azorius.vedetta.com

Any experience with Pangolin?
from robber@lemmy.ml to selfhosted@lemmy.world on 29 May 23:59
https://lemmy.ml/post/30881478

Hi fellow homelabbers! I hope your day / night is going great.

Just stubled across this self-hosted cloudflare tunnel alternernative called Pangolin.

Does anyone use it for exposing their homelab? It looks awesome, but I’ve never heard of it before.
Should I be reluctant since it’s developed by a US-based company? I mean security-wise. (I’ll remove this question if it’s too political.)
Does anyone know of alternatives pieces or stacks or software that achieve the same without relying on cloudflare?

Your insights are highly appreciated!

#selfhosted

threaded - newest

nimmo@social.nimmog.uk on 30 May 00:13 next collapse

I've seen lots of talk about headscale, an open source tailscale which allows you to create your own tailnet and I'm sure I've seen people talking about using tailscale as a reverse proxy tool, but it's not something I've explored in detail.

Pangolin is somewhat higher on my list of things to explore than headscale though.

If you're looking for a reverse proxy caddy and Traefik are also widely used.

With all of these solutions though you're going to need to have some online provider somewhere handling DNS for you so that you can have your domains be pointed to your IP address.

Blaster_M@lemmy.world on 30 May 01:58 next collapse

I have yet to get headscale to work with my system. No turnkey setup, instructions that lack clarity, and in the end… idk how it’s supposed to do the thing.

lepinkainen@lemmy.world on 30 May 03:06 next collapse

Then you can just go with Tailscale, it’s 100% turnkey and just works. Even better when combined with NextDNS

YodaDaCoda@aussie.zone on 30 May 04:37 collapse

I did manage to get it to work, but I recall it took me a while. I have several devices connected to it now though. I’m keenly looking forward to the autogroup:self ACL support so I can set up sensible ACLs and share my net with some mates - I only have my own devices on it right now.

Anything I can share that might help your understanding?

Blaster_M@lemmy.world on 30 May 11:29 collapse

Every system I can run headscale on I need to do it via an nginx reverse proxy

YodaDaCoda@aussie.zone on 30 May 23:23 collapse

Yes you need a way to expose it over https. A reverse proxy is easiest. I use Caddy.

YodaDaCoda@aussie.zone on 30 May 04:45 next collapse

I think Pangolin works a bit differently… Correct me if I’m wrong…

Where headscale is a coordination server for a wireguard mesh, pangolin is a reverse proxy server that connects to the backend services via wireguard tunnels

nimmo@social.nimmog.uk on 30 May 07:34 collapse

That's likely true.

The first I heard of Pangolin was in a conversation that followed on from one about head/tailscale and I accept that I may have jumped to a conclusion. I am certain I've seen people talking about using it as a reverse proxy tool. Just found a blog post on the tailscale site talking about how to do it and they're using tailscale and caddy, rather than everything being handled by tailscale alone, so I'll accept that I'm wrong on this one. https://tailscale.com/blog/last-reverse-proxy-you-need

nick_99@sh.itjust.works on 30 May 10:35 collapse

I love headscale. I use it for subnet routing. I have a server in the cloud with NGINX for reverse proxy and the a subnet router at home that just routes internal stuff so I just use the local IP for the backend service and it just works.

aksdb@lemmy.world on 30 May 02:08 next collapse

Pangolin is the most user friendly self hosted alternative to Cloudflare tunnels. There are dozens alternatives, but none with that feature set and such a UI.

robber@lemmy.ml on 30 May 06:33 collapse

Thanks for the list! Do you use Pangolin yourself?

aksdb@lemmy.world on 30 May 06:40 collapse

No, since at the moment it wants to manage certificates, but I don’t intend to run pangolin as my main reverse proxy.

Bort@hilariouschaos.com on 30 May 03:53 next collapse

I just switched from cloudflare to pangolin on a racknerd vps. I’m really liking it so far. Very easy to configure. I’ve got three different domains, and a ton of subdomains pointing to different services running on two servers on my lan. I’m loving the authentication, crowdsec, and geoblock features. The community guide for the metrics broke my system (and I didn’t backup any of the yaml files) but I was able to wipe everything and get it up again in about 30 minutes. I have my jellyfin bypassing the pangolin authentication for a few specific IPs so that my relatives can stream to their firesticks. I highly recommend it.

nick@midwest.social on 30 May 06:27 next collapse

Using pangolin to serve a bunch of services from my homelab. It’s great.

dfense@lemmy.world on 30 May 08:00 next collapse

Using it for several weeks now. Very happy with it, especially now that it is integrated with OAuth, so SSO for getting through Pangolin itself and then on all the services it routes to.

robber@lemmy.ml on 30 May 11:47 collapse

That sounds awesome! No issues at all so far?

dfense@lemmy.world on 01 Jun 08:10 collapse

None so far. And I am using pretty much all the features.

It is also great for my current migration from docker compose to kubernetes.

A newt client on both and I can just switch on the pangolin side.

mmhmm@lemmy.ml on 30 May 21:36 collapse

Pangolin is my next homelab project. I can’t wait to give it a go. If anyone has any advise or guides it’d be appreciated

I don’t know of alternatives

Pangolin, while u.s. based does not appear to serve the state of its interests

I am not aware of a direct peer, but tailscale, a bastion hosting a direct VPN or remote reverse proxy to your homelab are all similar. Pangolin seemingly combines the best and more of these scenarios

mosiacmango@lemm.ee on 31 May 01:25 collapse

Lawerence systems has a recent video that is pretty indepth.