Deploying Pangolin on a basic VPS with one vCPU and one gigabyte of RAM delivers a secure, self-hosted reverse proxy with WireGuard tunneling built in. Full control achieved. The guided installer configures Docker automatically, while DNS and SSL setup integrate without manual certificate handling or complex networking. Zero router port exposure needed. You expose local services through encrypted tunnels that verify user identity before granting access to your applications. Security by design. This step-by-step guide serves beginners and seasoned admins who value privacy, simplicity, and fully auditable infrastructure. No vendor lock-in. Each stage includes verification checkpoints to ensure your deployment stays stable and secure. Let us begin.
Prerequisites
Before installing Pangolin, prepare a Linux VPS with root privileges and a static public IP address. Your domain must resolve to this IP for dashboard access. A valid email address enables Let's Encrypt automation and secures your admin account. Open four critical ports on your firewall: 80 and 443 for TCP traffic, plus 51820 and 21820 for UDP WireGuard tunnels.These requirements ensure SSL provisioning, secure authentication, and reliable tunneling for your self-hosted services. Verify DNS propagation and firewall rules before running the installer.
How to Set Up Pangolin on a VPS (Linux)
This guide uses a fresh Ubuntu 24.04 instance from VPS.one. Their free subdomain option simplifies DNS setup for testing. Full control starts here. We will walk through each command with clear explanations, so beginners can follow along while pros skip ahead. Every step includes a verification point. Your deployment stays auditable and secure.
Step 1: Connect to Your VPS via SSH
Open your terminal and establish a secure shell session to your server. Replace your-ip with the actual IP address from your dashboard.
Type yes to confirm the fingerprint, then enter your root password. Connection established.
Step 2: Update System Packages
Refresh your package index and apply security updates before installing new software. This prevents dependency conflicts during deployment.
Wait for the process to finish. System ready.
Step 3: Configure the Firewall
Allow only essential traffic through UFW, the default Ubuntu firewall. This blocks unauthorized access while keeping Pangolin functional.
Verify that all required ports show as ALLOW.
Step 4: Download the Pangolin Installer
Fetch the official installation script directly from Pangolin's secure CDN. This script prepares your environment for Docker and container orchestration.
The script validates integrity before execution.
Step 5: Launch the Interactive Installer
Run the installer to begin the guided setup process. It detects your system configuration and prompts for deployment preferences.
Follow the on-screen prompts carefully. Next step: configuration.
Step 6: Configure Basic Settings
The installer asks for several key values. Enter them precisely to avoid rework.
- Edition. Select Community or Enterprise. Review feature differences first.
- Base Domain. Input your root domain like example.com. Note: VPS.one provides a free subdomain with every VPS order – find it in your billing panel after payment.
- Dashboard Domain. Press Enter for the default pangolin.example.com or customize it.
- Let's Encrypt Email. Provide a valid address for SSL certificates and admin recovery.
- Tunneling. Keep the default yes to install Gerbil for WireGuard tunnels. Disable only if you need a standard reverse proxy.
- SMTP. Choose No for initial setup. Enable later if you require email notifications.
- Confirm Installation. The installer pulls Docker images for Pangolin, Gerbil, and Traefik. This takes 2-3 minutes.
Containers start automatically. Deployment in progress.
Optional: When prompted about CrowdSec, select No for now. You can add intrusion prevention later once the core system is stable.
Step 7: Complete Post-Installation Setup
Open your browser and navigate to the URL shown in the installer output.
Create your admin account by entering an email and a strong password. Verify the address if SMTP is active. Account secured.
Next, create your first organization. Enter a name and optional description, then click "Create Organization". Your workspace is ready. Start adding services.
Your Self-Hosted Infrastructure Is Now Live
Pangolin on your VPS instance gives you a production-ready reverse proxy with encrypted WireGuard tunnels and automated SSL management. Zero manual certificate renewal. You control access, audit traffic, and expose services without opening risky ports on your router. Privacy preserved. Bookmark this guide for future deployments or team onboarding. When you need to scale, add organizations, configure SMTP, or enable CrowdSec — all from the same dashboard. Growth enabled. Your secure, self-hosted foundation starts now.
