| Basic Information | |
|---|---|
| Release Year | |
| Product Type | |
| In Production | Yes |
| Official Website | https://pangolin.net/ |
An introductory paragraph starting with "Pangolin Self-Hosted Reverse Proxy Service is a ...[1]". When writing the article, insert text in the space below this box, and then delete this tip box (and the other tip boxes below). In the visual editor, just click on a box and press backspace to delete it. In the source editor, simply delete the double curly brackets, and the text inside them.
Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.
Consumer-impact summary
Overview of concerns that arise from the conduct towards users of the product (if applicable):
- User freedom
- User privacy
- Business model
- Market control
Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.
Pangolin is a self-hosted open-source reverse proxy and identity-aware tunneling platform.
While the core project remains GPL-licensed and self-hostable, recent releases introduce a consistent pattern where major new features are delivered in Enterprise or Cloud tiers rather than the Community Edition.
This has resulted in a widening gap between the self-hosted version and paid deployments, particularly in identity management, infrastructure tooling, and remote access capabilities.
Feature gating by release (CE vs Enterprise divergence)
| Release | Feature Area | Community Edition (Self-Hosted) | Enterprise / Cloud Edition | Source |
|---|---|---|---|---|
| 1.19.0 | Enterprise-gated remote access |
|
|
https://github.com/fosrl/pangolin/releases/tag/1.19.0 |
| 1.18.0 | Infrastructure platform features |
|
|
https://github.com/fosrl/pangolin/releases/tag/1.18.0 |
| 1.17.0 | RBAC and access control scaling |
|
|
https://github.com/fosrl/pangolin/releases/tag/1.17.0 |
| 1.13.0 | Identity and network model expansion |
|
|
https://github.com/fosrl/pangolin/releases/tag/1.13.0 |
Timeline of feature divergence
1.19.0 – Enterprise-gated remote access
Browser-based SSH, RDP, and VNC were introduced and explicitly documented as Cloud/Enterprise-only features.
Features Excluded from GPL (Community Edition):
- Browser-based SSH
- Browser-based RDP
- Browser-based VNC
Source: https://github.com/fosrl/pangolin/releases/tag/1.19.0 Docs: https://docs.pangolin.net/manage/ssh
1.18.0 – Infrastructure platform features
Introduced multi-site routing, wildcard resources, monitoring, and audit logging, moving the project toward infrastructure orchestration functionality.
Features Excluded from GPL (Community Edition):
- Multi-site routing
- Wildcard resources
- Monitoring tooling
- Audit logging
Source: https://github.com/fosrl/pangolin/releases/tag/1.18.0
1.17.0 – RBAC and access control scaling
Expanded RBAC to support multiple roles per user and improved identity provider mapping. This release establishes the foundation for tier-based access separation.
Features Excluded from GPL (Community Edition):
- Support for multiple roles per user
- Advanced identity provider mapping
Source: https://github.com/fosrl/pangolin/releases/tag/1.17.0
1.13.0 – Identity and network model expansion
Introduced private resources and a device-based access model, expanding Pangolin beyond simple tunneling into structured identity-based networking.
Features Excluded from GPL (Community Edition):
- Private resources
- Device-based access model
Source: https://github.com/fosrl/pangolin/releases/tag/1.13.0
Consumer impact
The Community Edition continues to provide core tunneling functionality, but newer releases increasingly restrict major platform features to Enterprise or Cloud tiers. The result is a structured divergence between:
- Community Edition: base self-hosted tunneling system
- Enterprise/Cloud: full feature platform with advanced identity, infrastructure, and remote access tooling
See also
- Open-core software model
- Self-hosted infrastructure platforms
- WireGuard
- Cloudflare Tunnels
- Twingate
- ↑ ref goes here