←back to thread

Show HN: Pangolin – Open source alternative to Cloudflare Tunnels

(github.com)
478 points miloschwartz | 6 comments | 10 Jul 25 21:50 UTC | HN request time: 0.973s | source | bottom

Pangolin is an open source self-hosted tunneled reverse proxy management server with identity and access control, designed to securely expose private resources through encrypted WireGuard tunnels running in user space.

We made Pangolin so you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, all with a clean and simple dashboard web UI.

GitHub: https://github.com/fosrl/pangolin

Deployment takes about 5 minutes on a VPS: https://docs.fossorial.io/Getting%20Started/quick-install

Demo by Lawrence Systems (YouTube): https://youtu.be/g5qOpxhhS7M?si=M1XTWLGLUZW0WzTv&t=723

Some use cases:

  - Grant users access to your apps from anywhere using just a web-browser

  - Proxy behind CGNAT

  - One application load balancer across multiple clouds and on-premises

  - Easily expose services on IoT and edge devices for field monitoring

  - Bring localhost online for easy access
A few key features:

  - No port forwarding and hide your public IP for self-hosting

  - Create proxies to multiple different private networks

  - OAuth2/OIDC identity providers

  - Role-based access control

  - Raw TCP and UDP support

  - Resource-specific pin codes, passwords, email OTP

  - Self-destructing shareable links

  - API for automation

  - WAF with CrowdSec and Geoblocking
1. jz10 ◴[11 Jul 25 02:22 UTC] No.44527863[source]
I wish I'd found this project sooner. UI looks quite sleek!

I love working with CF Tunnels but I got frustrated with their lackluster web admin ux that I recently decided to have Claude whip up a quick terminal interface for it

replies(3): >>44527944 #>>44528046 #>>44529758 #
2. hammyhavoc ◴[11 Jul 25 02:40 UTC] No.44527944[source]
What do you find lacking in the web interface?
replies(1): >>44528079 #
3. ◴[11 Jul 25 03:03 UTC] No.44528046[source]
4. jz10 ◴[11 Jul 25 03:09 UTC] No.44528079[source]
Sounds a bit nitpicky now that I put it into words but most of my usage is just on the public hostnames panel which is about 3-4 levels deep from the dashboard. There is also a UI disconnect between this and the DNS records screen

I do this flow a number of times and the TUI I made solved this specific problem for me https://github.com/justingosan/tunnelman?tab=readme-ov-file#...

replies(1): >>44528301 #
5. jallmann ◴[11 Jul 25 04:06 UTC] No.44528301{3}[source]
Yes, this exactly - I wouldn't call it nitpicky, it is really buried in there. I understand Cloudflare has a ton of other products and features, but the discoverability for CF Tunnels really could be better.

Just checked and it's:

Dashboard home > Zero Trust > Networks > Tunnels > [tunnel] > Public Hostname

And if it ends up provisioning a new DNS record, I always have to remember to go back to the domain's DNS screen and label it with the tunnel.

In general I use a tiny silver of Cloudflare's capabilities; it would be nice if the primary dashboard could bubble up the parts that I do use.

6. mekster ◴[11 Jul 25 08:44 UTC] No.44529758[source]
You found it early enough. I guess it's not even 1 year old.