update pangolin overview

packages/docusaurus/docs/03-Pangolin/01-overview.md

@@ -1,10 +1,8 @@
 # Overview
 
-Pangolin is a self-hosted tunneled reverse proxy management server with identity and access management, designed to securely expose private resources through encrypted [WireGuard](https://www.WireGuard.com/) tunnels running in user space. With Pangolin, you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, and simplifying complex network setups, all with a clean and simple UI.
+Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
 
-## Preview
+<img src={require("./img/sites.png").default} alt="Sites"/>
-
-<img src={require("./img/preview.png").default} alt="Preview"/>
 
 _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected to the central server._
 
@@ -12,58 +10,67 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
 
 ### Reverse Proxy Through WireGuard Tunnel
 
-- Expose private resources on your network **without opening ports**.
+-   Expose private resources on your network **without opening ports** (firewall punching).
-- Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
+-   Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
-- Built-in support for any WireGuard client.
+-   Built-in support for any WireGuard client.
-- Automated **SSL certificates** (https) via [Let's Encrypt](https://letsencrypt.org/).
+-   Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
+-   Support for HTTP/HTTPS and **raw TCP/UDP services**.
+-   Load balancing.
 
 ### Identity & Access Management
 
-- Centralized authentication system using platform SSO. **Users will only have to manage one login.**
+-   Centralized authentication system using platform SSO. **Users will only have to manage one login.**
-- Create organizations, each with multiple sites, users, and roles.
+-   **Define access control rules for IPs, IP ranges, and URL paths per resource.**
-- **Role-based access control** to manage resource access permissions.
+-   TOTP with backup codes for two-factor authentication.
-- Additional authentication options include:
+-   Create organizations, each with multiple sites, users, and roles.
-  - Email whitelisting with **one-time passcodes.**
+-   **Role-based access control** to manage resource access permissions.
-  - **Temporary, self-destructing share links.**
+-   Additional authentication options include:
-  - Resource specific pin codes.
+    -   Email whitelisting with **one-time passcodes.**
-  - Resource specific passwords.
+    -   **Temporary, self-destructing share links.**
+    -   Resource specific pin codes.
+    -   Resource specific passwords.
 
 ### Simple Dashboard UI
 
-- Manage sites, users, and roles with a clean and intuitive UI.
+-   Manage sites, users, and roles with a clean and intuitive UI.
-- Monitor site usage and connectivity.
+-   Monitor site usage and connectivity.
-- Light and dark mode options.
+-   Light and dark mode options.
+-   Mobile friendly.
 
 ### Easy Deployment
 
-- Docker Compose based setup for simplified deployment.
+-   Run on any cloud provider or on-premises.
-- Future-proof installation script for streamlined setup and feature additions.
+-   **Docker Compose based setup** for simplified deployment.
-- Run on any VPS.
+-   Future-proof installation script for streamlined setup and feature additions.
-- Use your preferred WireGuard client to connect, or use Newt, our custom user space client for the best experience.
+-   Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
 
 ### Modular Design
 
-- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [Fail2Ban](https://plugins.traefik.io/plugins/628c9ebcffc0cd18356a979f/fail2-ban) or [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin), which integrate seamlessly.
+-   Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](github.com/PascalMinder/geoblock).
-- Attach as many sites to the central server as you wish.
+    - **Automatically install and configure Crowdsec via Pangolin's installer script.**
+-   Attach as many sites to the central server as you wish.
 
-## Workflow Example
+<img src={require("./img/collage.png").default} alt="Collage"/>
 
-### Deployment and Usage Example
+## Deployment and Usage Example
 
 1. **Deploy the Central Server**:
 
-   - Deploy the Docker Compose stack containing Pangolin, Gerbil, and Traefik onto a VPS hosted on a cloud platform like Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.
+   - Deploy the Docker Compose stack onto a VPS hosted on a cloud platform like RackNerd, Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.
 
 2. **Domain Configuration**:
 
-   - Point your domain name to the VPS and configure Pangolin with your preferred settings.
+    - Point your domain name to the VPS and configure Pangolin with your preferred settings.
 
 3. **Connect Private Sites**:
-   - Install Newt or use another WireGuard client on private sites.
+
-   - Automaticlaly establish a connection from these sites to the central server.
+    - Install Newt or use another WireGuard client on private sites.
-4. **Configure Users & Roles**
+    - Automatically establish a connection from these sites to the central server.
-   - Define organizations and invite users.
+
-   - Implement user- or role-based permissions to control resource access.
+4. **Expose Resources**:
+
+    - Add resources to the central server and configure access control rules.
+    - Access these resources securely from anywhere.
 
 **Use Case Example - Bypassing Port Restrictions in Home Lab**:  
  Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
@@ -71,12 +78,23 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
 **Use Case Example - IoT Networks**:  
  IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
 
+
+<img src={require("./img/resources.png").default} alt="Resources"/>
+
+_Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._
+
 ## Similar Projects and Inspirations
 
-Pangolin was inspired by several existing projects and concepts:
+**Cloudflare Tunnels**:  
+    A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
 
-- **Cloudflare Tunnels**:  
+**Authentik and Authelia**:  
-  A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
+    These projects inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
 
-- **Authentik and Authelia**:  
+## Project Development / Roadmap
-  These projects inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
+
+View the [project board](https://github.com/orgs/fosrl/projects/1) for more detailed info.
+
+## Licensing
+
+Pangolin is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us at [numbat@fossorial.io](mailto:numbat@fossorial.io).