←back to thread

Show HN: Pangolin – Open source alternative to Cloudflare Tunnels

(github.com)
478 points miloschwartz | 1 comments | 10 Jul 25 21:50 UTC | HN request time: 0.204s | source

Pangolin is an open source self-hosted tunneled reverse proxy management server with identity and access control, designed to securely expose private resources through encrypted WireGuard tunnels running in user space.

We made Pangolin so you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, all with a clean and simple dashboard web UI.

GitHub: https://github.com/fosrl/pangolin

Deployment takes about 5 minutes on a VPS: https://docs.fossorial.io/Getting%20Started/quick-install

Demo by Lawrence Systems (YouTube): https://youtu.be/g5qOpxhhS7M?si=M1XTWLGLUZW0WzTv&t=723

Some use cases:

  - Grant users access to your apps from anywhere using just a web-browser

  - Proxy behind CGNAT

  - One application load balancer across multiple clouds and on-premises

  - Easily expose services on IoT and edge devices for field monitoring

  - Bring localhost online for easy access
A few key features:

  - No port forwarding and hide your public IP for self-hosting

  - Create proxies to multiple different private networks

  - OAuth2/OIDC identity providers

  - Role-based access control

  - Raw TCP and UDP support

  - Resource-specific pin codes, passwords, email OTP

  - Self-destructing shareable links

  - API for automation

  - WAF with CrowdSec and Geoblocking
1. nirav72 ◴[11 Jul 25 23:11 UTC] No.44537732[source]
Great seeing Pangolin posted on Show HN. I just got pangolin installed and configured this afternoon on a VPS. With Newt running locally on a cheap mini-pc to establish wireguard tunnel. It was a fairly easy process. Watched couple of videos on YT and then went through the well documented procedure on their site. So far everything seems to be working. I currently only have couple of apps exposed. Plus a private relay for Rustdesk. All working great. Plan on exposing/moving stuff off CF in the coming days. Once I lock down my home network and isolate stuff on separate VLANs.

While CF tunnels were nice and solved my ISP imposed issue with exposing ports via their crappy fiber gateway for couple of years. But I wanted more control. Specifically control over what I can expose without worrying about violating cloudflare’s TOS and ambiguity around media streaming. (Jellyfin/Emby).