GStars
    fosrl

    fosrl/pangolin

    Identity-aware VPN and proxy for remote access to anything, anywhere.

    devops
    authentication
    networking
    self-hosted
    crowdsec
    docker
    home-lab
    identity-management
    iot
    letsencrypt
    oidc
    proxy
    reverse-proxy
    single-sign-on
    traefik
    vpn
    wireguard
    zero-trust
    zero-trust-network-access
    ztna
    TypeScript
    NOASSERTION
    18.7K stars
    559 forks
    18.7K watching
    Updated 2/27/2026
    View on GitHub
    Backblaze Advertisement

    Loading star history...

    Health Score

    25.44

    Weekly Growth

    +0

    +0.0% this week

    Contributors

    1

    Total contributors

    Open Issues

    90

    Generated Insights

    About pangolin

    Discord Slack Docker Stars YouTube

    Start testing Pangolin at app.pangolin.net

    Pangolin is a self-hosted tunneled reverse proxy server with identity and context aware access control, designed to easily expose and protect applications running anywhere. Pangolin acts as a central hub and connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports or requiring a VPN.

    Installation

    Check out the quick install guide for how to install and set up Pangolin.

    Deployment Options

    Description
    Self-Host: Community EditionFree, open source, and licensed under AGPL-3.
    Self-Host: Enterprise EditionLicensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under $100K USD annually.
    Pangolin CloudFully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own remote node and connect to our control plane.

    Key Features

    Pangolin packages everything you need for seamless application access and exposure into one cohesive platform.

    Manage applications in one place

    Pangolin provides a unified dashboard where you can monitor, configure, and secure all of your services regardless of where they are hosted.
    Reverse proxy across networks anywhere

    Route traffic via tunnels to any private network. Pangolin works like a reverse proxy that spans multiple networks and handles routing, load balancing, health checking, and more to the right services on the other end.
    Enforce identity and context aware rules

    Protect your applications with identity and context aware rules such as SSO, OIDC, PIN, password, temporary share links, geolocation, IP, and more.
    Quickly connect Pangolin sites

    Pangolin's lightweight Newt client runs in userspace and can run anywhere. Use it as a site connector to route traffic to backends across all of your environments.

    Get Started

    Check out the docs

    We encourage everyone to read the full documentation first, which is available at docs.pangolin.net. This README provides only a very brief subset of the docs to illustrate some basic ideas.

    Sign up and try now

    For Pangolin's managed service, you will first need to create an account at app.pangolin.net. We have a generous free tier to get started.

    Licensing

    Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial License. For inquiries about commercial licensing, please contact us at [email protected].

    Contributions

    Please see CONTRIBUTING in the repository for guidelines and best practices.

    Discover Repositories

    Search across tracked repositories by name or description