docs: add new Access Control and Logs documentation pages
- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages). - Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs). - Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition. Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
@@ -0,0 +1,239 @@
|
||||
> ## Documentation Index
|
||||
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
|
||||
> Use this file to discover all available pages before exploring further.
|
||||
|
||||
# Install Sites
|
||||
|
||||
> Install Newt as a binary or Docker container
|
||||
|
||||
<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
|
||||
<Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
|
||||
Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
|
||||
</Card>
|
||||
</div>
|
||||
|
||||
Newt can be installed as either a static binary executable or a Docker container. You must first create a site and copy
|
||||
the Newt config in Pangolin before running Newt.
|
||||
|
||||
## Binary Installation
|
||||
|
||||
### Quick Install (Recommended)
|
||||
|
||||
Use this command to automatically install Newt. It detects your system architecture automatically and always pulls the
|
||||
latest version, adding Newt to your PATH:
|
||||
|
||||
```bash theme={null}
|
||||
curl -fsSL https://static.pangolin.net/get-newt.sh | bash
|
||||
```
|
||||
|
||||
#### Windows
|
||||
|
||||
If you would like to use Newt on Windows as a service or with clients, wintun.dll is sometimes required. Please use
|
||||
latest installer from [GitHub releases](https://github.com/fosrl/newt/releases/latest).
|
||||
|
||||
### Manual Download
|
||||
|
||||
Binaries for Linux, macOS, and Windows are available in
|
||||
the [GitHub releases](https://github.com/fosrl/newt/releases/latest) for ARM and AMD64 (x86\_64) architectures.
|
||||
|
||||
Download and install manually:
|
||||
|
||||
```bash theme={null}
|
||||
wget -O newt "https://github.com/fosrl/newt/releases/download/{version}/newt_{architecture}" && chmod +x ./newt
|
||||
```
|
||||
|
||||
<Note>
|
||||
Replace `{version}` with the desired version and `{architecture}` with your architecture. Check the [release notes](https://github.com/fosrl/newt/releases) for the latest information.
|
||||
</Note>
|
||||
|
||||
### Running Newt
|
||||
|
||||
Run Newt with the configuration from Pangolin:
|
||||
|
||||
```bash theme={null}
|
||||
newt \
|
||||
--id 31frd0uzbjvp721 \
|
||||
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
|
||||
--endpoint https://app.pangolin.net
|
||||
```
|
||||
|
||||
### Systemd Service
|
||||
|
||||
Create a basic systemd service:
|
||||
|
||||
```ini title="/etc/systemd/system/newt.service" theme={null}
|
||||
[Unit]
|
||||
Description=Newt
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/newt --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://app.pangolin.net
|
||||
Restart=always
|
||||
User=root
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
<Warning>
|
||||
Make sure to move the binary to `/usr/local/bin/newt` before creating the service!
|
||||
</Warning>
|
||||
|
||||
## Docker Installation
|
||||
|
||||
### Pull the Image
|
||||
|
||||
Pull the latest Newt image from Docker Hub:
|
||||
|
||||
```bash theme={null}
|
||||
docker pull fosrl/newt:latest
|
||||
```
|
||||
|
||||
### Run with Docker
|
||||
|
||||
Run Newt with CLI arguments from Pangolin:
|
||||
|
||||
```bash theme={null}
|
||||
docker run -it fosrl/newt --id 31frd0uzbjvp721 \
|
||||
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
|
||||
--endpoint https://app.pangolin.net
|
||||
```
|
||||
|
||||
### Docker Compose
|
||||
|
||||
#### Environment Variables (Recommended)
|
||||
|
||||
```yaml title="docker-compose.yml" theme={null}
|
||||
services:
|
||||
newt:
|
||||
image: fosrl/newt
|
||||
container_name: newt
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PANGOLIN_ENDPOINT=https://app.pangolin.net
|
||||
- NEWT_ID=2ix2t8xk22ubpfy
|
||||
- NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2
|
||||
```
|
||||
|
||||
#### Config File Injected as Compose Secret
|
||||
|
||||
A safer but slightly more complex way is to use [Compose Secrets](https://docs.docker.com/compose/how-tos/use-secrets/).
|
||||
First, create a `JSON` file containing your configuration:
|
||||
|
||||
```json title="newt-config.secret" theme={null}
|
||||
{
|
||||
"id": "2ix2t8xk22ubpfy",
|
||||
"secret": "nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2",
|
||||
"endpoint": "https://app.pangolin.net",
|
||||
"tlsClientCert": ""
|
||||
}
|
||||
```
|
||||
|
||||
Then register and reference the secret in your `docker-compose.yml`:
|
||||
|
||||
```yaml title="docker-compose.yml" theme={null}
|
||||
services:
|
||||
newt:
|
||||
image: fosrl/newt
|
||||
container_name: newt
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- CONFIG_FILE=/run/secrets/newt-config
|
||||
secrets:
|
||||
- newt-config
|
||||
|
||||
secrets:
|
||||
newt-config:
|
||||
file: ./newt-config.secret
|
||||
```
|
||||
|
||||
This allows you to separate sensitive secrets from plain configuration, improving security when storing or sharing your
|
||||
`docker-compose.yml` anywhere else.
|
||||
|
||||
#### CLI Arguments
|
||||
|
||||
```yaml title="docker-compose.yml" theme={null}
|
||||
services:
|
||||
newt:
|
||||
image: fosrl/newt
|
||||
container_name: newt
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- --id 31frd0uzbjvp721
|
||||
- --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
|
||||
- --endpoint https://app.pangolin.net
|
||||
```
|
||||
|
||||
Start the service:
|
||||
|
||||
```bash theme={null}
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## Platform-Specific Installation
|
||||
|
||||
### Unraid
|
||||
|
||||
Newt is available in the Unraid Community Applications store. Search for "Newt" and follow the installation prompts.
|
||||
Enter the ID, secret, and endpoint from Pangolin in the template fields.
|
||||
|
||||
<Frame caption="Newt available in Unraid Community Applications store">
|
||||
<img src="https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=c726d330c8c27969304ed49fcab0d0a2" alt="Newt on CA" data-og-width="1142" width="1142" data-og-height="746" height="746" data-path="images/unraid_store.png" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=280&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=011fb8e63da725aa4f054d4373eaa17f 280w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=560&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=27593e79ed245aeca68a55b4a63886b7 560w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=840&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=1f2e1e6c26434cc78d7aba1cc9a8c6a0 840w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=1100&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=184ed00cc2e9687f0c89e227331aaac1 1100w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=1650&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=f9a654ed532cbddaf48f5369a638e987 1650w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/unraid_store.png?w=2500&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=db5abf30d3b912ca0776e78388ae702e 2500w" />
|
||||
</Frame>
|
||||
|
||||
### Portainer and Other UIs
|
||||
|
||||
Container management UIs like Portainer typically allow passing commands and environment variables to containers similar
|
||||
to Docker Compose. Look for a commands or arguments configuration section and follow the relevant guides.
|
||||
|
||||
### Windows Service
|
||||
|
||||
On Windows, newt can to be installed and run as a Windows service to remain persistent.
|
||||
|
||||
#### Service Management Commands
|
||||
|
||||
```
|
||||
# Install the service
|
||||
newt.exe install
|
||||
|
||||
# Start the service
|
||||
newt.exe start
|
||||
|
||||
# Stop the service
|
||||
newt.exe stop
|
||||
|
||||
# Check service status
|
||||
newt.exe status
|
||||
|
||||
# Remove the service
|
||||
newt.exe remove
|
||||
|
||||
# Show help
|
||||
newt.exe service-help
|
||||
```
|
||||
|
||||
Note running the service requires credentials in `%PROGRAMDATA%\newt\newt-client\config.json`.
|
||||
|
||||
#### Service Configuration
|
||||
|
||||
When running as a service, newt will read configuration from environment variables or you can modify the service to
|
||||
include command-line arguments:
|
||||
|
||||
1. Install the service: `newt.exe install`
|
||||
2. Set the credentials in `%PROGRAMDATA%\newt\newt-client\config.json`. Hint: if you run newt once with --id and
|
||||
--secret this file will be populated!
|
||||
3. Start the service: `newt.exe start`
|
||||
|
||||
#### Service Logs
|
||||
|
||||
When running as a service, logs are written to:
|
||||
|
||||
* Windows Event Log (Application log, source: "newtWireguardService")
|
||||
* Log files in: `%PROGRAMDATA%\newt\logs\newt.log`
|
||||
|
||||
You can view the Windows Event Log using Event Viewer or PowerShell:
|
||||
|
||||
```powershell theme={null}
|
||||
Get-EventLog -LogName Application -Source "newtWireguardService" -Newest 10
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user