Email Us |TEL: 050-1720-0641 | LinkedIn | Daily Posts

Pangolin

This is a self-hosted tunneled reverse proxy platform. It is designed to give users and organizations full control over securely exposing private resources to the internet, it is an alternative to proprietary solutions like Cloudflare Tunnels. It uses encrypted tunnels, centralized identity management, and fine-grained access controls. It lets users manage their infrastructure with flexibility.

As a self-hosted reverse proxy management server it leverages encrypted WireGuard tunnels to expose internal resources to the public internet without the need to open ports on your firewall. It is built for users who want to maintain sovereignty over their data and network, avoiding reliance on third-party tunnel providers. The platform has a web dashboard for configuration, and access management capabilities.

Feature

The architecture centers on three main components, the Pangolin server, the Newt WireGuard tunnel client, and integrations with tools like Traefik and Gerbil. The server manages authentication, authorization, and proxy rules, while Newt establishes secure tunnels from your private network to the Pangolin server. Gerbil, written in Go, simplifies WireGuard interface management, and Traefik acts as the reverse proxy and load balancer.

It supports multiple base domains and you can now manage several domains through a single Pangolin instance, with single sign-on (SSO) across all managed resources. This is particularly useful for organizations with diverse user groups or multiple projects.

Access rules are customizable. Administrators can define permissions based on IP addresses, IP ranges, URL paths, and even allow or bypass authentication for specific request origins. This flexibility helps in scenarios such as granting passwordless access from trusted networks while requiring authentication elsewhere.

The platform also supports automated SSL certificate provisioning via Let’s Encrypt, making sure all exposed resources are encrypted by default. Additional security features include temporary, self-destructing shareable links, resource-specific PIN codes, and optional two-factor authentication (2FA) for user accounts.

Installation and Setup

Setting up Pangolin is pretty straightforward, with a guided installation process and Docker-based deployment. During installation, users specify their base domain, dashboard domain, and administrative credentials. The installer then deploys the necessary Docker containers: Pangolin, Gerbil, and Traefik.

Once the server is running, users log in to the Pangolin dashboard, create an organization, and define “sites”—which represent servers or networks hosting private applications. The Newt client is then configured on each site using credentials generated by the dashboard. This client establishes the encrypted tunnel to the Pangolin server, enabling secure exposure of resources.

Adding a resource is is basic defining its name, subdomain, and local network address. Pangolin automatically handles DNS, SSL, and access controls. By default, all exposed resources are protected by authentication, but administrators can tailor access methods per resource, choosing from username/password, single password, PIN code, or any combination, with optional 2FA.

Use Cases

This is ideal for anyone needing to expose private applications or services securely, whether for remote work, development, or sharing with trusted users.

For Example:

• Home lab exposing dashboards, media servers, or IoT devices without opening firewall ports.
• Small businesses providing remote access to internal tools, CRMs, or file servers.
• Enterprises managing multiple domains and user groups, with strict access policies and audit requirements.
• Developers and IT teams needing temporary, secure access for collaborators or clients.

The flexibility and control make it great for both simple and complex deployments, from single-server home setups to multi-site organizational networks.

Open Source and Licensing

This is open source and available for free, with its codebase hosted on GitHub under the fosrl/pangolin repository. The project is maintained by Fossorial, and a Supporter Program exists to help fund ongoing development, all core features remain open and accessible to the community. This open-source approach keeps transparency, security, and the ability for users to audit and contribute to the project’s evolution.

Why Use it?

Its a combination of self-hosted control, security, and ease of use. Running your own tunnel server, you eliminate third-party dependencies and potential privacy concerns. The platform’s dashboard, automated SSL, and granular access controls make it good for newcomers while giving flexibility.

Support for multiple domains, SSO, and integration with industry-standard tools like WireGuard and Traefik means Pangolin can scale with your needs.

It is something worth looking at: https://fossorial.io/