1vuio0pswjnm7 3 days ago | parent | prev [-] |
| The official traefik v3.4.4 amd64 binary from Github is only 207MB. https://github.com/traefik/traefik/releases/expanded_assets/... |
| |
| ▲ | FuriouslyAdrift 3 days ago | parent [-] | | An entire docker image for HAProxy is only 41 MB... deb is 1.6 MB | | |
| ▲ | 1vuio0pswjnm7 3 days ago | parent | next [-] | | I compile static-pie HAproxy binaries using different TLS libraries. Size varies a little based on the versions and compile-time options for those libraries For example, max sizes for the largest and smallest TLS libraries I have tried OpenSSL 9.0MB WolfSSL 4.6MB OpenSSL bloat is unfortunate Does Traefik allow any TLS libraries other than OpenSSL | |
| ▲ | sgarland 3 days ago | parent | prev [-] | | Welcome to modern development, where no one gives a shit about binary size. It’s awful. |
|
|
