Hello, I just switched my Cloudflare Tunnel container for an open-source alternative, Newt (Pangolin), on my home lab. They are both special reverse proxies that use a secure tunnel to expose your internal services to the internet.
There are a lot of benefits to setting up Pangolin, but it comes with a cost and requires more setup. The biggest drawback is the cost of purchasing a VPS, compared to Cloudflare Tunnel, where you just need to have a domain name.
The setup isn’t bad at all, and I found an amazing guide from Jeremy that made it incredibly simple. So while this won’t be a setup guide, I did want to bring more attention to this project. It’s everything you could love about an open-source project: better performance and better security. While Pangolin itself is amazing, using a cloud service provider comes with inherent risks.
Let’s consider the key differences between Cloudflare Tunnel and Pangolin (Newt):
| Feature | Cloudflare Tunnel | Pangolin (Newt) |
| Infrastructure | Managed by Cloudflare’s global network. | Self-hosted on your own server (typically a VPS) |
| Control | Limited control over the underlying infrastructure. | Complete control over your setup. |
| Security & Privacy | Traffic passes through Cloudflare’s network, where it can be inspected. Benefits from Cloudflare’s enterprise-grade security | More complex initial setup, but has an intuitive dashboard for management |
| Cost | Offers a free tier, with paid plans for more features | The software is free, but you incur costs for hosting the VPS. Some low-cost VPS options are available. |
| Authentication | Integrates with Cloudflare Access for a Zero Trust security model | Built-in, granular role-based access control (RBAC), and supports various identity providers |
Leave a Reply