Releases: fosrl/pangolin
1.6.0
What's Changed
- Add i18n support for UI translations (initial languages shown below)
- Remove the need for setting
users.server_admin.passwordandusers.server_admin.emailin config - Add onboarding UI on new installs for setting the server admin credentials
- Add
pangctlCLI tool for setting/resetting server admin credentials - Fix bug preventing integration API users from creating raw TCP resources
- Forward headers from server component requests to API
server.trust_proxyin config file supports setting an integer according to the Express.js docs- OIDC usernames are no longer case sensitive
Full Changelog: 1.5.1...1.6.0
How to Update
Warning
For PostgresSQL users coming from version < 1.6.0, please upgrade directly to >=1.6.2, as there is a broken migration script in this version.
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Translations
Pangolin now has i18n support for internationalization! Huge thank you to everyone who worked on this and @Lokowitz for leading this effort.
Tip
We are looking for people to help us manage and review translations. If you're interested, please email us at numbat@fossorial.io.
Translations can always be improved. If you spot an issue, want to enhance an existing translation, or would like to contribute a new language, we welcome all contributions.
pangctl and Admin Credentials
Up until now, the "server admin" credentials were set in the config file or environment variables. Moving forward, new installations of Pangolin will need to go to https://<pangolin-dashboard-domain>/auth/initial-setup set these credentials when first visiting the dashboard.
For those of you updating, we recommend you now remove the users section from the config.yml and remove the environment variables: USERS_SERVERADMIN_PASSWORD and USERS_SERVERADMIN_EMAIL. The migration script will not do this automatically.
Alongside this change, we're introducing pangctl, an internal CLI tool baked into the Pangolin container, to set the email and password if you ever need to change these credentials. Read more about this in the docs.
We plan to add more helpful scripts to this tool as needed in the future.
Contributors
Assets 4
1.5.1
What's Changed
- Sort data in/out correctly in sites table
- Auto apply first container port if none is selected in container selector
- Fix bug causing "Failed to get Docker status" message to appear on some sites
New Contributors
- @thijsvanloef made their first contribution in #867
Full Changelog: 1.5.0...1.5.1
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Contributors
Assets 4
1.5.0
33e2798
miloschwartz
Milo Schwartz
What's Changed
- Add support for PostgresSQL
- See the docs for how to use PostgreSQL with Pangolin
- Import host and port into resource target via Docker socket
- Requires Newt version 1.1.4 or greater
- See the docs for how to configure this functionality
- Pass
Remote-User,Remote-Email, andRemote-Nameto resource via Badger - Add new logo files
- Add GET roles to integration API
- Fix bug improperly splitting port from IPv6 address when evaluating rules
- Bump Traefik version and add log rotation in installer
- Allow installer to run without sudo
New Contributors
- @jpgnz made their first contribution in #779
- @socheatsok78 made their first contribution in #796
- @PrtmPhlp made their first contribution in #817
- @improbableone made their first contribution in #802
- @TheresaQWQ made their first contribution in #831
- @pyrho made their first contribution in #807
Full Changelog: 1.4.0...1.5.0
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Docker Socket
This is a community contribution. Huge thanks to @improbableone for working on this!
Contributors
Assets 4
1.4.0
What's Changed
All features will always be available in BOTH the Community and Professional Edition of Pangolin under a typical dual-license model.
- Enable user auto-provisioning for IdP
- Enable API integration
- Fix bug preventing updating an external user's role
- Sort resources and sites table alphabetically by default
Full Changelog: 1.3.2...1.4.0
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
1.3.2
What's Changed
- Log the OAuth2 claims to the debug logs
- Fix bug where saving TLS server name would reset the custom host header
- Fix bug causing duplicate targets to appear
- Allow root path in rule input
- Set default config options if not present in yaml
Full Changelog: 1.3.1...1.3.2
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
1.3.1
What's Changed
Some small fixes following our 1.3.0 release:
- Add clarification language to supporter program
- Show unprovisioned user username in failed login error message
- Fix bug preventing users from removing custom host header
- Decode URL before for displaying breadcrumbs
- Remove thrown error in IP version check causing rule check failures
Full Changelog: 1.3.0...1.3.1
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Clarification on Professional Edition Rollout
1.3.0
e58d10f
miloschwartz
Milo Schwartz
What's Changed
- Refresh UI and layout
- Add external identity provider support for OAuth2/OIDC providers
- Auto provision users with "Organization Policies"
- Add external integration REST API
- Swagger UI docs
- Ability to generate fine-grained permission API Keys scoped to an organization or the entire server
- Add option to set TLS server name
- Add option to enable sticky sessions for multi-target resources
- Add option to set custom host header
- Add view, cancel, and regenerate user invite page
- Add confetti after entering valid supporter key
- Add Podman commands for Newt in create site wizard
- Add "Professional Edition" licensing system for commercial use
- Obscure PIN input like a password input
- Update dependencies
Full Changelog: 1.2.0...1.3.0
New Contributors
- @Lokowitz made their first contribution in #469
- @grokdesigns made their first contribution in #477
- @Jester0027 made their first contribution in #504
- @TuncTaylan made their first contribution in #515
- @achtnullzwei made their first contribution in #501
- @x86txt made their first contribution in #511
- @vickodin made their first contribution in #582
- @imbavirus made their first contribution in #598
- @michaelfuckner made their first contribution in #610
- @lxfrdl made their first contribution in #612
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
OAuth2/OIDC (External Identity Providers)
We’re excited to share that Pangolin now supports external identity providers. You can integrate any identity provider that supports OAuth2/OIDC. We plan to expand with native support for other platforms over time, as well as continue to bolster and add new authentication and access control tooling. See more in our docs
Adding external identity providers for SSO is NOT a paid feature and is available for free.
Refreshed UI
Alongside that, we’ve also launched a refreshed UI. This new layout is more maintainable, expandable, and aligned with the long-term direction of the project. Importantly, it still maintains a largely consistent user experience. We will continue shipping enhancements on top of this foundation. See screenshots and more here on GitHub.
Professional Edition
The Professional Edition is for businesses and individuals that want to use Pangolin in a commercial environment and require access to dedicated support.
Contributors
Assets 4
1.2.0
What's Changed
- Pass share link access token in headers for authenticated access
- Shorten and prettify share links
- Old share links will still work (
?token=format eventually is deprecated and will eventually be removed in favor of new link format)
- Old share links will still work (
- Add resource visibility toggle on resources table
- Use global table search for all tables to search across multiple columns
- Fix updating admin user email creating new user in system
Full Changelog: 1.1.0...1.2.0
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
5.2k Stars in 90 Days
April 5th (yesterday) marked 90 days from the initial release and announcement of the Pangolin project. In that time the repository has earned more than 5.2k stars! Thank you to everyone for the support and sharing the project!
Access Token in Headers
When you generate a share link, you have the option to pass the underlying access token in headers. If a valid access token is passed in each request from the client, fully authenticated requests are made through the proxy. Similarly, you can pass the access token in a query param on each request.
Note
This feature requires a Badger (Traefik middleware) plugin version of at least v1.1.0. Our auto-migration script will attempt to update this for you.
1.1.0
aabdcea
miloschwartz
Milo Schwartz
What's Changed
- Add new create site wizard
- Add basic implementation of
/adminpanel for server admin controls- To be expanded in the future
- Add "Adopt a Pangolin" supporter program
- Append timestamp to cookie name in attempt to fix redirect loop issue
- Fix broken link to docs in create TCP/UDP resource dialog
prefer_wildcard_certnow respects base-domain resources- Add CrowdSec disclaimer to auto installer
Full Changelog: 1.0.1...1.1.0
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
"Adopt a Pangolin" Supporter Program
Starting with this release, we’ve introduced a Supporter Program for Pangolin.
Pangolin will always be free and open source, but maintaining the project takes a lot of time and resources. To help support ongoing development — including bug fixes, new features, and community support — we’ve added a way for users to directly contribute. We will not use this to paywall features.
If you’d like to support the project, you can purchase a supporter key to remove the support button and other marks from the UI. Afterward, you will get to learn a little bit about your adopted Pangolin!
We know it’s not the most exciting feature, but it helps us keep Pangolin healthy and moving forward.
Learn more about how it works and the available tiers here: https://docs.fossorial.io/supporter-program
New Create Site Wizard
1.0.1
What's Changed
- Return 401 instead of 400 on bad login
- Reset port input after adding target
- Append site name to resource to distinguish resources with same name
- Fix issue causing base domain resource to revert to subdomain resource on save auth methods
- Optimize container size
- Remove support for environment variables overriding config variables
- Remove functionality to automatically generate config files
Full Changelog: 1.0.0...1.0.1
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Attention Unraid Users!
Note
Ignore this if you're only running Newt on Unraid. This is for Unraid users who are running the Pangolin server on Unraid.
We’ve removed the feature that allowed certain configuration variables to be overridden by environment variables, except for the admin email and password. During the beta period, we made substantial changes to the configuration file structure, making it increasingly difficult to maintain compatibility with environment variables. Additionally, we’ve removed the functionality that automatically generated configuration and Traefik files when they were missing, as these features created more confusion than assistance.
From now on, all configuration must be done by manually editing the configuration files. This approach ensures a single source of truth and consistent configuration methods across all deployments, rather than having different methods for Unraid users (environment variables), Docker Compose (config files), etc.
Your existing deployment might break, but migrating is straightforward. Simply remove the old environment variables and update the configuration files according to your preferences. Refer to the documentation for guidance on how to correctly set up these files. The Unraid deploy guide has also been updated to reflect these changes.