Skip to content

Instantly share code, notes, and snippets.

@wrmack

wrmack/pangolin.md

Created April 5, 2026 21:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save wrmack/620f5609ffa738a03cf5cca93f66e56c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save wrmack/620f5609ffa738a03cf5cca93f66e56c to your computer and use it in GitHub Desktop.
Download ZIP
Serving home videos over the internet using Pangolin and Jellyfin
Raw
pangolin.md

Pangolin on an EC2 instance

Steps I took to setup Pangolin on an AWS EC2 instance to access my home videos on an external drive attached to a Macbook Pro.

My setup at the start

VPS (virtual private server)

  • an AWS EC2 instance running Amazon Linux 2023
  • domain "wrmack.com" obtained through AWS Route 53; I had generated records for subdomains used for accessing different apps
  • nginx reverse proxy server

Home

  • Macbook Pro
  • digitised VHS videos on external hard drive

Installing Pangolin on the EC2 instance

curl -fsSL https://static.pangolin.net/get-installer.sh | bash
sudo ./installer
  • answered all questions in line with the quick install guide
  • visited the Pangolin dashboard at https://pangolin.wrmack.com
  • created an organisation which I called "Home server"
  • created a site which I called "Home videos", having a connection type of "Wireguard" (not newt)
  • this site generated the following credentials:
[Interface]
Address = 100.89.128.4/30
ListenPort = 51820
PrivateKey = ••••••••••••••••••••••••••••••••••••••••••••

[Peer]
PublicKey = x4TxmrRZCF01l7jygghJIxMa1h3GylhJk0Lulj2xQ3I=
AllowedIPs = 100.89.128.1/32
Endpoint = pangolin.wrmack.com:51820
PersistentKeepalive = 5
  • created a public resource for this site which I called "Home videos" with a target http://100.89.128.8:8096 and an url: home.wrmack.com
    • this ip address is within the allowed range of ips in the Peer section above
    • the port 8096 is the port that Jellyfin, on my home Macbook Pro, listens on

Configuring wireguard on Macbook Pro

Installed wireguard-tools using brew (don't download the app)

brew install wireguard-tools

Created configuration for wireguard interface:

sudo nano /usr/local/etc/wireguard/wg0.conf

[Interface]
Address = 100.89.128.8/30
ListenPort = 51820
PrivateKey = [as for generated above by Pangolin]

[Peer]
PublicKey = x4TxmrRZCF01l7jygghJIxMa1h3GylhJk0Lulj2xQ3I=
AllowedIPs = 100.89.128.1/32
Endpoint = pangolin.wrmack.com:51820
PersistentKeepalive = 5
  • then:
wg-quick up wg0
  • on macos this creates a tunnel interface with a name like utunx
ifconfig
# Prints:
...
utun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
	inet 100.89.128.8 --> 100.89.128.8 netmask 0xfffffffc
...

I already had Jellyfin installed and running on my Macbook Pro and could now access it by going to https://home.wrmack.com

My VHS videos were digitised at 720p and streamed well using this setup. Videos digitised at 1080p struggled a bit with buffering.

Replacing nginx

Serving my existing apps using Pangolin (with Traefik) and not nginx was fairly straight-forward. I created a site with the 'local' connector. Then created a public resource for each app. Each app had a docker-compose file which traefik works well with.

The target for each app was 172.17.0.1:[port for app]. The ip 172.17.0.1 is the ip of the docker0 network interface.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment