Skip to main content

Try free on Pangolin Cloud

Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
Resources represent the applications, hosts, or ranges you make available for remote access to users. Resources exist on the remote networks of your sites. Users only ever think about connecting to resources and not specific sites. By default, no resources are made available on sites. Admins must define resources with backend targets, and assign specific access policies before any users can gain access.

Resource Types

There are two categories of resources: public resources and private resources. Each category supports different protocol types suited to how users connect.

Public Resources

  • Protocol-aware reverse proxies on the public internet
  • Browser-based access for most types (no client required)
  • Authentication and access rules on protocol-aware types

Private Resources

  • Zero-trust VPN access over the Pangolin client
  • Every resource requires authentication
  • Not browser-rendered; requires a connected client

Public Resource Types

Public resources create a public proxy on the Pangolin server. The protocol changes per type, but the overall model is the same: traffic enters through Pangolin and is forwarded to your backend on a remote site. HTTP/HTTPS, SSH, RDP, and VNC are all browser-based. You assign a fully qualified domain name (FQDN) to each resource and users open it in a web browser—no client-side software is required. Pangolin authentication and access rules protect all of these types the same way. You can configure those rules inline on each resource or share them through a resource policy. SSH, RDP, and VNC require a Newt site. HTTP/HTTPS and TCP/UDP resources can also run on local and basic WireGuard sites. TCP and UDP are the exception. They do not receive a FQDN. Instead, they bind to a port on the Pangolin server host and act as simple protocol-agnostic pipes to the downstream resource. Because they are not protocol-aware, they do not enforce Pangolin authentication or access rules.

HTTP / HTTPS

Websites, APIs, and dashboards behind an authenticated reverse proxy.

SSH

Full terminal in the browser with password, key, or Pangolin identity (PAM).

RDP

Full remote desktop in the browser, including file transfer and clipboard.

VNC

Remote display session rendered entirely in the browser.

TCP

Raw TCP proxy on a Pangolin server port. No authentication.

UDP

Raw UDP proxy on a Pangolin server port. No authentication.

Site Compatibility

Newt Site

All public resource types supported.Required for SSH, RDP, and VNC.

Local Site

HTTP/HTTPS and TCP/UDP only.SSH, RDP, and VNC are not supported.

Basic WireGuard Site

HTTP/HTTPS and TCP/UDP only.SSH, RDP, and VNC are not supported.

Private Resource Types

Private resources require users to connect with the Pangolin client before any traffic can flow. Nothing is exposed on the public internet. Users gain access to all resources their account is permitted to use once connected.

Host

Route traffic to a single IP address or FQDN on the remote network.

CIDR

Route traffic to an entire IP range, such as a subnet.

HTTP / HTTPS

Private reverse proxy with optional TLS termination at the site edge.

SSH

Traditional terminal SSH over the tunnel via pangolin ssh.
Private resources can only be created on Newt sites. Private resources function like a zero-trust virtual private network (VPN). Explicit access to resources must be granted for users and roles to be able to access them. For raw TCP/UDP traffic that does not need a public proxy, prefer a private host or CIDR resource over public TCP/UDP resources. Private resources support aliases for human-readable internal hostnames. When multiple sites can reach the same destination, Pangolin intelligently routes traffic through the healthiest path.

Site Compatibility

Newt Site

Supported.Private resources require a Newt site.

Local Site

Not supported.Local sites can only host public resources.

Basic WireGuard Site

Not supported.Basic WireGuard sites can only host public resources.