Merge branch 'fosrl:main' into fix-crowdsec-reference

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+## Community Contribution License Agreement
+By creating this pull request, I grant the project maintainers an unlimited,
+perpetual license to use, modify, and redistribute these contributions under any terms they
+choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
+represent that I have the right to grant this license for all contributed content.
+
+## Description

packages/docusaurus/docs/02-Getting Started/03-quick-install.md

@@ -15,7 +15,7 @@ import WgetQuickInstaller from "@site/src/components/WgetQuickInstaller";
 
 ## Using a VPS
 
-If you need a VPS to run Pangolin, [RackNerd](https://my.racknerd.com/aff.php?aff=13788) is a great option, and often has generous promotions. More options can be found in our [VPS guide](./01-choosing-a-vps.md).
+If you need a VPS to run Pangolin, [RackNerd](https://my.racknerd.com/aff.php?aff=13788) is a great option, and often has generous promotions. More options can be found in our VPS guide.
 
 A good option is [**1 vCPU, 1GB RAM less than $1 a month**](https://my.racknerd.com/aff.php?aff=13788&pid=903).
 

packages/docusaurus/docs/03-Pangolin/01-overview.md

@@ -2,9 +2,9 @@
 
 Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
 
-<img src={require("./img/sites.png").default} alt="Sites"/>
+<img src={require("./img/hero.png").default} alt="Sites"/>
 
-_Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected to the central server._
+_Resources page of Pangolin dashboard (dark mode) showing multiple resources available to connect._
 
 ## Key Features
 
@@ -29,6 +29,8 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
   - **Temporary, self-destructing share links.**
   - Resource specific pin codes.
   - Resource specific passwords.
+- OIDC Support for IdPs like Authentik, Keycloak, Okta, and others.
+  - Auto-provision users and roles from your IdP.
 
 ### Simple Dashboard UI
 
@@ -43,6 +45,9 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
 - **Docker Compose based setup** for simplified deployment.
 - Future-proof installation script for streamlined setup and feature additions.
 - Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
+- Use the API to create custom integrations and scripts.
+    - Fine-grained access control to the API via scoped API keys.
+    - Comprehensive Swagger documentation for the API.
 
 ### Modular Design
 
@@ -77,11 +82,12 @@ You can [buy a cheap domain at Namecheap](https://namecheap.pxf.io/c/6099916/386
 **Use Case Example - Bypassing Port Restrictions in Home Lab**:  
  Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
 
+**Use Case Example - Deploying Services For Your Business**:
+You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IDP solution. Expose resources on prem and on the cloud.
+
 **Use Case Example - IoT Networks**:  
  IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
 
-<img src={require("./img/resources.png").default} alt="Resources"/>
-
 _Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._
 
 ## Similar Projects and Inspirations
@@ -89,8 +95,8 @@ _Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resource
 **Cloudflare Tunnels**:  
  A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
 
-**Authentik and Authelia**:  
- These projects inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
+**Authelia**:  
+ This inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
 
 ## Project Development / Roadmap
 

packages/docusaurus/docs/03-Pangolin/02-Configuration/02-config.md

@@ -77,9 +77,8 @@ Pangolin is configured using a `config.yml` file. The file is expected to be mou
   - Default: `720`
 - `secret`: string
   - Env: SERVER_SECRET
-  - A 32-byte base64 encoded string used to encrypt data in the database.
-  - Generate one with: `openssl rand -base64 32`
-  - Example: "N6KkZsm9WdK7ZXvVFEqyNgLw2iPeLX7hUpRy8WiWzVA="
+  - A secret string used for encrypting sensitive data. Must be at least 8 characters long.
+  - Example: "d28@a2b.2HFTe2bMtZHGneNYgQFKT2X4vm4HuXUXBcq6aVyNZjdGt6Dx-_A@9b3y"
 
 ### `domains`
 
@@ -217,7 +216,7 @@ server:
     id: "P-Access-Token-Id"
     token: "P-Access-Token"
   resource_session_request_param: "p_session_request"
-  secret: "" # 32-byte base64 encoded string; generate with: openssl rand -base64 32
+  secret: "d28@a2b.2HFTe2bMtZHGneNYgQFKT2X4vm4HuXUXBcq6aVyNZjdGt6Dx-_A@9b3y"
 
 traefik:
   cert_resolver: "letsencrypt"

packages/docusaurus/docs/03-Pangolin/06-Identity Providers/01-configuring-identity-providers.md

@@ -11,6 +11,8 @@ For example, you may have users defined in Authentik, and you want these users t
 - OAuth2/OIDC
   - This can be used to connect to any external identity provider that supports the OpenID Connect protocol such as Authentik, Keycloak, Okta, etc.
 
+_We are working on adding support for more identity providers in the future. If you have a specific identity provider in mind, please let us know!_
+
 ### How to Add an Identity Provider
 
 1. Select the "Identity Providers" tab in the Server Admin UI.
@@ -20,4 +22,4 @@ For example, you may have users defined in Authentik, and you want these users t
 
 ### Auto Provisioning
 
-See [Auto Provision](./02-auto-provision.md) for more information on how to automatically provision users in Pangolin when they log in using an external identity provider.
+See [Auto Provision](./02-auto-provision.md) for more information on how to automatically provision users and assign orgs and roles in Pangolin when they log in using an external identity provider.

packages/docusaurus/docs/03-Pangolin/06-Identity Providers/03-Providers/02-pocket-id.md

@@ -0,0 +1,61 @@
+# Pocket ID
+
+Follow these steps to integrate **Pocket ID** with **Pangolin SSO** using OpenID Connect (OIDC)
+
+## 1. Make Pocket ID Public
+
+If you have Pocket ID hosted on a Site, create a Resource for it if you haven't already.
+
+:::danger Important for security
+
+Consider hosting Pocket ID somewhere, where it's always accessible or save an internal account. You will *not* be able to log in when the site where Pocket ID is hosted goes offline!
+ 
+DO NOT secure the Pocket ID resource with Pangolin SSO, otherwise it will not work
+
+:::
+
+## 2. Create an OIDC Client in Pocket ID
+
+In Pocket ID, create a new OIDC Client.
+
+- Set the name to something memorable (eg. Pangolin)
+- Set "Callback URLs" to `https://<your-pangolin-domain>/auth/idp/<idp-id>/oidc/callback`
+  - This URL is displayed in the IdP settings after you create the IdP in Pangolin.
+- All other values can be kept as default
+
+After you have created the OIDC Client, take note of the following fields from the top of the page (click "Show more details" to see all of them):
+
+- Client ID
+- Client secret
+- Authorization URL
+- Token URL
+
+## 3. Configure an Identity Provider in Pangolin
+
+In Pangolin, go to `Identity Providers` and click "Add Identity Provider":
+
+- Set the name to something memorable (eg. Pocket ID)
+- In the "OAuth2/OIDC Configuration" section, fill the fields with the values you have from Pocket ID
+- In the "Token Configuration" section, set "Identifier Path" to "preferred_username"
+
+When you're done, click "Create Identity Provider"
+
+## 4. Ready to Test!
+
+The configuration is now complete. If you've configured a user (see below), try logging in!
+
+## User Configuration in Pangolin
+
+:::note
+
+The Username has to be the exact same as in Pocket ID, otherwise the login will not work
+
+:::
+
+To create a user in an Organization, Set the following:
+
+- "User Type": "External User
+- "Identity Provider": The name you set for the identity provider (we'll assume "Pocket ID" here)
+- "Role": Whatever role you want to give the user
+
+The other fields are optional

packages/docusaurus/docs/10-professional-edition.md

@@ -0,0 +1,90 @@
+# Professional Edition
+
+:::note
+
+If you have already purchased a Supporter Key and wish to also purchase a Professional Edition license please check your supporter portal for a 75% discount code!
+
+There is no restrictions on sites for the open source version of Pangolin.
+
+Take a look at our post about clarifying our monetization path: https://github.com/orgs/fosrl/discussions/650
+
+:::
+
+The Professional Edition is for businesses that want to use Pangolin in a commercial environment and require access to licensed components and extra support.
+
+Pangolin will always be free and open source but some features geared more to businesses will be covered under a different license than the AGPL3 in order to allow us to grow Pangolin.
+
+For more information about pricing and what is included in the Professional Edition, please see the [pricing page](/pricing).
+
+## How does this work?
+
+License keys are like upgrades to your Pangolin instance. There are two types of license keys:
+
+- The host key
+- Additional site addon keys
+
+Licensing is managed from the Licensing section of the Server Admin panel in Pangolin.
+
+Purchases are managed through [Lemon Squeezy](https://app.lemonsqueezy.com/).
+
+### The Host Key
+
+Every Pangolin instance needs its own host key. This will unlock all of the Professional features for that instance.
+
+When purchasing the host key you can optionally choose to include a base number of sites licensed for your instance. This should be a conservative guess about how many sites you need to start with. You can always add more sites later via the site upgrade keys.
+
+To purchase a host key you will first want to navigate to our [pricing page](/pricing).
+
+### The Site Addon Keys
+
+Once your instance is licensed you can increase the amount of licensed sites to the instance by purchasing addon keys. To do so follow the link to choose an amount of sites to add from within your Pangolin license page and complete the purchase. Load this new key into your instance and you should instantly have the limit increased.
+
+Licensee is responsible for ensuring that the number of sites used by the host does not exceed the number of sites purchased. If you need to increase the number of sites, you can purchase additional site keys at any time. You may also decrease the number of sites by canceling the additional site keys.
+
+<img src={require("./img/license.png").default} alt="Tiers"/>
+
+## FAQ
+
+#### How often will I be billed?
+
+The Professional Edition license subscription is billed monthly.
+
+If need/prefer to be billed quarterly or annually, please contact us.
+
+#### How do I manage all of my keys?
+
+You can log into [Lemon Squeezy](https://app.lemonsqueezy.com/my-orders/) with the same email that your purchased your keys. From here you can deactivate an instance or manage subscriptions.
+
+#### Can I reuse the license keys?
+
+No, you register a key with a host instance. The license is then tied to that instance until otherwise deactivated.
+
+If you need to move your instance to a new server, please log into Lemon Squeezy, deactivate the key, and then re-activate it on the new server.
+
+#### There is an issue with my order!
+
+Please [email us](mailto:numbat@fossorial.io) immediately with any issues.
+
+#### Where do I create support tickets?
+
+Within 48 hours of your purchase you should receive an email invite to our support portal where you can interact with us.
+
+You can then create support tickets in the [support portal](https://support.fossorial.io/).
+
+#### What is the difference between this and the Supporter Program?
+
+The Supporter Program is a way to support the project and remove the supporter marks. It is for individuals that want to support the project but do not need the extra features or support. It is a one time donation. No features are unlocked.
+
+The Professional plan is a paid license that allows you to use the software in a commercial environment that unlocks features and provides support. It is a monthly subscription.
+
+#### What happens if I run out of sites?
+
+A persistent banner will be displayed in across the application pages stating the instance has gone over the licensed limit.
+
+This is considered a violation of the license agreement and may result in the license being revoked if not resolved within a reasonable time frame.
+
+The licensee would need to purchase additional site keys to remove the banner and be compliant with the license agreement.
+
+# TOS / License
+
+By purchasing any Professional Edition license key you agree to abide by the [Fossorial Commercial License - Professional Edition Subscription Terms](https://fossorial.io/license.html).

packages/docusaurus/docs/11-supporter-program.md

@@ -1,5 +1,15 @@
 # Supporter Program
 
+:::note
+
+There is no restrictions on sites for the open source version of Pangolin.
+
+The Supporter Program does not provide access to Professional Edition features.
+
+Take a look at our post about clarifying our monetization path: https://github.com/orgs/fosrl/discussions/650
+
+:::
+
 ## What is this?
 
 Pangolin will always be free and open source, but maintaining the project takes a lot of time and resources. To help support ongoing development — including bug fixes, [new features](https://github.com/orgs/fosrl/projects/1/views/1), and community support — we’ve added a way for users to directly contribute. **We will not use this to paywall features.**
@@ -8,12 +18,18 @@ If you’d like to support the project, you can purchase a supporter key to remo
 
 We know it’s not the most exciting feature, but it helps us keep Pangolin healthy and moving forward.
 
+:::note
+
+If you have already purchased a Supporter Key and wish to also purchase a Professional Edition license please check your supporter portal for a 75% discount code!
+
+:::
+
 ## How does this work?
 
 We are using GitHub sponsors. In order to support and obtain your key:
 
 1. Purchase EITHER the "$25 one time" or "$95 one time" tier on GitHub
-2. Go to https://supporters.dev.fossorial.io and log in with your GitHub account
+2. Go to https://supporters.fossorial.io and log in with your GitHub account
 3. Copy the supporter key
 4. Go to your Pangolin instance and click the supporter button
 5. Enter the supporter key
@@ -60,7 +76,7 @@ You can only obtain a supporter key once. While GitHub allows you to donate mult
 
 GitHub Sponsors DOES NOT allow us to refund donations. Please make sure that you are comfortable supporting the project before you purchase a tier.
 
-## How is this different than the Professional License?
+## How is this different than the Professional Edition?
 
 The Supporter Program is a way to support the project and remove the
 support marks. It is a one time donation. No features are unlocked.

packages/docusaurus/src/pages/pricing.tsx

@@ -1,8 +1,19 @@
 import { useState } from "react";
 import Layout from "@theme/Layout";
 
+type Discount = {
+  code: string;
+  percentage: number;
+  message: string;
+};
+
 const PricingComponent = () => {
   const [siteCount, setSiteCount] = useState(3);
+  const [discount, setDiscount] = useState<Discount | null>({
+    code: "A2MJEYMW",
+    percentage: 25,
+    message: "Launch discount! 25% off first 12 months."
+  });
 
   const handleSiteCountChange = (e) => {
     const value = parseInt(e.target.value);
@@ -23,8 +34,24 @@ const PricingComponent = () => {
     }
   };
 
-  const calculatePrice = () => {
-    return 125 + siteCount * 5;
+  const calculateBasePrice = () => {
+    return 125;
+  };
+
+  const calculateSitePrice = () => {
+    return siteCount * 5;
+  };
+
+  const calculateTotalPrice = () => {
+    const basePrice = calculateBasePrice();
+    const sitePrice = calculateSitePrice();
+    const total = basePrice + sitePrice;
+
+    if (discount) {
+      return total * (1 - discount.percentage / 100);
+    }
+
+    return total;
   };
 
   return (
@@ -51,6 +78,20 @@ const PricingComponent = () => {
               </svg>
               Perfect for individuals and small teams
             </li>
+            <li style={styles.featureItem}>
+              <svg
+                style={styles.checkIcon}
+                fill="currentColor"
+                viewBox="0 0 20 20"
+              >
+                <path
+                  fillRule="evenodd"
+                  d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z"
+                  clipRule="evenodd"
+                />
+              </svg>
+              Unlimited Sites - No Restrictions
+            </li>
             <li style={styles.featureItem}>
               <svg
                 style={styles.checkIcon}
@@ -194,7 +235,9 @@ const PricingComponent = () => {
                   clipRule="evenodd"
                 />
               </svg>
-              <a href="/license.html">Fossorial Commercial License</a>
+              <a href="https://fossorial.io/license.html">
+                Fossorial Commercial License
+              </a>
             </li>
           </ul>
 
@@ -217,18 +260,53 @@ const PricingComponent = () => {
             </div>
           </div>
 
+          {discount && (
+            <div
+              style={{
+                ...styles.priceBreakdown,
+                color: "var(--ifm-color-primary)"
+              }}
+            >
+              {discount.message}
+            </div>
+          )}
+
           <div style={styles.priceDisplay}>
-            ${calculatePrice()}
+            {discount && (
+              <span
+                style={{
+                  textDecoration: "line-through",
+                  color: "var(--ifm-color-emphasis-600)",
+                  marginRight: "8px"
+                }}
+              >
+                ${calculateBasePrice() + calculateSitePrice()}
+              </span>
+            )}
+            ${calculateTotalPrice()}
             <span style={styles.pricePeriod}>/month</span>
           </div>
 
           <div style={styles.priceBreakdown}>
-            Base price $125 + ${siteCount} x $5 per site
+            {discount ? (
+              <>
+                Original price $
+                {(calculateBasePrice() + calculateSitePrice()).toFixed(2)}{" "}
+                discounted by {discount.percentage}%
+              </>
+            ) : (
+              <>Base price $125 + ${siteCount} x $5 per site</>
+            )}
+          </div>
+
+          <div style={styles.priceBreakdown}>
+            Bulk pricing available.{" "}
+            <a href="mailto:numbat@fossorial.io">Contact us</a>
           </div>
 
           <button
             onClick={() =>
-              (window.location.href = `https://payment.fossorial.io/buy/958562da-a87c-4dc8-abba-a3fbfcc1eb7d?quantity=${siteCount}`)
+              (window.location.href = `https://payment.fossorial.io/buy/dab98d3d-9976-49b1-9e55-1580059d833f?quantity=${siteCount}${discount ? `&checkout[discount_code]=${discount.code}` : ""}`)
             }
             style={styles.buttonPrimary}
           >
@@ -360,12 +438,14 @@ const PricingComponent = () => {
 
       <div style={styles.pricingContainer}>
         <div style={styles.cardLarge}>
-          <h1 style={styles.cardTitle}>Professional License FAQ</h1>
+          <h1 style={styles.cardTitle}>Professional Edition FAQ</h1>
+
+          <p style={styles.textMuted}><a href="https://github.com/orgs/fosrl/discussions/650">Take a look at our post about clarifying our monetization path.</a></p>
 
           <h4>How often will I be billed?</h4>
 
           <p style={styles.textMuted}>
-            The Professional License is billed monthly.
+            The Professional Edition license subscription is billed monthly.
           </p>
 
           <h4>What if I need more sites?</h4>
@@ -426,11 +506,24 @@ const PricingComponent = () => {
             provides support. It is a monthly subscription.
           </p>
 
-          <p style={styles.textMuted}>--</p>
+          <h4>What happens if I run out of sites?</h4>
 
           <p style={styles.textMuted}>
-            By purchasing any license key you agree to abide by the{" "}
-            <a href="/license.html">Fossorial Commercial License and Terms</a>
+            You will be warned if you go over your site limit before you create
+            a site. If you do there will be a banner displayed in the Pangolin
+            application and login pages stating you have gone over your limit
+            but no functionality of the application will be lost.
+          </p>
+
+          <h4>TOS / License</h4>
+
+          <p style={styles.textMuted}>
+            By purchasing any Professional Edition license key you agree to
+            abide by the{" "}
+            <a href="https://fossorial.io/license.html">
+              Fossorial Commercial License - Professional Edition Subscription
+              Terms
+            </a>
           </p>
         </div>
       </div>