explaingit

fosrl/pangolin

Analysis updated 2026-06-21

20,606TypeScriptAudience · ops devopsComplexity · 4/5LicenseSetup · hard

TLDR

Pangolin is a self-hosted remote access platform that lets you securely reach private servers, databases, and web apps from anywhere using WireGuard tunnels and zero-trust access control, with no open firewall ports required.

Mindmap

mindmap
  root((repo))
    What it does
      Remote access
      Zero-trust control
      Reverse proxy
      WireGuard tunnels
    Key Features
      No open ports needed
      Browser-based access
      Auto SSL certs
      Load balancing
    Access Control
      Role-based RBAC
      External identity
      Per-resource rules
    Deployment
      Self-hosted CE
      Enterprise Edition
      Managed cloud
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Expose a home server or self-hosted web app to the internet securely without opening firewall ports.

USE CASE 2

Give team members zero-trust access to specific internal services like databases or SSH hosts without a full VPN.

USE CASE 3

Replace a traditional VPN with per-resource access control so users only reach the services they need.

USE CASE 4

Connect multiple private network sites together with outbound-only WireGuard tunnels through restrictive firewalls.

What is it built with?

TypeScriptWireGuard

How does it compare?

fosrl/pangolinpavlobu/deskreencoze-dev/coze-studio
Stars20,60620,61920,700
LanguageTypeScriptTypeScriptTypeScript
Setup difficultyhardeasyhard
Complexity4/52/54/5
Audienceops devopsgeneraldeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a VPS with a public IP for the server component, multiple infrastructure pieces including WireGuard must be configured before first access.

Community Edition is AGPL-3.0, any distributed or network-served version must be open source. Enterprise Edition is free for personal use and businesses under $100K annual revenue.

In plain English

Pangolin is an open source, identity-based remote access platform built on WireGuard. It combines reverse proxy and VPN capabilities into a single platform, providing both browser-based access to web applications and client-based access to private network resources like SSH servers, databases, RDP, and entire network ranges. NAT traversal allows connections through restrictive firewalls without requiring public IP addresses or open ports. Key features include site connectors that create gateways into private networks using outbound tunnels, browser-based reverse proxy access where users authenticate through a web browser without installing any client software, automatic SSL certificates, load balancing and health checking, and DNS aliases for friendly resource names. Access control uses a zero-trust model with role-based access control (RBAC), allowing administrators to grant users access to specific resources rather than entire networks. External identity providers can be connected alongside the built-in user management. It is available as a fully managed cloud service at app.pangolin.net, as a self-hosted Community Edition (AGPL-3 licensed), and as a self-hosted Enterprise Edition (Fossorial Commercial License, free for personal use and businesses under $100K annual revenue). Client apps are available for Mac, Windows, Linux, iOS, and Android.

Copy-paste prompts

Prompt 1
I want to self-host Pangolin to securely access my home server from anywhere. Walk me through the initial setup on a VPS including the WireGuard tunnel configuration.
Prompt 2
How do I add a new site connector in Pangolin to expose an SSH server on my private network without opening any inbound firewall ports?
Prompt 3
I want to set up role-based access control in Pangolin so one user can reach the web app but not the database. How do I configure that?
Prompt 4
How do I connect an external identity provider like Google OAuth to Pangolin for team authentication instead of using the built-in user management?

Frequently asked questions

What is pangolin?

Pangolin is a self-hosted remote access platform that lets you securely reach private servers, databases, and web apps from anywhere using WireGuard tunnels and zero-trust access control, with no open firewall ports required.

What language is pangolin written in?

Mainly TypeScript. The stack also includes TypeScript, WireGuard.

What license does pangolin use?

Community Edition is AGPL-3.0, any distributed or network-served version must be open source. Enterprise Edition is free for personal use and businesses under $100K annual revenue.

How hard is pangolin to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is pangolin for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub fosrl on gitmyhub

Verify against the repo before relying on details.