Homelab / Self-Hosted

Pangolin

Reverse Proxy & Remote Access

Reverse Proxy & Remote Access

Pangolin is a modern, security-first remote access platform. Unlike traditional reverse proxies, it combines the power of Traefik with the security of WireGuard to create a seamless, encrypted tunnel for accessing internal services without exposing them directly to the public internet.

Key Features

  • Automated SSL/TLS: Integrated Let’s Encrypt support via Traefik for automatic certificate management.
  • WireGuard Integration: Provides a built-in VPN capability, allowing for secure “on-the-go” access to the home lab.
  • Access Control Lists (ACLs): Granular control over which users or devices can access specific internal applications.
  • Single Sign-On (SSO): Supports modern authentication providers to add an extra layer of security before reaching the backend.
  • Intuitive Dashboard: A clean UI for managing hosts, certificates, and tunnels without manually editing YAML files.
  • Docker-Native: Built to run as a container, making it easy to deploy and scale within a Proxmox or Docker environment.

Why I Use It

I use Pangolin as the primary gateway to my home lab because it prioritizes the “Principle of Least Privilege.” By leveraging WireGuard tunnels rather than just opening ports, I can ensure that my self-hosted services—like Wazuh or Nextcloud—are accessible to me from anywhere in the world without being visible to malicious scanners on the open web.

It serves as a critical component of my “Defense in Depth” strategy, providing both encryption in transit and robust identity verification.


Links: Official Site