September 10, 2025Sep 10 Hey all, today we’re going to be setting up a Pangolin Tunnel / Reverse Proxy for use with Plex Media Server. Since CloudFlare doesn’t want folks streaming across their tunnels, this is a nice alternative that has a lot of great features!What is Pangolin?Pangolin is an open-source and identity-aware tunneled reverse proxy server. Pangolin’s distributed architecture with nodes provide highly available ingress to ensure applications always remain accessible.Pangolin establishes secure connections from edge networks to nodes, bypassing the need for public inbound ports and complex firewall configurations. Pangolin is incredibly useful for exposing local services, IoT devices, or internal applications to the internet without direct exposure, enhancing security by reducing attack surface and simplifying network management. Additionally, Pangolin acts as an identity-aware proxy by authenticating every request against admin-defined access controls and rules.What is needed?A VPS ~$2-7 depending on requirements (Pangolin has a nice affiliate Racknerd deal for these here https://docs.digpangolin.com/self-host/choosing-a-vps )A domain nameA Plex Server (I will not be covering Plex server configuration in this guide)Decent upload speed (don’t forget about this!)DNSTo start out, I’d just get the DNS entries set up first, as they can take a little bit to propagate sometimes. Check out their Docs here: https://docs.digpangolin.com/self-host/dns-and-networkingEssentially all you really need is a Wildcard A Record pointing to your VPS. If you’re using this domain for other things you might need to set these A Records up manually for each subdomain you’re using, but in my case, this domain is exclusively for use with Pangolin, so a wildcard works perfect.I didn’t bother with the Root Domain Record, as it wasn’t necessary for my case. You might consider it if you want to run something through your Root Domain as well.Getting Started With PangolinCheck out the Pangolin Quick Install Guide first and foremost. This gives you an idea of what all you will need to do and has all of the commands necessary to get this going:https://docs.digpangolin.com/self-host/quick-install-managedFirst off, just create a Pangolin account now: https://pangolin.fossorial.io/auth/signup (You will need this later)Get SSH’d into your VPS and run the commands to get the installer going.During the installer you will have to make a few choices. You might want to set these differently from me, but this is what I ended up running with to start:Basic ConfigurationDo you want to install Pangolin as a cloud-managed (beta) node? (yes/no): noEnter your base domain (no subdomain e.g. example.com): your base domain goes hereEnter the domain for the Pangolin dashboard (default: pangolin.example.com): pangolin.yourdomain.comEnter email for Let's Encrypt certificates: Your emailDo you want to use Gerbil to allow tunneled connections (yes/no) (default: yes): yes (This is what will link up with Newt on our Unraid server for the tunnel.Email ConfigurationEnable email functionality (SMTP) (yes/no) (default: no): noAdvanced ConfigurationIs your server IPv6 capable? (yes/no) (default: yes): yesIt will also ask you if you want to install and use Docker. I said yes, you can use Podman if you want, but Docker makes the most sense for most folks probably.You will then be prompted about installing CrowdSec. By default this is set to No. I also opted for No to begin with. Later on if you want to add this you can just re-run the installer and select yes, but this does add another degree of management overhead that might not be worth the hassle for some. I will not be covering this in this guide, but it might be worth considering in the future, so keep it in mind for now.Pangolin Dashboard Initial SetupAfter all this, you will get a Setup Token and an Initial Setup URL. Browse to the Initial Setup URL which should work since you created the A Record for the site in an earlier step. If this is not working, it’s likely because you messed up the DNS record or it hasn’t propagated yet. (This usually is pretty quick though)At the Initial setup screen make 100% sure that you’re connected to your VPS (pangolin.example.com) and not the Pangolin cloud (https://pangolin.fossorial.io/). Step through the initial setup, enter your Token from the previous steps and log in.Once you log in you will be prompted to set up an Organization. The name doesn’t matter much, this is just so you can group your resources/sites. The default Subnet should be fine for you, as you likely won’t overlap with it, but you can change it if needed.Next you will be prompted to set up a Site. This is the Server end of our tunnel. Name it whatever you want, the IP it’s bound to by default is fine. You will want to configure this as a Newt Tunnel and copy the Newt Endpoint, Newt ID, and Newt Secret. These will be used on the Newt config on the Unraid side later.Lastly, you will be asked to set up a Resource. This is your service behind the tunnel. Name it Plex or whatever you want. This will be your subdomain for this service. Add an HTTP Method with the Internal IP Address of your Plex instance as the IP/Hostname. Port will be your Plex listening port which is 32400 by default. Enable SSL (https).On the Authentication Tab you might want to Enable/Disable extra layers of security. These will prompt for Pangolin Authentication, Pins, etc. before your request is sent to your Services behind Pangolin. This is nice for security, but can break things like the Plex Mobile Apps that expect to just use the Plex Auth. YMMV, try this out and set it to whatever works for you and your users.Once you’re done there, you should be all good to go on the Pangolin Dashboard. You can check your Tunnel health by going to the Sites section and looking at the Online Status. For now it will be Unhealthy, so let’s get Newt set up on our Unraid server to get this connected!Configuring NewtGo to the App store on your Unraid server and install NewtAfter that is done, edit the Newt Container. This is where you will enter the Endpoint, ID, and Secret we generated during the Site setup. Enter those in and Apply them. The Container should reboot and afterwards you should show Online on the Pangolin Dashboard under Sites.Plex SettingsIn Plex Settings → Network set Custom Server Access URLs to the same thing that was configured in Resources. This will likely be https://plex.example.comThis might also be a good time to verify you have Hardware Transcoding, Bitrate Limits, etc. since more people might be utilizing your server after this.Note: You do NOT need the Relay or even Remote Access enabled from the Plex Dashboard for this to work.TestingWe should be fully configured now! Test access from your browser to https://plex.example.com and see if it works. If you get a 401 / 502 you likely messed something up in the Resource config or didn’t add the correct URL to Plex, so doublecheck those and try again.ExtrasAfter you get all this tested and working, you can start working on locking this down even further. Pangolin uses Traefik on the back end, so you can add plugins in for even more customization. One I’d recommend to start with is the Geoblock plugin. Adding this is as easy as editing your YAML files for Traefik on your VPS. Pangolin has a nice guide for that here:https://docs.digpangolin.com/self-host/community-guides/geoblockAnd that’s it! If you have any questions feel free to post them up here. Edited September 11, 2025Sep 11 by Skarm0ry Removed unnecessary step.
September 11, 2025Sep 11 18 hours ago, Skarm0ry said:Go to the Sites tab and click Edit next to your newly created Site. From here you should set your Subnets for your internal network. For me I entered the /24 for my Docker network as well as my /32 (single ip) for my Plex Server.Thanks for this guide. I've started playing with pangolin as well. Pretty nice software stack. Paired with one of their recommended racknerd VPS's, it costs almost nothing to operate.Curious why you included the section above? Seems this is only needed for "Clients", which I don't quite understand yet.
September 11, 2025Sep 11 Author 1 hour ago, boxer74 said:Thanks for this guide. I've started playing with pangolin as well. Pretty nice software stack. Paired with one of their recommended racknerd VPS's, it costs almost nothing to operate.Curious why you included the section above? Seems this is only needed for "Clients", which I don't quite understand yet.Yeah I've been happy with it so far!That would be because I also don't understand them yet and missed that they were only used for VPN Client connectivity haha. So these would only be used if you weren't using Newt to connect it seems. I went ahead and removed that step to avoid any confusion.Thanks! Edited September 11, 2025Sep 11 by Skarm0ry
September 13, 2025Sep 13 Started on this a couple weeks ago, can get it to work with the URL on PC but not any apps yet
September 13, 2025Sep 13 Author 3 hours ago, stealthbob said:Started on this a couple weeks ago, can get it to work with the URL on PC but not any apps yetThe apps rely on the Custom Server URL in the Plex settings, so you'll want to double-check that. One thing that I've seen others have to do is add :443 to the end of their custom URL in Plex, so:https://plex.example.com:443For whatever reason, that seems to be necessary for some. I also personally had to clear out the Plex Data from a couple Android TV devices and re-login from scratch to connect again. Not sure if that will be necessary for all, but it's worth a shot too.
September 18, 2025Sep 18 One problem that i faced with Pangolin, that watching content was a bit of a drag from outside of the home network. The speed was horrendous. Did anyone faced similar issues or there are workaround for Pangolin?
September 18, 2025Sep 18 Author 11 hours ago, Igiq said:One problem that i faced with Pangolin, that watching content was a bit of a drag from outside of the home network. The speed was horrendous. Did anyone faced similar issues or there are workaround for Pangolin?I think this is very heavily dependent on your VPS and your connection to it. I haven't had any speed issues with my RackNerd VPS personally and have had multiple clients streaming through it, but there are a lot of factors that could cause this. I don't think this is a Pangolin specific thing though. Edited September 18, 2025Sep 18 by Skarm0ry
January 29Jan 29 On 9/13/2025 at 7:05 PM, Skarm0ry said:The apps rely on the Custom Server URL in the Plex settings, so you'll want to double-check that. One thing that I've seen others have to do is add :443 to the end of their custom URL in Plex, so:https://plex.example.com:443For whatever reason, that seems to be necessary for some. I also personally had to clear out the Plex Data from a couple Android TV devices and re-login from scratch to connect again. Not sure if that will be necessary for all, but it's worth a shot too.I had to add this as well - unsure why exactly that is.It might have to do with the fact that I use https between my nginx proxy manager and pangolin.But it sealed the deal for plex, so thank you for the tip!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.