docs: add new Access Control and Logs documentation pages
- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages). - Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs). - Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition. Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
@@ -0,0 +1,109 @@
|
||||
> ## Documentation Index
|
||||
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
|
||||
> Use this file to discover all available pages before exploring further.
|
||||
|
||||
# How Pangolin Works
|
||||
|
||||
> Learn about the fundamentals of Pangolin and how they work together to provide simple and secure remote access.
|
||||
|
||||
<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
|
||||
<Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
|
||||
Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
|
||||
</Card>
|
||||
</div>
|
||||
|
||||
## Basic Steps
|
||||
|
||||
<Steps>
|
||||
<Step title="Link remote networks with sites">
|
||||
Join remote networks together using site connectors. Pangolin's lightweight connectors use intelligent routing and NAT traversal to make any network anywhere available.
|
||||
</Step>
|
||||
|
||||
<Step title="Define resources">
|
||||
Create resources that represent services or entire network ranges available for remote access. Resources can be public or fully private.
|
||||
</Step>
|
||||
|
||||
<Step title="Users access resources">
|
||||
Authenticated users can access resources anywhere using a web browser or when connected with a Pangolin client on their device.
|
||||
</Step>
|
||||
</Steps>
|
||||
|
||||
## Key Concepts
|
||||
|
||||
Pangolin relies on several components that work together to provide secure remote access. Each component has a specific
|
||||
role in ensuring that only authenticated users can access the resources they are authorized to use.
|
||||
|
||||
### Pangolin Server
|
||||
|
||||
The Pangolin server is the central coordination component for your network. It stores configuration changes, manages
|
||||
access policies, and coordinates connections between clients and sites. The server handles user authentication and
|
||||
generates access control lists that determine what resources each user can reach.
|
||||
|
||||
You can use Pangolin Cloud, which is fully managed, or you can self-host your own Pangolin server for complete control
|
||||
over your infrastructure and data.
|
||||
|
||||
<Card title="Read about how to self-host Pangolin" icon="server" href="/self-host/quick-install">
|
||||
Learn how to deploy your own self-hosted Pangolin server or use Pangolin Cloud.
|
||||
</Card>
|
||||
|
||||
### Sites
|
||||
|
||||
Sites connect remote networks to your Pangolin server. They use Newt connectors to create secure tunnels from remote
|
||||
networks back to Pangolin. Sites let you expose resources on those networks to authorized users.
|
||||
|
||||
Sites run behind firewalls on remote networks. They maintain outbound connections to the Pangolin server. By default,
|
||||
sites block all traffic until you define resources and grant access. This ensures that just deploying a site does not
|
||||
expose any network resources.
|
||||
|
||||
The Newt connector handles tunnel creation, NAT traversal, and routing. It makes remote networks available without
|
||||
requiring complex firewall rules or public IP addresses.
|
||||
|
||||
<Card title="Read more about sites" icon="plug" href="/manage/sites/understanding-sites">
|
||||
Learn about sites, how they work, and how to install and configure them.
|
||||
</Card>
|
||||
|
||||
### Resources
|
||||
|
||||
Resources are the applications, hosts, or network ranges you make available to users. They exist on sites and represent
|
||||
what users can access. Users connect to resources, not to sites directly.
|
||||
|
||||
There are two types of resources. Public resources work through web browsers and act as reverse proxies to backend
|
||||
services. Private resources require a client connection and function like a zero-trust VPN.
|
||||
|
||||
You must define resources and assign access before users can reach them. By default, no resources are available on
|
||||
sites. This ensures that only explicitly defined resources can be accessed.
|
||||
|
||||
<Card title="Read more about resources" icon="link" href="/manage/resources/understanding-resources">
|
||||
Learn about public and private resources and how to create them.
|
||||
</Card>
|
||||
|
||||
### Clients
|
||||
|
||||
Clients are software components installed on user devices or machines. They let users and automated systems connect to
|
||||
your Pangolin network and access private resources through a secure tunnel.
|
||||
|
||||
Users authenticate through the client using their accounts. Machines connect with credentials. Once connected, users can
|
||||
reach all resources their account has access to. The client handles routing decisions and establishes encrypted tunnels
|
||||
to the appropriate sites.
|
||||
|
||||
Clients are available for Mac, Windows, and Linux. They work transparently with applications, so no application
|
||||
configuration is required.
|
||||
|
||||
<Card title="Read more about clients" icon="desktop" href="/manage/clients/understanding-clients">
|
||||
Learn about clients and where to download them for Mac, Windows, and Linux.
|
||||
</Card>
|
||||
|
||||
### Remote Nodes
|
||||
|
||||
Remote nodes are self-hosted Pangolin servers that you control while using Pangolin Cloud
|
||||
or [Enterprise Edition](/self-host/enterprise-edition) for management and coordination. You maintain complete control
|
||||
over your infrastructure and data flow, while the cloud handles the control plane, DNS, certificate management, and
|
||||
backups.
|
||||
|
||||
You can deploy multiple remote nodes for high availability and automatic failover. If your nodes become unavailable,
|
||||
traffic can optionally fail over to cloud infrastructure until you restore service.
|
||||
|
||||
<Card title="Read more about remote nodes" icon="circle-nodes" href="/manage/remote-node/nodes">
|
||||
Learn about remote nodes and how they provide high availability and simplified operations.
|
||||
</Card>
|
||||
|
||||
@@ -0,0 +1,89 @@
|
||||
> ## Documentation Index
|
||||
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
|
||||
> Use this file to discover all available pages before exploring further.
|
||||
|
||||
# Pangolin vs. Reverse Proxy vs. VPN
|
||||
|
||||
> What are the similarities and differences between Pangolin and traditional reverse proxies and VPNs?
|
||||
|
||||
<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
|
||||
<Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
|
||||
Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
|
||||
</Card>
|
||||
</div>
|
||||
|
||||
Pangolin combines the capabilities of both a reverse proxy and a VPN into a single platform. It provides reverse proxy
|
||||
functionality through public resources and VPN functionality through private resources, all with zero-trust access
|
||||
control and distributed architecture.
|
||||
|
||||
## What Each Solution Provides
|
||||
|
||||
**Reverse Proxies** expose web applications to the internet. They handle SSL termination, load balancing, and basic
|
||||
authentication. Users access applications through web browsers using domain names.
|
||||
|
||||
**VPNs** create encrypted tunnels that give users access to entire private networks. Users install client software and
|
||||
connect to a VPN server. Once connected, they can access any resource on the network they have network-level access to.
|
||||
|
||||
**Pangolin** provides both capabilities. Public resources work like a reverse proxy, allowing browser-based access to
|
||||
specific applications. Private resources work like a zero-trust VPN, giving users access to specific hosts or network
|
||||
ranges when connected with a client.
|
||||
|
||||
## Reverse Proxy Capabilities
|
||||
|
||||
Pangolin's public resources function as reverse proxies. They expose web applications through domain names with
|
||||
automatic SSL certificates. Users access these resources through web browsers without installing any software.
|
||||
|
||||
Public resources support identity-aware access control. You can require authentication, enforce multi-factor
|
||||
authentication, and create rules based on user identity, roles, geographic location, IP addresses, and URL paths. This
|
||||
goes beyond what traditional reverse proxies offer.
|
||||
|
||||
Unlike traditional reverse proxies, Pangolin does not require public IP addresses or open ports on your network. Sites
|
||||
create outbound tunnels to Pangolin, so your applications remain behind firewalls.
|
||||
|
||||
## VPN Capabilities
|
||||
|
||||
Pangolin's private resources function like a zero-trust VPN. Users install a Pangolin client on their device and connect
|
||||
to your organization. Once connected, they can access the specific hosts or network ranges you have granted them access
|
||||
to.
|
||||
|
||||
Private resources provide granular access control. Users only get access to the specific resources you define, not
|
||||
entire networks. This reduces the risk of over-permission that comes with traditional VPNs.
|
||||
|
||||
Clients work transparently with applications. No application configuration is required. Users connect once and can
|
||||
access all their authorized resources. The client handles routing and establishes encrypted tunnels automatically.
|
||||
|
||||
## Why Pangolin Combines Both
|
||||
|
||||
Many organizations need both reverse proxy and VPN capabilities. You might want to expose web applications to users
|
||||
through browsers while also providing secure access to databases, SSH servers, or internal services that require a
|
||||
VPN-like connection.
|
||||
|
||||
With Pangolin, you use one platform for both use cases. Public resources handle web application access. Private
|
||||
resources handle VPN-like access. Both use the same authentication system, access control policies, and infrastructure.
|
||||
|
||||
This unified approach simplifies management. You configure users, roles, and access policies once. Those policies apply
|
||||
to both public and private resources. You do not need to maintain separate systems for reverse proxy and VPN access.
|
||||
|
||||
## Infrastructure and Availability
|
||||
|
||||
Traditional reverse proxies and VPNs typically run on a single server. If that server fails, all access is lost. They
|
||||
also require public IP addresses and open ports, which adds complexity and security concerns.
|
||||
|
||||
Pangolin uses a distributed architecture with multiple nodes. If one node fails, traffic automatically routes to another
|
||||
node. Sites create outbound tunnels, so your networks do not need public IP addresses or open ports.
|
||||
|
||||
You can deploy multiple remote nodes for high availability. If your nodes become unavailable, traffic can optionally
|
||||
fail over to cloud infrastructure until you restore service. This provides redundancy that single-server solutions
|
||||
cannot match.
|
||||
|
||||
## When to Use Each Solution
|
||||
|
||||
Use a traditional reverse proxy if you only need to expose web applications, you have a public IP address, and you do
|
||||
not need advanced access control or high availability.
|
||||
|
||||
Use a traditional VPN if you need full network access, you can accept the security risks of broad access, and you do not
|
||||
need application-specific access control.
|
||||
|
||||
Use Pangolin if you need both reverse proxy and VPN capabilities, you want granular access control, you need high
|
||||
availability, or you want to avoid public IP addresses and open ports.
|
||||
|
||||
Reference in New Issue
Block a user