Pangolin provides secure, application-specific ingress to your applications through a network of nodes. Users connect to the closest node, which authenticates them and routes their requests through secure tunnels to your applications.

How It Works

1

User enters through node

DNS automatically routes users to the closest available regional node. A node is always available because the control plane fails over between nodes.
2

Authentication and authorization

The node verifies the user’s identity, checks access permissions, and applies context aware rules such as IP and path based filters, geoblocking, and rate limiting.
3

Secure tunnel routing

Authenticated requests are routed and flow through encrypted WireGuard tunnels to your applications with optional load balancing and failover for your backend servers.
4

Application delivery

Your applications receive the requests and respond through the same secure path.
Nodes provide a mesh of high availability - if one location goes down, traffic automatically routes to the next closest location.

Deployment Options

Pangolin Cloud

Large network of nodes with automatic failover and routing to your backend services. We host the Pangolin server for you.

Managed Self-hosted

Self-host your own Pangolin node with cloud coordination for high availability and automatic failover. Data always transits your servers.

Community Edition

Fully self-hosted, self-contained Pangolin server acting as a single node.

Learn More

Detailed information about nodes and high availability options.

Key Benefits

No Public IPs or Ports

Your applications can run on private networks without exposing ports.

Ingress Mesh

Users always connect to the closest available node.

Zero-Trust Security

Every request is authenticated and authorized before reaching your applications.

High Availability

Multiple nodes, failover, and load balancing between tunnels ensures there is always a way for users to access your applications.