Try free on Pangolin Cloud Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
Newt can be installed as either a static binary executable or a Docker container. You must first create a site and copy the Newt config in Pangolin before running Newt.
Binary Installation Quick Install (Recommended) Use this command to automatically install Newt. It detects your system architecture automatically and always pulls the latest version, adding Newt to your PATH:
curl -fsSL https://static.pangolin.net/get-newt.sh | bash
Windows To run Newt on Windows, use the latest installer from GitHub releases .
If you are using Newt on Windows as a service or with clients, wintun.dll may be required.
Manual Download Binaries for Linux, macOS, and Windows are available in the GitHub releases for ARM and AMD64 (x86_64) architectures.
Download and install manually:
wget -O newt "https://github.com/fosrl/newt/releases/download/{version}/newt_{architecture}" && chmod +x ./newt
Replace {version} with the desired version and {architecture} with your architecture. Check the release notes for the latest information. Running Newt Run Newt with the configuration from Pangolin:
newt \ --id 31frd0uzbjvp721 \ --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ --endpoint https://app.pangolin.net
Systemd Service Create /etc/newt/newt.env with the initial values from your Pangolin site configuration:
NEWT_ID = 31frd0uzbjvp721 NEWT_SECRET = h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 PANGOLIN_ENDPOINT = https://app.pangolin.net
Create the directory, write the file, and restrict its permissions:
sudo install -d -m 0755 /etc/newt sudo editor /etc/newt/newt.env sudo chmod 600 /etc/newt/newt.env
Then create a systemd service. Newt reads those environment variables automatically, so ExecStart does not need to repeat them as flags:
/etc/systemd/system/newt.service
[Unit] Description =Newt Wants =network-online.target After =network-online.target [Service] Type =simple User =root Group =root EnvironmentFile =/etc/newt/newt.env ExecStart =/usr/local/bin/newt Restart =always RestartSec =2 UMask =0077 NoNewPrivileges =true PrivateTmp =true [Install] WantedBy =multi-user.target
Make sure the binary exists at /usr/local/bin/newt before daemon reload and starting the service: Reload systemd and enable the service:
sudo systemctl daemon-reload sudo systemctl enable --now newt sudo systemctl status newt
If you later change /etc/newt/newt.env, restart the service so Newt picks up the new values.
See Configure Sites for more environment variables.
Docker Installation Pull the Image Pull the latest Newt image from Docker Hub:
docker pull fosrl/newt:latest
Run with Docker Run Newt with CLI arguments from Pangolin:
docker run -it fosrl/newt --id 31frd0uzbjvp721 \ --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ --endpoint https://app.pangolin.net
Docker Compose Environment Variables (Recommended) services : newt : image : fosrl/newt container_name : newt restart : unless-stopped environment : - PANGOLIN_ENDPOINT=https://app.pangolin.net - NEWT_ID=2ix2t8xk22ubpfy - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2
Config File Injected as Compose Secret A safer but slightly more complex way is to use Compose Secrets . First, create a JSON file containing your configuration:
{ "id" : "2ix2t8xk22ubpfy" , "secret" : "nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2" , "endpoint" : "https://app.pangolin.net" , "tlsClientCert" : "" }
Then register and reference the secret in your docker-compose.yml:
services : newt : image : fosrl/newt container_name : newt restart : unless-stopped environment : - CONFIG_FILE=/run/secrets/newt-config secrets : - newt-config secrets : newt-config : file : ./newt-config.secret
This allows you to separate sensitive secrets from plain configuration, improving security when storing or sharing your docker-compose.yml anywhere else.
CLI Arguments services : newt : image : fosrl/newt container_name : newt restart : unless-stopped command : - --id 31frd0uzbjvp721 - --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 - --endpoint https://app.pangolin.net
Start the service:
Unraid Newt is available in the Unraid Community Applications store. Search for “Newt” and follow the installation prompts. Enter the ID, secret, and endpoint from Pangolin in the template fields.
Portainer and Other UIs Container management UIs like Portainer typically allow passing commands and environment variables to containers similar to Docker Compose. Look for a commands or arguments configuration section and follow the relevant guides.
Windows Service On Windows, newt can to be installed and run as a Windows service to remain persistent.
Service Management Commands # Install the service newt.exe install # Start the service newt.exe start # Stop the service newt.exe stop # Check service status newt.exe status # Remove the service newt.exe remove # Show help newt.exe service-help
Note running the service requires credentials in %PROGRAMDATA%\newt\newt-client\config.json.
Service Configuration When running as a service, newt will read configuration from environment variables or you can modify the service to include command-line arguments:
Install the service: newt.exe install
Set the credentials in %PROGRAMDATA%\newt\newt-client\config.json. Hint: if you run newt once with —id and —secret this file will be populated!
Start the service: newt.exe start
Service Logs When running as a service, logs are written to:
Windows Event Log (Application log, source: “newtWireguardService”)
Log files in: %PROGRAMDATA%\newt\logs\newt.log
You can view the Windows Event Log using Event Viewer or PowerShell:
Get-EventLog -LogName Application -Source "newtWireguardService" -Newest 10
