This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/jsiwks on 2025-01-30 16:38:06+00:00.
Hello everyone,
Less than a month ago, we released the first beta of Pangolin, a tunneled reverse-proxy server with access control, designed as a self-hosted alternative to Cloudflare Tunnels. Since then, we’ve received a great deal of positive feedback, along with valuable feature requests and bug reports. It’s a cliche at this point but we have been blown away with the support - thank you!
If you haven’t already, go check out DB Tech’s excellent introduction of Pangolin (YouTube).
Versions 1.0.0-beta.1 through beta.8 focused on critical hotfixes to ensure system stability. With beta.9, we’re starting to make more significant progress on our extensive list of core feature requests. Our goal is to exit the beta phase soon and launch the official 1.0.0 release.
TCP & UDP Support
Previously, Pangolin only supported tunneling HTTP and HTTPS traffic, similar to a Cloudflare Tunnel. Now, it allows you to proxy any TCP and UDP traffic through the system. This means you can route traffic to downstream services using the forwarded port on the server running Pangolin. For example, you can host a Minecraft server on your home network and seamlessly expose it to the public through a Newt tunnel — without needing to port forward port 25565 on your router.
Load Balancing
You can add multiple targets to a resource to enable load balancing for high availability. The reverse proxy will attempt to distribute requests in a round-robin fashion. Let us know if you’d be interested in load-balancing between Newt tunnels.
Other Notable Updates
- You can add a wildcard to the one-time code email whitelist to allow all users from a trusted domain, like:
*@example.com. - We released all containers on the Unraid CA Store.
Major Fixes
- We fixed the hanging and large file upload issue affecting some popular services like Overseerr, Immich, and Plex.
- HTTP-only (non-ssl) resources should now be functional and respect Pangolin’s authentication, though some browsers still don’t play nice.
What’s Next?
- Full multi-domain support with SSO across domains (beta.9 includes a refactor of our auth system to support this).
- Automated Crowdsec installation. For now, you can manually add Crowdsec by following this community created guide
- IP and path based rules for bypassing Pangolin’s auth. For example, allow anything from
/api/*to bypass authentication checks.
Submit issues here and feature requests here.
Come chat with us on Discord!
If you wish to support us: