Comment on Safely exposing services to the Internet
Australis13@fedia.io 1 day agoYeah, I don't like the thought of worrying about vulnerabilities either, hence my asking this question!
I haven't heard of Pangolin cloud before -- I'm assuming this is a competitor to tailscale. Are you self-hosting it or using one of their paid plans, and if you're self-hosting, how hard was it to set up?
ClownStatue@piefed.social 1 day ago
Pangolin handles proxying (it runs traefik under the hood) and cloudflare-like protection (crowdsec). I did self-hosting it, but the free tier does what I need.
It does set up a wireguard tunnel between itself and the Newt resources you set up. That’s hard for proxy traffic. I have Tailscale set up for any other traffic between my resources.
I asked a similar question as you a few months ago (I think in this community), and one of the responses kind of put the fear in me. I went forward anyway, and never really did anything with my VPS. I’m still setting this new arrangement up, but so far really happy with it.
Australis13@fedia.io 1 day ago
Thanks. I think I'll need to do a bit more reading - I have no experience with any of the wireguard technologies (my VPN experience is with OpenVPN and enterprise-grade networking hardware that uses IPsec tunnels), but Pangolin's abilities do sound useful.
I guess I need to work out if something like tailscale (as per one of the other comments) set up on just the small group I want to share with will do the job, or whether I really need to expose services to the Internet and hence would benefit from a VPS with something like Pangolin.
ClownStatue@piefed.social 16 hours ago
If you’re not going the VPS route it’s even easier. Pangolin handles the wireguard tunnel for you with a docket container running newt. Very straightforward.
My goals have been:
There’s plenty of YT stuff out there for Pangolin, but I haven’t seen a lot for their cloud service. Personally, I prefer it to self-hosting it. Similar to tailscale, the free tier meets my needs, and their security team is (hopefully) more competent and better staffed than… me.
Of course, you get what you pay for, but I see this as a similar position as Tailscale & Cloudflare. With my free account, I’m piggy-backing off the security infrastructure of their enterprise offerings. Obviously I don’t get all the fine-grained controls of those tiers, but like the other two companies, they have a reputation to uphold, and from that perspective a breech is a breech. Even if it only affects free tier users, it makes them look bad.
Australis13@fedia.io 12 hours ago
That sounds like it may be a good fit for my use case, then. Thanks again and I'll definitely look into it!