About
How Pangolin Works
Learn about Pangolin’s architecture and how its components work together to provide secure application access
Pangolin provides secure, application-specific ingress to your applications through a network of points of presence. Users connect to the closest point of presence, which authenticates them and routes their requests through secure tunnels to your applications.
How It Works
1
User enters through point of presence
DNS automatically routes users to the closest available regional point of presence (PoP). A PoP is always available because the control plane fails over between PoPs.
2
Authentication and authorization
The point of presence verifies the user’s identity, checks access permissions, and applies context aware rules such as IP and path based filters, geoblocking, and rate limiting.
3
Secure tunnel routing
Authenticated requests are routed and flow through encrypted WireGuard tunnels to your applications with optional load balancing and failover for your backend servers.
4
Application delivery
Your applications receive the requests and respond through the same secure path.
Points of presence provide a mesh of high availability - if one location goes down, traffic automatically routes to the next closest location.
Deployment Options
Pangolin Cloud
Large network of points of presence with automatic failover and routing to your backend services.
Hybrid
Host your own multiple points of presence with cloud coordination and automatic failover. Data always transits yours servers.
Self-Hosted
Fully self-hosted, self-contained Pangolin server acting as a single point of presence.
Learn More
Detailed information about points of presence and high availability options.
Key Benefits
No Public IPs or Ports
Your applications can run on private networks without exposing ports.
Ingress Mesh
Users always connect to the closest available point of presence.
Zero-Trust Security
Every request is authenticated and authorized before reaching your applications.
High Availability
Multiple points of presence, failover, and load balancing between tunnels ensures there is always a way for users to access your applications.