Pangolin is a reverse proxy that provides identity-aware tunneling capabilities. In that way, pangolin serves as a self-hosted alternative to Cloudflare’s tunnels. Pangolin uses the open source library newt to establish these tunnels from the edge proxy into a network.
Newt as a systemd service
Install newt
curl -fsSL https://digpangolin.com/get-newt.sh | bash
Create user and setup directories
sudo useradd -r -s /bin/false newt
sudo mkdir -p /var/lib/newt
sudo chown newt:newt /var/lib/newt
Add systemd service, create this file at /etc/systemd/system/newt.service
[Unit]
Description=Newt Client Service
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Type=simple
ExecStart=/usr/local/bin/newt --id YOUR_NEWT_ID --secret YOUR_NEWT_SECRET --endpoint YOUR_PANGOLIN_ENDPOINT
Restart=always
RestartSec=10
# Security hardening options
User=newt
Group=newt
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ReadWritePaths=/var/lib/newt
[Install]
WantedBy=multi-user.target
Reload and start service
sudo systemctl daemon-reload
sudo systemctl enable newt
sudo systemctl start newt