| .github | ||
| bruno | ||
| cli | ||
| config | ||
| install | ||
| messages | ||
| public | ||
| server | ||
| src | ||
| test | ||
| .dockerignore | ||
| .editorconfig | ||
| .eslintrc.json | ||
| .gitignore | ||
| .nvmrc | ||
| .prettierrc | ||
| components.json | ||
| CONTRIBUTING.md | ||
| crowdin.yml | ||
| docker-compose.example.yml | ||
| docker-compose.pgr.yml | ||
| docker-compose.yml | ||
| Dockerfile.dev | ||
| Dockerfile.pg | ||
| Dockerfile.sqlite | ||
| drizzle.pg.config.ts | ||
| drizzle.sqlite.config.ts | ||
| esbuild.mjs | ||
| eslint.config.js | ||
| LICENSE | ||
| Makefile | ||
| next.config.mjs | ||
| package-lock.json | ||
| package.json | ||
| postcss.config.mjs | ||
| README.md | ||
| SECURITY.md | ||
| tsconfig.json | ||
Secure gateway to your private networks
Pangolin tunnels your services to the internet so you can access anything from anywhere.
Start testing Pangolin at pangolin.fossorial.io
Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
Key Features
Reverse Proxy Through WireGuard Tunnel
- Expose private resources on your network without opening ports (firewall punching).
- Secure and easy to configure site-to-site connectivity via a custom user space WireGuard client, Newt.
- Built-in support for any WireGuard client.
- Automated SSL certificates (https) via LetsEncrypt.
- Support for HTTP/HTTPS and raw TCP/UDP services.
- Load balancing.
Identity & Access Management
- Centralized authentication system using platform SSO. Users will only have to manage one login.
- Define access control rules for IPs, IP ranges, and URL paths per resource.
- TOTP with backup codes for two-factor authentication.
- Create organizations, each with multiple sites, users, and roles.
- Role-based access control to manage resource access permissions.
- Additional authentication options include:
- Email whitelisting with one-time passcodes.
- Temporary, self-destructing share links.
- Resource specific pin codes.
- Resource specific passwords.
- External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
- Auto-provision users and roles from your IdP.
Simple Dashboard UI
- Manage sites, users, and roles with a clean and intuitive UI.
- Monitor site usage and connectivity.
- Light and dark mode options.
- Mobile friendly.
Easy Deployment
- Run on any cloud provider or on-premises.
- Docker Compose based setup for simplified deployment.
- Future-proof installation script for streamlined setup and feature additions.
- Use any WireGuard client to connect, or use Newt, our custom user space client for the best experience.
- Use the API to create custom integrations and scripts.
- Fine-grained access control to the API via scoped API keys.
- Comprehensive Swagger documentation for the API.
Modular Design
- Extend functionality with existing Traefik plugins, such as CrowdSec and Geoblock.
- Automatically install and configure Crowdsec via Pangolin's installer script.
- Attach as many sites to the central server as you wish.
Deployment Options
Fully Self Hosted!
Host the full application on your own server on your network our on the cloud with a VPS. Take a look at the documentation to get started.
Many of our users have had a great experience with RackNerd. Depending on promotions, you can get a VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year. That's a great deal!
Pangolin Cloud
Easy to use with simple pay as you go pricing. Check it out here. Everything you get with self hosted Pangolin but managed for you.
Hybrid & HA
Managed control plane, your infrastructure
- We manage database and control plane
- You self-host lightweight exit-node
- Traffic flows through your infra
- Fail over to the cloud when things go bad
Enterprise
Contact us for HA distributed enterprise deployments
Project Development / Roadmap
View the project board for more detailed info.
We want to hear your your feature requests! Add them to the discussion board.
Licensing
Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us at numbat@fossorial.io.
Contributions
Looking for something to contribute? Take a look at issues marked with help wanted.
Please see CONTRIBUTING in the repository for guidelines and best practices.
Please post bug reports and other functional issues in the Issues section of the repository.