fosrl/docs
1
0
Fork 0
mirror of https://github.com/fosrl/docs.git synced 2025-05-13 05:40:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
docs/packages/docusaurus/docs/01-overview.md

3.8 KiB
Raw Blame History

Overview

The Fossorial system - with Pangolin at its core - is a self-hosted tunneled reverse proxy with identity and access management, designed to securely expose private resources through encrypted WireGuard tunnels running in user space. Think self hosted Cloudflare tunnels.

Pangolin uses Traefik under the hood to do the actual HTTP proxying. A plugin, Badger, provides a way to authenticate every request with Pangolin. A second service, Gerbil, provides a WireGuard management server that Pangolin can use to create peers for connectivity. And finally, there is Newt, a CLI tool and Docker container that connects back to Newt and Gerbil with WireGuard fully in user space and proxies your local resources. This means that you do not need to run a privileged process or container in order to expose your services!

Videos

Components Overview

Fossorial has a couple major components:

Pangolin (Management Application & Central Server)

The central hub for managing the application. Pangolin includes: - Most business logic. - External facing rest API. - WebSocket server for managing Newt sites. - Internal facing rest API for communication between components on the VPS. - Frontend server for the web interface. - Main database for storing data. - Authentication system.

Gerbil (WireGuard Interface Management)

Acts as the intermediary for managing WireGuard configurations. It creates and maintains the secure tunnels between sites and the Pangolin server.

Traefik (Reverse Proxy)

A high-performance, modular reverse proxy that routes requests to private resources. Traefik is widely adopted, and its plugin system allows further customization and security enhancements. For example: - Out-of-the-box compatibility with plugins like Fail2Ban or CrowdSec. - Enhanced security via our custom Traefik plugin Badger, which acts as an authentication bouncer.

Badger (Traefik Plugin):

A custom Traefik plugin that acts as an authentication bouncer. Badger:
 - Intercepts requests to the Traefik reverse proxy.
 - Redirects unauthenticated requests to the Pangolin server for authentication.

Newt (Minimal User Space WireGuard Client)

A lightweight client designed to run on the private network. Newt: - Connects to the Pangolin server via WebSocket and Gerbil via fully user space WireGuard - Facilitates networking through its connection to Gerbil and creating TCP proxies

System Diagram

![graphic](./img/system-diagram.svg)

What is a fossorial animal?

A fossorial animal is one adapted to digging which lives primarily but not solely, underground. Some examples are badgers, naked mole-rats, clams, meerkats, and mole salamanders, as well as many beetles, wasps, and bees. Wikipedia

Credits

Built by Owen & Milo Schwartz

"Pangolin" icon used as a initial logo is by Coret Steyn from Noun Project.

All of our fossorial animal names come from the good people at animalia.bio. They kindly donated their curated list of fossorial animals found on their website and provided permission to use their images.