Pangolin

Pangolin

Website

Self-hosted secure tunneling and access gateway

RepositoryWebsite
17.8kstars
526forks
Last commit: 2d ago
Repo age: 2y old
Pangolin screenshot

Pangolin is a self-hosted secure access gateway designed to publish internal web apps and services without directly exposing your network. It focuses on simplifying tunneled publishing, centralizing access control, and providing an admin UI for managing endpoints and users.

Key Features

  • Secure tunneling to expose private services behind NAT/firewalls
  • Reverse-proxy style routing to multiple apps/services under one gateway
  • Identity-aware access controls for protected routes (authentication/authorization)
  • Web-based admin UI for managing services, users, and configuration
  • Designed for homelab and small-team deployments with straightforward setup

Use Cases

  • Publish homelab dashboards and internal tools to the internet with access control
  • Provide remote access to self-hosted business apps without opening inbound ports broadly
  • Create a single entry point for multiple internal services with centralized policy

Limitations and Considerations

  • Feature set and integrations may be less extensive than large, mature zero-trust platforms; validate required auth providers and policies before adopting.

Pangolin is a good fit when you want a single, manageable gateway to expose internal services via tunnels while keeping access policies centralized. It targets practical deployments where ease of operation and controlled access are more important than complex enterprise features.

Categories:

Network Security (VPN, Firewall, WAF)Remote Access & Remote DesktopEdge & Traffic (Reverse Proxy, Load Balancing, Web Servers)

Tags:

# Reverse proxy# Authentication# Kubernetes access gateway# HTTP security# Remote access# Custom Domains# rbac# Zero Trust Network Access (ZTNA)

Tech Stack:

D
Docker ComposeNode.jsNode.jsDockerDockerGoGoTypeScriptTypeScript
N
Nginx
Share:

Similar Services

Pi-hole

Pi-hole

Network-wide ad blocking via DNS sinkhole

55.1k
3k
Last commit: 1mo ago

DNS sinkhole that blocks ads, trackers, and malicious domains network-wide with a web dashboard, per-client controls, and optional DHCP/DNS features.

Alternative to:
NextDNS
NextDNS+1
CyberChef

CyberChef

The Cyber Swiss Army Knife for data analysis and decoding

33.7k
3.8k
Last commit: 5mo ago

Browser-based tool for decoding, encoding, encryption, and data analysis using a drag-and-drop “recipe” workflow for security, DFIR, and engineering tasks.

Alternative to:
CrackStation (online hash cracking/lookup)
CrackStation (online hash cracking/lookup)+4
AdGuard Home

AdGuard Home

Network-wide ads and tracker blocking via DNS

31.9k
2.2k
Last commit: 13d ago

Self-hosted DNS server with ad/tracker blocking, custom filtering, parental controls, encrypted DNS, and per-client statistics for home networks.

Alternative to:
NextDNS
NextDNS+1
Nginx Proxy Manager

Nginx Proxy Manager

Web UI for Nginx reverse proxy with Let's Encrypt SSL

30.9k
3.5k
Last commit: 1mo ago

Web-based reverse proxy manager for Nginx with hosts, streams, access lists, and automatic Let's Encrypt certificates via an easy admin UI.

Alternative to:
NGINX Plus
NGINX Plus+5
SafeLine

SafeLine

Self-hosted WAF for protecting web apps and APIs

20k
1.3k
Last commit: 2mo ago

SafeLine is an open-source web application firewall (WAF) that protects web apps and APIs from common attacks using HTTP traffic inspection, rules, and management UI.

Alternative to:
Cloudflare WAF
Cloudflare WAF+4
Teleport

Teleport

Identity-native infrastructure access for SSH, Kubernetes, RDP and DBs

19.6k
2k
Last commit: 23h ago

Open-source platform that provides unified, audited, identity-based access to servers, Kubernetes clusters, databases, and desktops without static credentials.

Alternative to:
Okta Advanced Server Access
Okta Advanced Server Access+2