4-Part Tutorial Series
Zero-Trust Homelab Access
Securely expose your home services to the internet through a cheap VPS — no port forwarding, no dynamic DNS, no exposed home IP. Just encrypted tunnels and identity-based access control.
4 focused guides
~2.5 hours total
Home IP stays hidden
Why Pangolin in 2025
- 0 → 19k GitHub stars in under a year — fastest-growing tunnel project
- Built-in identity-aware proxy with SSO/OIDC support
- WireGuard-based tunnels — kernel-level performance
- Your home IP never exposed — all traffic routes through VPS
Replace These Approaches
- Cloudflare TunnelsTOS risk + no UDP
- Port forwardingExposes home IP
- Tailscale FunnelLimited control
- ngrok Pro$20+/mo
- Pangolin + RamNode$5/mo — full control
Series Roadmap
What You'll Build
Secure Tunnel Infrastructure
- • Pangolin server on your VPS with automatic SSL
- • WireGuard tunnels from VPS to home network
- • SSO/OIDC authentication with per-service policies
- • Subdomain routing for each home service
Production Homelab Access
- • Jellyfin, Home Assistant, Nextcloud exposed securely
- • CrowdSec and Fail2ban intrusion prevention
- • Beszel real-time monitoring dashboard
- • Access logging and audit trails
Prerequisites
- • A RamNode VPS — 1GB ($5/mo) is sufficient for tunnel routing
- • Ubuntu 22.04 or 24.04 on the VPS
- • A home server or device running Docker (Raspberry Pi, NUC, old PC, etc.)
- • A domain name pointed to your VPS IP
- • Basic familiarity with Docker and Linux command line
Just need a quick Pangolin setup?
Our standalone Pangolin deployment guide covers the basics in a streamlined walkthrough.