Jump to content

Pangolin Self-Hosted Reverse Proxy Service: Difference between revisions

From Consumer Rights Wiki
← Older edit
VisualWikitext
Add article
No edit summary
 
(One intermediate revision by the same user not shown)
Line 5: Line 5:
|Logo=Pangolin.png
|Logo=Pangolin.png
|Website=https://pangolin.net/
|Website=https://pangolin.net/
|Description=Identity-aware VPN and tunneled reverse proxy for remote access based on WireGuard®.
|Description=Identity-based reverse proxy and zero-trust remote access platform based on WireGuard®.
}}
}}
{{Ph-C-Int}}
{{Ph-C-Int}}
==Consumer-impact summary==


==Consumer-impact summary==
{{Ph-C-CIS}}
{{Ph-C-CIS}}
Pangolin is a self-hosted open-source reverse proxy and identity-aware tunneling platform.
While the core project remains GPL-licensed and self-hostable, recent releases introduce a consistent pattern where major new features are delivered in Enterprise or Cloud tiers rather than the Community Edition.
This has resulted in a widening gap between the self-hosted version and paid deployments, particularly in identity management, infrastructure tooling, and remote access capabilities.


Pangolin is a self-hosted, open-source reverse proxy and remote access platform positioned as an alternative to services such as Cloudflare Tunnels.
==Feature gating by release (CE vs Enterprise divergence)==
{| class="wikitable"
|-
! Release !! Feature Area !! Community Edition (Self-Hosted) !! Enterprise / Cloud Edition !! Source
|-
| 1.19.0
| Enterprise-gated remote access  
|
* Standard client-based access only (Requires local client software)
|
* Browser-based SSH
* Browser-based RDP
* Browser-based VNC
| https://github.com/fosrl/pangolin/releases/tag/1.19.0
|-
| 1.18.0
| Infrastructure platform features
|
* Standard single-site routing
* Exact-match resources only
* Basic standard logging
|
* Multi-site routing
* Wildcard resources
* System monitoring
* Audit logging
| https://github.com/fosrl/pangolin/releases/tag/1.18.0
|-
| 1.17.0
| RBAC and access control scaling
|
* Single role per user
* Basic identity provider mapping
|
* Multiple roles per user (Multi-role RBAC)
* Advanced identity provider mapping
* Tier-based access separation
| https://github.com/fosrl/pangolin/releases/tag/1.17.0
|-
| 1.13.0
| Identity and network model expansion
|
* Standard tunneling only
* No private resources
* No device-based access policies
|
* Private resources integration
* Device-based access model
| https://github.com/fosrl/pangolin/releases/tag/1.13.0
|}


While the core software remains available under an open-source license, development has increasingly shifted toward a multi-tier model consisting of Community Edition (self-hosted OSS core) and Enterprise/Cloud editions (managed and extended feature sets).
==Timeline of feature divergence==


As a result, the Community Edition increasingly functions as a baseline version, while many newer platform-level features are delivered primarily in Enterprise or Cloud tiers.
===1.19.0 – Enterprise-gated remote access===
Browser-based SSH, RDP, and VNC were introduced and explicitly documented as Cloud/Enterprise-only features.


==Community Edition vs Enterprise Feature Drift==
'''Features Excluded from GPL (Community Edition):'''
* Browser-based SSH
* Browser-based RDP
* Browser-based VNC


{| class="wikitable"
Source: https://github.com/fosrl/pangolin/releases/tag/1.19.0
|-
Docs: https://docs.pangolin.net/manage/ssh
 
===1.18.0 – Infrastructure platform features===
Introduced multi-site routing, wildcard resources, monitoring, and audit logging, moving the project toward infrastructure orchestration functionality.
 
'''Features Excluded from GPL (Community Edition):'''
* Multi-site routing
* Wildcard resources
* Monitoring tooling
* Audit logging
 
Source: https://github.com/fosrl/pangolin/releases/tag/1.18.0
 
===1.17.0 – RBAC and access control scaling===
Expanded RBAC to support multiple roles per user and improved identity provider mapping. This release establishes the foundation for tier-based access separation.


! Feature / Capability !! Community Edition (Self-Hosted) !! Enterprise / Cloud Edition !! Notes / First Appearance
'''Features Excluded from GPL (Community Edition):'''
Core reverse proxy / tunneling
* Support for multiple roles per user
-
* Advanced identity provider mapping
Identity-aware access control
-
Role-based access control (RBAC)
-
Multi-site routing / HA features
-
Wildcard resources
-
Private resource HTTPS management
-
Alerting / uptime monitoring
-
Admin / action logs
-
Browser-based SSH
-
Browser-based RDP
-
Browser-based VNC
-
Integrated SSH system
-
Onboarding / hosted control plane
-
User limits / licensing scale
}


==Consumer-impact summary (continued)==
Source: https://github.com/fosrl/pangolin/releases/tag/1.17.0


The Community Edition remains functional for basic self-hosted tunneling, but receives fewer major feature additions over time compared to Enterprise and Cloud offerings.
===1.13.0 – Identity and network model expansion===
Introduced private resources and a device-based access model, expanding Pangolin beyond simple tunneling into structured identity-based networking.  


For users adopting Pangolin specifically as a self-hosted alternative to commercial tunnel platforms, this results in a widening gap between expected feature parity and actual Community Edition capabilities.
'''Features Excluded from GPL (Community Edition):'''
* Private resources
* Device-based access model


==See also==
Source: https://github.com/fosrl/pangolin/releases/tag/1.13.0
{{Ph-C-SA}}


Open-core software model
==Consumer impact==
Self-hosted software
The Community Edition continues to provide core tunneling functionality, but newer releases increasingly restrict major platform features to Enterprise or Cloud tiers.
WireGuard
The result is a structured divergence between:
Cloudflare Tunnels
Twingate


==References==
* Community Edition: base self-hosted tunneling system
{{reflist}}
* Enterprise/Cloud: full feature platform with advanced identity, infrastructure, and remote access tooling


[[Category:Pangolin]]
==See also==
* Open-core software model
* Self-hosted infrastructure platforms
* WireGuard
* Cloudflare Tunnels
* Twingate

Latest revision as of 00:22, 13 June 2026

Pangolin Self-Hosted Reverse Proxy Service
Basic Information
Release Year
Product Type
In Production Yes
Official Website https://pangolin.net/


An introductory paragraph starting with "Pangolin Self-Hosted Reverse Proxy Service is a ...[1]". When writing the article, insert text in the space below this box, and then delete this tip box (and the other tip boxes below). In the visual editor, just click on a box and press backspace to delete it. In the source editor, simply delete the double curly brackets, and the text inside them.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


Consumer-impact summary

[edit | edit source]

Overview of concerns that arise from the conduct towards users of the product (if applicable):

  • User freedom
  • User privacy
  • Business model
  • Market control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


Pangolin is a self-hosted open-source reverse proxy and identity-aware tunneling platform. While the core project remains GPL-licensed and self-hostable, recent releases introduce a consistent pattern where major new features are delivered in Enterprise or Cloud tiers rather than the Community Edition. This has resulted in a widening gap between the self-hosted version and paid deployments, particularly in identity management, infrastructure tooling, and remote access capabilities.

Feature gating by release (CE vs Enterprise divergence)

[edit | edit source]
Release Feature Area Community Edition (Self-Hosted) Enterprise / Cloud Edition Source
1.19.0 Enterprise-gated remote access
  • Standard client-based access only (Requires local client software)
  • Browser-based SSH
  • Browser-based RDP
  • Browser-based VNC
 https://github.com/fosrl/pangolin/releases/tag/1.19.0
1.18.0 Infrastructure platform features
  • Standard single-site routing
  • Exact-match resources only
  • Basic standard logging
  • Multi-site routing
  • Wildcard resources
  • System monitoring
  • Audit logging
 https://github.com/fosrl/pangolin/releases/tag/1.18.0
1.17.0 RBAC and access control scaling
  • Single role per user
  • Basic identity provider mapping
  • Multiple roles per user (Multi-role RBAC)
  • Advanced identity provider mapping
  • Tier-based access separation
 https://github.com/fosrl/pangolin/releases/tag/1.17.0
1.13.0 Identity and network model expansion
  • Standard tunneling only
  • No private resources
  • No device-based access policies
  • Private resources integration
  • Device-based access model
 https://github.com/fosrl/pangolin/releases/tag/1.13.0

Timeline of feature divergence

[edit | edit source]

1.19.0 – Enterprise-gated remote access

[edit | edit source]

Browser-based SSH, RDP, and VNC were introduced and explicitly documented as Cloud/Enterprise-only features.

Features Excluded from GPL (Community Edition):

  • Browser-based SSH
  • Browser-based RDP
  • Browser-based VNC

Source: https://github.com/fosrl/pangolin/releases/tag/1.19.0 Docs: https://docs.pangolin.net/manage/ssh

1.18.0 – Infrastructure platform features

[edit | edit source]

Introduced multi-site routing, wildcard resources, monitoring, and audit logging, moving the project toward infrastructure orchestration functionality.

Features Excluded from GPL (Community Edition):

  • Multi-site routing
  • Wildcard resources
  • Monitoring tooling
  • Audit logging

Source: https://github.com/fosrl/pangolin/releases/tag/1.18.0

1.17.0 – RBAC and access control scaling

[edit | edit source]

Expanded RBAC to support multiple roles per user and improved identity provider mapping. This release establishes the foundation for tier-based access separation.

Features Excluded from GPL (Community Edition):

  • Support for multiple roles per user
  • Advanced identity provider mapping

Source: https://github.com/fosrl/pangolin/releases/tag/1.17.0

1.13.0 – Identity and network model expansion

[edit | edit source]

Introduced private resources and a device-based access model, expanding Pangolin beyond simple tunneling into structured identity-based networking.

Features Excluded from GPL (Community Edition):

  • Private resources
  • Device-based access model

Source: https://github.com/fosrl/pangolin/releases/tag/1.13.0

Consumer impact

[edit | edit source]

The Community Edition continues to provide core tunneling functionality, but newer releases increasingly restrict major platform features to Enterprise or Cloud tiers. The result is a structured divergence between:

  • Community Edition: base self-hosted tunneling system
  • Enterprise/Cloud: full feature platform with advanced identity, infrastructure, and remote access tooling

See also

[edit | edit source]
  • Open-core software model
  • Self-hosted infrastructure platforms
  • WireGuard
  • Cloudflare Tunnels
  • Twingate
  1. ref goes here
Retrieved from "https://consumerrights.wiki/index.php?title=Pangolin_Self-Hosted_Reverse_Proxy_Service&oldid=57647"