← Back to catalog Pangolin + Newt · managed by DINAO

Expose your private services without opening your firewalls

A sovereign alternative to Cloudflare Tunnel powered by Pangolin and Newt, installed and maintained by DINAO. Your traffic flows through encrypted WireGuard tunnels on our French servers — never through a US proxy.

Hosted in FranceEncrypted WireGuard tunnelsZero open portsGDPR CompliantOfficial publisher image
Overview

What is Pangolin + Newt?

Pangolin is a reverse proxy tunnel and identity-aware tool that allows you to securely expose private services behind a NAT or firewall, without opening a single incoming port. Installed on a public IP entry point, it routes traffic through WireGuard encrypted tunnels running in user space, and relies on Traefik for reverse proxying, load balancing, health checks, and automatic Let's Encrypt certificates.

Its companion Newt is a lightweight agent installed on each remote server or site: it establishes an outgoing tunnel to Pangolin, making internal machines invisible from the outside while making them publishable. Together, they form a credible self-hosted alternative to Cloudflare Tunnel and Tailscale Funnel.

Pangolin includes an admin dashboard, user and role management, and access control per resource (PIN, password, SSO/OIDC, IP rules). Developed by Fossorial, the ecosystem is actively maintained and designed for professional self-hosting.

Compatible offers

Host Pangolin + Newt at DINAO

Resource tiers compatible with Pangolin + Newt prerequisites (minimum 1 vCPU / 1 Go / 10 Go). Hosted in France, fully managed.

Découverte
1 vCPU · 2 Go · 20 Go
9,90 € /month excl. VAT
  • 1 dedicated vCPU
  • 2 Go RAM
  • 20 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
1 vCPU
ideal : 2 vCPU
Memory
1 Go
ideal : 2 Go
Disk
10 Go
ideal : 20 Go
Image : fosrl/pangolin:latest Registry : docker.io Services : pangolin, gerbil, traefik, newt (client distant) Ports : 80, 443, 51820/udp, 21820/udp
FAQ

You might be wondering…

How is this different from Cloudflare Tunnel?

The principle is similar — exposing a private service without opening a port — but here the entry point is your DINAO instance in France. Your traffic does not pass through a US network, keeping you in control of the chain.

Do I need to open ports on my firewall?

No. The Newt agent installed on your servers establishes an outgoing tunnel to Pangolin. No incoming ports are exposed on your machines, even behind a NAT.

Where are the data hosted?

On DINAO infrastructure in France, in one of the available datacenters. The entry point and routing metadata do not leave the territory.

Do I need technical skills?

For everyday use, no : DINAO installs Pangolin and configures the entry point. You manage your resources from the dashboard. Installing the Newt agent on your servers is simple and documented.

Can I connect multiple sites or servers?

Yes. Newt can be deployed on as many servers and remote sites as needed (depending on your tier), each establishing its own tunnel to Pangolin.