Best Self-Hosted Secure Tunnels in 2026
Tools for creating secure, encrypted tunnels to expose local services or connect networks over the internet.
The top-rated pick is Pangolin with 19,686 GitHub stars.
2 self-hosted secure tunnels — ranked by GitHub stars. Browse all
Pangolin
Pangolin is an open-source, self-hosted identity-aware tunneled reverse proxy server featuring a sleek dashboard UI, designed to securely expose private resources across distributed networks without the need for opening inbound ports or dealing with complex firewall rules. It builds encrypted tunnels—often leveraging a user-space WireGuard client called Newt—to connect isolated services, supports HTTP/HTTPS as well as raw TCP/UDP traffic, automates SSL via Let’s Encrypt, enables load balancing, and integrates identity and access management with SSO, role-based access control, 2FA, temporary share links, OAuth2/OIDC integration, and more.
Cloudflare
Proxly
A self-hosted tunneling tool — like ngrok, but on your own domain. Expose local dev servers through subdomains on your VPS.
ngrokWhy self-host?
Self-hosting puts you in control. You own your data, avoid vendor lock-in, and eliminate recurring subscription costs. For teams handling sensitive data or operating under strict compliance requirements, running your own infrastructure is often the only viable option.
Want to compare all open source options including cloud-hosted ones? See the best open source secure tunnels →