Pangolin 1.18 is a big one. This release adds HTTPS support for private resources, multi-site high-availability routing, uptime tracking, a flexible alerting system, wildcard resources, and more. Let's walk through everything.
Private HTTP is a new kind of private resource designed for web workloads. It works like a public resource in that it gets a real domain name on your Pangolin-managed domain and traffic flows through a reverse proxy with valid TLS, but it's only reachable when the user has an active Pangolin client connection. Nothing is exposed on the public internet.
When a connected user opens the URL in their browser, Pangolin resolves the name through the tunnel, the site-side reverse proxy terminates TLS using a certificate provisioned by the control plane, and the request is forwarded to your backend. The scheme and destination port are both configurable. If you've been approximating this with aliases and non-standard ports, private HTTP is the cleaner answer!
Read more about HTTPs on private resources in the docs.
Private resources now support multiple sites. Attach more than one site connector to a resource and Pangolin routes client traffic through whichever path is best at the time, weighing factors like latency and availability. If a site goes offline, clients automatically fail over to the next available site with no manual reconfiguration needed.
A common pattern is redundant connectors into the same network. Install a Pangolin site on two servers in the same LAN, attach both to your private resource, and you have a resilient path in. One connector goes down and users stay connected through the other.
The one requirement is that every site you attach must have routable access to the resource's destination. Pangolin assumes any site in the list is a valid path to the same backend, so confirm reachability before adding a site. Expect a short gap of a few seconds during failover while the downed site is registered and routing changes propagate to clients.
Read more about multi-site routing on private resources in the docs.
Sites and resources now track uptime. You'll see uptime history on site and resource detail pages, giving you a quick at-a-glance view of recent availability. This also serves as the jumping-off point for creating alert rules. More on that below!
Pangolin now supports standalone health checks that aren't tied to any resource. Pick a site to run the probe from, give it a target, choose HTTP or TCP, configure your timing and thresholds, and Pangolin continuously checks whether that endpoint is reachable from the site's network.
This is useful for anything you want to monitor but haven't modeled as a Pangolin resource such as a network printer, an IP camera, a PLC, a legacy server. HTTP checks issue a full request and validate the response; TCP checks simply confirm a connection can be established on a given port.
Read more about health checks in the docs.
Alert rules let you subscribe to state changes across sites, resources, and health checks and automatically deliver notifications when something happens. Setup involves three steps: choose a source (what to watch), a trigger (which change should fire the rule), and one or more actions (what to do).
Actions include email to users, roles, or arbitrary addresses; webhooks that POST a JSON payload to any URL; and native integrations with PagerDuty, Opsgenie, ServiceNow, and incident.io. You can stack multiple actions on the same rule.
You can create rules from the Alert rules page under Alerting, or jump directly from a site or resource detail page using the Create alert rule shortcut near the uptime graph.
Read more about alert rules in the docs.
Public resources now support wildcard subdomains. Set the subdomain field to * and Pangolin routes every hostname at that level through the same resource and tunnel. Access rules and authentication apply across all matched hostnames, and the original Host header is preserved so downstream systems can continue routing as expected.
Wildcards require TLS certificates that cover *.your-level, which means DNS-01 validation. HTTP-01 can only prove a single exact hostname. For self-hosted Pangolin, configure Traefik and Let's Encrypt for DNS-01 and set up wildcard DNS records. For Pangolin Cloud, use a domain delegation and Pangolin handles the certificates automatically.
Read more about wildcard resources in the docs.
A handful of smaller but worthwhile additions made it into 1.18 as well:
As always, this release also includes various other UI improvements and bug fixes throughout the product.
1.18 brings features that connect to each other in meaningful ways: health checks feed into alerting, uptime feeds into alerting, multi-site routing feeds into high availability. We're excited to see how you put it all together!
If you haven't starred us on GitHub yet, it genuinely helps keep us motivated.
Give us a star: https://github.com/fosrl/pangolin
Stay tuned!
