Submit
Favicon of Pangolin

Pangolin

Create secure, identity-aware connections to any resource. Combines VPN and reverse proxy for browser or client-based access with granular, zero-trust controls.

Visit PangolinConfiguration

Pangolin provides a unified platform for secure remote access, built on the performance of WireGuard. It merges the capabilities of a VPN and a reverse proxy to give your team identity-aware access to any resource, whether it's a web application or a private server. This approach allows you to implement a zero-trust security model, moving away from traditional VPNs that grant broad network access.

It offers flexible ways to connect your users to the tools they need:

  • Browser-Based Access: Expose internal web applications securely through an identity-aware reverse proxy. It handles routing, load balancing, and automatic SSL certificates without exposing your network to the internet.
  • Client-Based Access: Provide direct, secure connections to private resources like SSH servers, databases, and RDP sessions using a lightweight client. Intelligent NAT traversal ensures connectivity even behind restrictive firewalls.
  • Site-to-Site Connectivity: Use lightweight connectors to securely link remote networks, making resources available for authorized access without requiring public IPs or open ports.

You can deploy it as a free, open-source self-hosted solution, opt for the enterprise edition, or use the fully managed Pangolin Cloud service for a quick setup.

Directory Structure

pangolin
config
.env
docker-compose.yml

docker-compose.yml

name: pangolin
services:
  pangolin:
    image: docker.io/fosrl/pangolin:latest # https://github.com/fosrl/pangolin/releases
    container_name: pangolin
    restart: unless-stopped
    volumes:
      - ./config:/app/config
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "10s"
      timeout: "10s"
      retries: 15

  gerbil:
    image: docker.io/fosrl/gerbil:latest # https://github.com/fosrl/gerbil/releases
    container_name: gerbil
    restart: unless-stopped
    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --reachableAt=http://gerbil:3004
      - --generateAndSaveKeyTo=/var/config/key
      - --remoteConfig=http://pangolin:3001/api/v1/
    volumes:
      - ./config/:/var/config
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    ports:
      - 51820:51820/udp
      - 21820:21820/udp
      - 443:443
      - 80:80

  traefik:
    image: docker.io/traefik:v3.6
    container_name: traefik
    restart: unless-stopped

    network_mode: service:gerbil # Ports appear on the gerbil service

    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --configFile=/etc/traefik/traefik_config.yml
    volumes:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs

networks:
  default:
    driver: bridge
    name: pangolin
    #enable_ipv6: true # activate if your system supports IPv6
Categories:
Reverse Proxy

Tags:

dashboardgoidentity-aware-proxyidentity-managementiotjavascriptnetworkingoidcpamprivate-accessproxyremote-accessreverse-proxysecurityself-hostedsingle-sign-onsshtailscaletunnelingtypescriptvpnwireguardzero-trustzero-trust-network-accessztna

Share:

Ad
Favicon

 

  
 

Similar to Pangolin

Favicon

 

  
  
Favicon

 

  
  
Favicon