mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs: add new Access Control and Logs documentation pages

Browse Source 
- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages).
- Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs).
- Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
Stefan Mogeritsch
2026-03-11 11:24:24 +01:00
parent a70f132fd9
commit aa157e82f8
87 changed files with 13163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/01_Architecture/Pangolin/Mange_Pangolin/Resources/Understanding Resources.md
+77
View File
@@ -0,0 +1,77 @@
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
> Use this file to discover all available pages before exploring further.
# Understanding Resources
> Resources are any network address you want to make available to users
<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
<Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
</Card>
</div>
Resources represent the applications, hosts, or ranges you make available for remote access to users. Resources exist on
the remote networks of your sites. Users only ever think about connecting to resources and not specific sites.
By default, no resources are made available on sites. Admins must define resources with backend targets, and assign
specific access policies before any users can gain access.
## Resources Types
There are two types of resources: public resources and private resources.
<CardGroup cols={2}>
<Card title="Public Resources">
* Reverse proxies to backend services
* Optionally have authentication
* Anyone with web browser can access
</Card>
<Card title="Private Resources">
* Zero-trust VPN
* Access to every resource requires authentication
* Users and machines access when connected with a client
</Card>
</CardGroup>
### Public Resources
Public resources are protocol-aware and TCP/UDP proxies to services that are made available to the public internet.
#### HTTPS Resources
Examples of HTTP resources include, APIs, websites, and dashboards. These are served with a fully qualified domain name
and HTTPS with a valid SSL certificate.
All requests go through an authenticated reverse proxy. **Thus, public resources do not require client-side software to
be installed on user devices for access. Anyone with a web browser can access public resources.**
HTTP resources are also identity and context aware, meaning you can create policies and rules to only let certain users,
roles, countries, IPs, CIDRs, etc have access. When users visit an authenticated public resource, they are greeted with
a Pangolin login page where they must complete authentication in order to get to the underlying resource. Therefore,
Pangolin acts as a frontdoor barrier to these resources.
#### Raw TCP/UDP Resources
Raw resources are a way to proxy any TCP and UDP traffic through the Pangolin reverse proxy. Instead of a fully
qualified domain name and certificate, these resources are bound to one or more ports on the Pangolin host.
Since these resources are not protocol aware and are publicly proxied, they do not support identity and context policies
and rules.
### Private Resources
Private resources require users to be connected with Pangolin client in order for them to be accessed. Any TCP and UDP
traffic can be made available.
**Private resources function like a zero-trust virtual private network (VPN).** Explicit access to resources must be
granted for users and roles to be able to access them. For this reason, we recommend using private resources for all raw
TCP/UDP traffic that doesn't need a public proxy, instead of relying on raw TCP/UDP public resources (as discussed
above).
Private resources support single hosts or entire network ranges (CIDR). Private resources can also have internal DNS
alias hostnames assigned for easy, human-readable naming. Users don't choose to connect to specific resources; rather,
when they connect via a client to your organization, they can access all resources their account has access to at once.