As remote access security becomes a top priority, the need for self-hosted solutions that ensure full control over infrastructure is growing. Pangolin is a tunneled reverse proxy server designed to securely expose private resources without opening ports, offering a zero-trust alternative to Cloudflare Tunnels. By leveraging encrypted WireGuard tunnels, Pangolin provides seamless connectivity across distributed networks while maintaining robust access control.

Secure Connectivity with WireGuard Tunnels

Pangolin eliminates the need for port forwarding by using encrypted WireGuard tunnels, allowing private resources to be securely exposed without compromising network security. It supports Newt, a user-space WireGuard client, for simplified connectivity between isolated sites and a central server.

Key features include:

Reverse proxy for HTTP, HTTPS, TCP, and UDP traffic.
Automated SSL certificates via Let’s Encrypt.
Load balancing for efficient traffic distribution.
Seamless integration with any WireGuard client, optimized for Newt.

This design significantly reduces security risks while simplifying network administration.

Advanced Identity & Access Management

Pangolin features centralized authentication and granular access control, ensuring only authorized users can reach protected resources.

Single Sign-On (SSO) for streamlined authentication.
Role-based access control with permissions per user, IP range, or URL path.
Two-factor authentication (TOTP) with backup codes.
Additional authentication methods, including:
- Email whitelisting with one-time passcodes.
- Temporary self-destructing access links.
- Resource-specific PIN codes and passwords.

With these features, Pangolin ensures that security policies remain tight and customizable, protecting sensitive infrastructure from unauthorized access.

User-Friendly Management Dashboard

Pangolin comes with an intuitive web-based dashboard that simplifies site, user, and access management.

Real-time monitoring of tunnel status and connectivity.
Dark and light mode support.
Mobile-friendly UI for remote administration.

This interface removes the need for complex manual configurations, making secure remote access more accessible to both IT professionals and businesses.

Pangolin: A Secure and Self-Hosted Alternative to Cloudflare Tunnels | pangolin collage — Pangolin: A Secure and Self-Hosted Alternative to Cloudflare Tunnels

Flexible Deployment for Cloud or On-Premises

Pangolin is designed for fast and easy deployment using Docker Compose, allowing for smooth setup on local servers or cloud environments.

Example Docker Compose configuration:

services:
  pangolin:
    image: fosrl/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
    ports:
      - "443:443"
    volumes:
      - pangolin_data:/data

With a modular architecture, multiple private sites can connect to a single central server, simplifying the management of distributed infrastructure.

Use Cases for Pangolin

Pangolin is ideal for various scenarios requiring secure remote access without modifying firewall settings.

Home Labs without Port Forwarding: Securely expose local servers without router modifications.
IoT Network Management: Connect distributed IoT devices to a central access point.
Enterprise and Corporate Networks: Securely manage remote access without relying on third-party services.

A Self-Hosted Alternative to Cloudflare Tunnels

Unlike Cloudflare Tunnels, Pangolin is fully self-hosted, providing users with full control over their infrastructure. It avoids vendor lock-in while offering similar features, making it a powerful alternative for organizations prioritizing privacy and security.

Pangolin also draws inspiration from Authentik and Authelia, incorporating robust authentication and identity management solutions to enhance security.

Latest Updates & Roadmap

With the 1.0.0 release, Pangolin introduces major enhancements:

Support for multiple domains.
New access control rules based on IP, CIDR, and URL paths.
Automated CrowdSec integration for added security.

Future development plans include:

LDAP and Google authentication support.
Built-in VPN hub functionality with NAT hole-punching.
More advanced proxy configuration options.

Conclusion

Pangolin is an effective and flexible solution for secure remote access, eliminating reliance on third-party cloud services like Cloudflare Tunnels.

Its emphasis on security, authentication, and ease of deployment makes it a valuable tool for IT professionals, businesses, and individuals seeking full control over their network infrastructure.

For more details, visit the Pangolin GitHub repository.

X (Twitter) Facebook Pinterest LinkedIn Email WhatsApp

Pangolin: A Secure and Self-Hosted Alternative to Cloudflare Tunnels

Secure Connectivity with WireGuard Tunnels

Advanced Identity & Access Management

User-Friendly Management Dashboard

Flexible Deployment for Cloud or On-Premises

Use Cases for Pangolin

A Self-Hosted Alternative to Cloudflare Tunnels

Latest Updates & Roadmap

Conclusion

Related articles

Comparing 7G vs 8G Firewalls on Linux Servers with xCloud.host: Which Is the Right Choice?

Microsoft Unveils Majorana 1: A Quantum Computing Breakthrough

The Unwritten Rules of Terminal Programs: A Guide to Consistent Behavior

APTRS: The open-source platform revolutionizing penetration testing reports and project management

Stalwart Mail Server: A Secure and Modern All-in-One Mail Solution

The shutdown command in GNU/Linux: Complete control over system power management

What are dns servers: examples that can be found

Redox: A revolutionary Microkernel-Based Operating System built with Rust

Linux Kernel 6.10 released: Exploring new security features

RunCloud Changelog – March 13, 2025: New PHP and Apache Updates, Enhanced Navigation