Pangolin
Pangolin is an open-source, self-hosted identity-aware tunneled reverse proxy server featuring a sleek dashboard UI, designed to securely expose private resources across distributed networks without the need for opening inbound ports or dealing with complex firewall rules. It builds encrypted tunnels—often leveraging a user-space WireGuard client called Newt—to connect isolated services, supports HTTP/HTTPS as well as raw TCP/UDP traffic, automates SSL via Let’s Encrypt, enables load balancing, and integrates identity and access management with SSO, role-based access control, 2FA, temporary share links, OAuth2/OIDC integration, and more.
Open source alternative to:
Pangolin is an open-source, self-hosted, identity-aware tunneled reverse proxy server built to simplify secure access to private resources across distributed networks. Instead of requiring inbound ports, static IPs, or complicated firewall configurations, Pangolin establishes encrypted tunnels between isolated environments, making it easy to expose internal services securely to authorized users.
Core Functionality
Reverse Proxy with Tunnels
Pangolin sets up encrypted tunnels—powered by Newt, a user-space WireGuard implementation—to connect clients to servers. This allows services to be accessed from anywhere without directly exposing them to the public internet.Protocol Support
- HTTP and HTTPS reverse proxy
- Raw TCP and UDP tunneling
- Load balancing for high-availability or distributed deployments
Automatic SSL/TLS
Certificates can be automatically provisioned and renewed using Let’s Encrypt, ensuring encrypted communication without extra configuration overhead.
Identity and Access Management
Pangolin is identity-aware, meaning access is not just network-based but tied to user identities:
- Single Sign-On (SSO) integration with OAuth2/OIDC providers
- Role-Based Access Control (RBAC) to manage permissions at a granular level
- Two-Factor Authentication (2FA) for enhanced security
- Temporary Share Links for granting time-limited access to resources
- Centralized user and session management through its web dashboard
Dashboard and User Experience
Pangolin includes a modern, intuitive dashboard UI that makes it easy to:
- Configure tunnels and reverse proxy routes
- Monitor connection status, users, and activity logs
- Manage authentication, roles, and access policies
- Control SSL certificates and domains
This removes the need for manually editing configuration files and provides real-time visibility into system health and access control.
Use Cases
- Securely exposing internal development servers or APIs to collaborators
- Creating a distributed network of resources across multiple environments (on-prem, cloud, edge)
- Providing controlled access to internal dashboards, services, or databases without VPN complexity
- Lightweight alternative to traditional VPNs and access brokers
Why Pangolin?
Compared to traditional reverse proxies (like Nginx, Traefik) or VPN solutions, Pangolin offers a hybrid model:
- Simpler than VPNs – no client-side network routing needed
- More secure than plain reverse proxies – identity-aware, fine-grained access control
- Developer-friendly – automatic SSL and a clean dashboard
Categories:
Build with:
Sponsor Pangolin
Sponsor Pangolin on GitHub Sponsors
https://github.com/sponsors/fosrl