Releases: fosrl/pangolin
1.0.0-beta.14
What's Changed
Mostly hotfixes coming off the 1.0.0-beta.13 release:
- Allow more special characters in rules
- Router refresh after clicking save to invalidate browser page cache
- Fix SQL FK constraint error that occurred when resetting password with 2Fa
- Allow underscores in target hostname (needed for Docker networks)
- Add IPv6 CIDR validation in rules middleware check
Full Changelog: 1.0.0-beta.13...1.0.0-beta.14
How to Update
Important
Always backup your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
1.0.0-beta.13
What's Changed
- Resource access control rules for IPs, IP ranges, and URL path matching
- Add code snippets for Newt Docker commands in create site workflow
- Fix table row limit selector so it works
- Fix toast dismissal causing components to refresh
- Implement separate stricter rate limit on verify email and reset password request endpoints
- Allow more special characters in password
Full Changelog: 1.0.0-beta.12...1.0.0-beta.13
Access Control Rules
There are many use cases for access control rules. One of which is allowing mobile clients to interact with your service's API without getting redirected to authentication. This lets you require authentication when accessing from a browser and also allow the mobile client to connect. The below screenshot shows an example using Vaultwarden by allowing specific URL path patterns to bypass authentication.
How to Update
Always backup your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
1.0.0-beta.12
feeeba5
miloschwartz
Milo Schwartz
What's Changed
- Allow resources to use the base domain if
allow_base_domain_resourcesflag is set - Add ability to transfer resource to different site
- Support using IP address in Gerbil's
base_endpointfield - Create resource dialog resets upon closing
- Fix bug preventing updating raw TCP/UDP port on existing resource
- Fix "Authentication" column sorting on resources table
- Use Traefik v3.3.3 in the installer
- Add Docker network config to docker compose for installer
New Contributors
- @synologyy made their first contribution in #120
- @j4n-e4t made their first contribution in #64
Full Changelog: 1.0.0-beta.11...1.0.0-beta.12
Cloudflare Proxy ON
We tested and can confirm that you can enable the Cloudflare Proxy (orange cloud) on your DNS records for Pangolin. You should setup wildcard certificates with your Cloudflare API keys and use Full (Strict) SSL mode. Read more on how to configure here.
Note: You're bound by the Cloudflare terms of service as soon as you enable the proxy.
How to Update
Always backup your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Contributors
Assets 4
1.0.0-beta.11
What's Changed
Some more hotfixes:
- Fix filtering issue causing resources on local sites not to resolve
- Allow comma in passwords
- Fix migration ordering in auto migration script
Full Changelog: 1.0.0-beta.10...1.0.0-beta.11
1.0.0-beta.10
What's Changed
These are mostly hotfixes and minor improvements after releasing beta.9.
- Fix bug causing Newts to pull targets for other sites as noted in #117
- Add copy entry point snippet after creating raw TCP/UDP resource
- Remove
secure_cookiesfrom config- Pangolin always prefers to use secure cookies when possible
- Remove quotes around autogenerated
smtp_portin installer - Add dot preceding domain name in create resource form
Full Changelog: 1.0.0-beta.9...1.0.0-beta.10
1.0.0-beta.9
197c797
miloschwartz
Milo Schwartz
What's Changed
- Add support for creating raw TCP/UDP resources
- Support load balancing between multiple targets on a resource
- Refactor resource authentication to use exchange method by passing temporary session token in query param
- Necessary for multi-domain auth (full multi-domain support coming soon)
- Necessary to allow auth http (no-ssl) resources (some browsers still break this)
- Add
resource_session_request_paramto config - Remove
resource_session_cookie_namefrom config
- Make http (no-ssl) resources functional
- Set
readTimeoutin Traefik config to prevent large file transfer limit - Allow using wildcard email in email whitelist, like:
*@example.com - Make emails case-insensitive
- Add
additional_middlewarestotraefiksection of config to allow setting custom middleware to resources - Add log statements for failed authentication attempts
- Enabled by setting
log_failed_attemptstotruein config
- Enabled by setting
- Updates to SMTP section of config
- All fields are not optional allowing use with unauthenticated SMTP server
- Option to set
smtp_secure(defaults tofalse) - Fall back to
smtp_userif nono-repyis set
- Add
dashboard_session_length_hoursandresource_session_length_hoursto allow setting custom session length - Remove permanent redirect from
redirect-to-httpsmiddleware - Surround strings in config with double quotes
- Use ID value in selectors for data-selected
- Log password reset code to console to allow password reset if no SMTP configured (temporary fix)
- Create sqlite db backup before running automated migration script on startup
- Add in-memory caching to authentication middleware very-session requests
Full Changelog: https://github.com/fosrl/pangolin/compare/1.0.0-beta.8..1.0.0-beta.9
Acknowledgements
- We recently opened up our GitHub sponsors page, and thank you to those of you who have already sponsored us!
- Thank you to @hhftechnology for writing a how-to guide to manually configure Crowdsec. We plan to automate this in the future.
- Thank you to @nkkfs for beginning the internationalization process with Polish.
How to Update
Note: The auto migration script included in the updated images should handle automatic migrations. No manual intervention should be required. But just in case, the following are important:
-
Make sure the Badger version is at least
v1.0.0-beta.3in the statictraefik_config.yml -
Make sure you have these set, especially
resource_session_request_param.
server:
...
secure_cookies: true
session_cookie_name: "p_session_token"
resource_access_token_param: "p_token"
resource_session_request_param: "p_session_request"
...- Update Newt to at least
1.0.0-beta.5. This is a requirement but if you plan to use TCP/UDP raw resources.
Contributors
Assets 4
1.0.0-beta.8
d1278c2
oschwartz10612
Owen Schwartz
1.0.0-beta.7
What's Changed
- Add missing
awaitwhen verifying pincode by @mallendeo in #75 - Remove double createHttpError
New Contributors
- @mallendeo made their first contribution in #75
Full Changelog: 1.0.0-beta.6...1.0.0-beta.7
Contributors
Assets 4
1.0.0-beta.6
What's Changed
- Optionally set CORS config in config.yml (see Docs)
- Default CORS settings are more open to allow for insecure local access via http
- Installer will set strict CORS policy
- Optionally set trust proxy in config.yml (see Docs)
- Support for setting some config variables as environment variables (see Docs where marked
Env: ...)- This was introduced to make Unraid setup easier
- Automatically update exit nodes in database to use Gerbil start port from config if changed after the exit node was created
- Optionally attempt to generate (and overwrite) Traefik config files if
GENERATE_TRAEFIK_CONFIGenvironment variable is set- This was introduced to make Unraid setup easier
Full Changelog: 1.0.0-beta.5...1.0.0-beta.6
1.0.0-beta.5
What's Changed
- Ability to create local sites that do not tunnel
- Discussed in #22
- This enables you to use Pangolin and its auth as a normal reverse proxy without WireGuard tunnels
- Create direct share links that do not require client side redirect
- Bootstrap container volume if not already bootstrapped
- Other small enhancements and bug fixes
Full Changelog: 1.0.0-beta.4...1.0.0-beta.5