This! I couldn't put it in words but this sums it up perfectly. I am using the Webinterface for jellyfin when on the road and I really would love to use the regular client.
this post was submitted on 05 Apr 2026
20 points (85.7% liked)
Selfhosted
58744 readers
666 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Idk why people are downvoting you.
Nobody ever knows. There's never an explanation if the commenter gave inaccurate information, which would be super helpful. It's just 'here, have some down votes.'
Yeah, I have caddy and traefik in front of most of my home-based services, except for a few web UIs like the router's. Pangolin just receives incoming connections and routes them to the correct reverse proxy in the correct VLAN for that service.
I have VLANs to separate services that are more public facing from very private ones that only certain devices should be able to connect to directly. Basically, I have one VLAN for IoT devices that need to connect to the internet often but only certain things should access directly, one for very private things like my NAS, database server, 3D printer, etc, that rarely if ever need access to the internet, one for my personal devices (laptop, desktop, phone, tv) which are behind a pihole for ad blocking, and one guest VLAN for guests, but mostly for my work computer which really likes to snoop.
Pangolin is built on traefik, and does all the reverse proxying I need (X sub-domain goes to Y port on Z home server).
I don't really like the idea of n metroyska reverse proxis, both because conceptually it bothers me, but also because my needs seem simple and doesn't seem like it deserves the extra complexity. The public resource reverse proxy works for everything I have.
I'm looking for a way to configure pangolin, which already routes property, to skip auth when the auth can be provided by the pangolin client.
Yeah get that. I do it because my pangolin is segregated so that if that internet facing layer is penetrated, there's not much else they'll have access to. Similarly, if my WiFi is penetrated, there's just a few devices. And many of my services run on Kubernetes distributed and load balanced across a bunch of cheap devices, so it needs reverse proxying at the ingress anyway. And there are a few other reasons for keeping traffic off of the pangolin server or even the router when it's internal to internal, but still be able to use the single domain name for the service, especially with IPv6 not having static IP addresses quite the same way as IPv4, so not wanting to hard code IP addresses or even port assignments in services that back other services like the database server which originally was just running on the NAS, but switching it over to another system only required changing the internal reverse proxy, not every service that used it. I like abstraction like that.
I may end up doing extra reverse proxies just because complicated configuration is better than complicated use. It kinda feels like there should be a way to do it right in pangolin, it seems like it's right there lol.
I don't think Pangolin can do that. I recently migrated to Netbird but I used to do this:
Set up a reverse proxy in your local homelab, say Nginx Proxy Manager, for internal-use only domains. Then also a DNS server, say Technitium or Pi-hole, to resolve those domains. When connected to Pangolin, you open the whole subnet as a private resource.
Just tested my pangolin client and can see my home IPs fine, but you will need to make sure your pangolin has private resources setup as well as public
How do you set up private resources to reverse proxy like public resources? I don't want to have to change URL when I turn on my pangolin client
They are adding this feature soon(tm). Here is their current roadmap: https://github.com/orgs/fosrl/projects/3
Though once they implement the reverse proxy for private resources, I'm not sure if you will be able to overlap them with the same subdomains as public resources.
Oh, that is a question. Will have a look at how DNS works over pangolin
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| IoT | Internet of Things for device controllers |
| NAS | Network-Attached Storage |
[Thread #216 for this comm, first seen 6th Apr 2026, 04:20] [FAQ] [Full list] [Contact] [Source code]