frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Apple vs the Law

https://formularsumo.co.uk/blog/2025/apple-vs-the-law/
119•tempodox•2h ago•65 comments

OpenFront: Realtime Risk-like multiplayer game in the browser

https://openfront.io/
40•thombles•2h ago•10 comments

Why Is Fertility So Low in High Income Countries? (NBER)

https://www.nber.org/papers/w33989
19•jmsflknr•55m ago•19 comments

Show HN: Pangolin – Open source alternative to Cloudflare Tunnels

https://github.com/fosrl/pangolin
230•miloschwartz•11h ago•43 comments

Postgres LISTEN/NOTIFY does not scale

https://www.recall.ai/blog/postgres-listen-notify-does-not-scale
426•davidgu•3d ago•176 comments

Batch Mode in the Gemini API: Process More for Less

https://developers.googleblog.com/en/scale-your-ai-workloads-batch-mode-gemini-api/
95•xnx•3d ago•29 comments

LLM Inference Handbook

https://bentoml.com/llm/
54•djhu9•6h ago•1 comments

The ChompSaw: A Benchtop Power Tool That's Safe for Kids to Use

https://www.core77.com/posts/137602/The-ChompSaw-A-Benchtop-Power-Tool-Thats-Safe-for-Kids-to-Use
163•surprisetalk•3d ago•101 comments

Btrfs Allocator Hints

https://lwn.net/ml/all/cover.1747070147.git.anand.jain@oracle.com/
10•forza_user•1d ago•2 comments

What is Realtalk’s relationship to AI? (2024)

https://dynamicland.org/2024/FAQ/#What_is_Realtalks_relationship_to_AI
252•prathyvsh•17h ago•84 comments

Show HN: Interactive pinout for the Raspberry Pi Pico 2

https://pico2.pinout.xyz
42•gadgetoid•3d ago•6 comments

Series of posts on HTTP status codes (2018)

https://evertpot.com/http/
38•antonalekseev•2d ago•7 comments

FOKS: Federated Open Key Service

https://foks.pub/
228•ubj•20h ago•49 comments

Flix – A powerful effect-oriented programming language

https://flix.dev/
269•freilanzer•18h ago•128 comments

Apple-1 Computer, handmade by Jobs and Woz [video]

https://www.youtube.com/watch?v=XdBKuBhdZwg
54•guiambros•2d ago•16 comments

An almost catastrophic OpenZFS bug and the humans that made it

https://despairlabs.com/blog/posts/2025-07-10-an-openzfs-bug-and-the-humans-that-made-it/
8•r4um•2h ago•1 comments

Show HN: Cactus – Ollama for Smartphones

https://github.com/cactus-compute/cactus
143•HenryNdubuaku•13h ago•57 comments

Graphical Linear Algebra

https://graphicallinearalgebra.net/
240•hyperbrainer•16h ago•18 comments

Underwater turbine spinning for 6 years off Scotland's coast is a breakthrough

https://apnews.com/article/tidal-energy-turbine-marine-meygen-scotland-ffff3a7082205b33b612a1417e1ec6d6
173•djoldman•18h ago•155 comments

Show HN: I built a playground to showcase what Flux Kontext is good at

https://fluxkontextlab.com
52•Zephyrion•1d ago•14 comments

Red Hat Technical Writing Style Guide

https://stylepedia.net/style/
204•jumpocelot•17h ago•88 comments

The Wet History of Media in the Bathroom

https://thereader.mitpress.mit.edu/the-wet-history-of-media-in-the-bathroom/
3•zdw•3d ago•0 comments

Grok: Searching X for "From:Elonmusk (Israel or Palestine or Hamas or Gaza)"

https://simonwillison.net/2025/Jul/11/grok-musk/
329•simonw•8h ago•175 comments

Show HN: Open source alternative to Perplexity Comet

https://www.browseros.com/
218•felarof•15h ago•78 comments

Orwell Diaries 1938-1942

https://orwelldiaries.wordpress.com/page/2/
107•bookofjoe•14h ago•60 comments

Foundations of Search: A Perspective from Computer Science (2012) [pdf]

https://staffwww.dcs.shef.ac.uk/people/J.Marshall/publications/SFR09_16%20Marshall%20&%20Neumann_PP.pdf
23•mooreds•3d ago•0 comments

AI coding tools can reduce productivity

https://secondthoughts.ai/p/ai-coding-slowdown
160•gk1•9h ago•155 comments

Measuring the impact of AI on experienced open-source developer productivity

https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/
604•dheerajvs•16h ago•398 comments

Analyzing database trends through 1.8M Hacker News headlines

https://camelai.com/blog/hn-database-hype/
145•vercantez•3d ago•74 comments

eBPF: Connecting with Container Runtimes

https://h0x0er.github.io/blog/2025/06/29/ebpf-connecting-with-container-runtimes/
53•forxtrot•13h ago•7 comments
Open in hackernews

Show HN: Pangolin – Open source alternative to Cloudflare Tunnels

https://github.com/fosrl/pangolin
229•miloschwartz•11h ago
Pangolin is an open source self-hosted tunneled reverse proxy management server with identity and access control, designed to securely expose private resources through encrypted WireGuard tunnels running in user space.

We made Pangolin so you retain full control over your infrastructure while providing a user-friendly and feature-rich solution for managing proxies, authentication, and access, all with a clean and simple dashboard web UI.

GitHub: https://github.com/fosrl/pangolin

Deployment takes about 5 minutes on a VPS: https://docs.fossorial.io/Getting%20Started/quick-install

Demo by Lawrence Systems (YouTube): https://youtu.be/g5qOpxhhS7M?si=M1XTWLGLUZW0WzTv&t=723

Some use cases:

  - Grant users access to your apps from anywhere using just a web-browser

  - Proxy behind CGNAT

  - One application load balancer across multiple clouds and on-premises

  - Easily expose services on IoT and edge devices for field monitoring

  - Bring localhost online for easy access
A few key features:

  - No port forwarding and hide your public IP for self-hosting

  - Create proxies to multiple different private networks

  - OAuth2/OIDC identity providers

  - Role-based access control

  - Raw TCP and UDP support

  - Resource-specific pin codes, passwords, email OTP

  - Self-destructing shareable links

  - API for automation

  - WAF with CrowdSec and Geoblocking

Comments

fossorialowen•10h ago
Hello Eveyone, this is the other maintainer here. Just wanted to add some more detail about the other components of this system:

Pangolin uses Traefik under the hood to do the actual HTTP proxying. A plugin, Badger, provides a way to authenticate every request with Pangolin. A second service, Gerbil, provides a WireGuard management server that Pangolin can use to create peers for connectivity. And finally, there is Newt, a CLI tool and Docker container that connects back to Gerbil with WireGuard fully in user space and proxies your local resources. This means that you do not need to run a privileged process or container in order to expose your services!

PeterStuer•2h ago
Been using this for a few months for serving from home with a tiny VPS at Hetzner tunneling the traffic to Newt behind my home firewall.

My experience went very smooth and stable. The one issue I thought I had turned out to be not related to Pangolin at all.

https://github.com/orgs/fosrl/discussions/950

v5v3•16m ago
What's Newt?
oulipo•1h ago
Would be nice if there were a mini-tutorial in the doc for each of the use-cases you mention here, so we could quickly test it and see if it helps
tday1•6h ago
This is exactly what I have been looking for!

Thanks for building this. I’ll be trying it out when I get home tonight.

jz10•6h ago
I wish I'd found this project sooner. UI looks quite sleek!

I love working with CF Tunnels but I got frustrated with their lackluster web admin ux that I recently decided to have Claude whip up a quick terminal interface for it

hammyhavoc•6h ago
What do you find lacking in the web interface?
jz10•5h ago
Sounds a bit nitpicky now that I put it into words but most of my usage is just on the public hostnames panel which is about 3-4 levels deep from the dashboard. There is also a UI disconnect between this and the DNS records screen

I do this flow a number of times and the TUI I made solved this specific problem for me https://github.com/justingosan/tunnelman?tab=readme-ov-file#...

jallmann•4h ago
Yes, this exactly - I wouldn't call it nitpicky, it is really buried in there. I understand Cloudflare has a ton of other products and features, but the discoverability for CF Tunnels really could be better.

Just checked and it's:

Dashboard home > Zero Trust > Networks > Tunnels > [tunnel] > Public Hostname

And if it ends up provisioning a new DNS record, I always have to remember to go back to the domain's DNS screen and label it with the tunnel.

In general I use a tiny silver of Cloudflare's capabilities; it would be nice if the primary dashboard could bubble up the parts that I do use.

mekster•7m ago
You found it early enough. I guess it's not even 1 year old.
noduerme•6h ago
This seems really interesting for managing a lot of remote dev boxes or something like that...

so, kind of an uneducated question (from someone who isn't heavily involved in actual infrastructure)... I haven't used CF tunnels, and the extent of my proxying private services has pretty much been either reverse proxy tunnels over SSH, or Tailscale. Where pretty much any service I want to test privately is located on some particular device, like, a single EC2 instance, or my laptop that's at home while I'm out on my phone. Could you explain in layman's terms what this solves that e.g. tailscale doesn't?

fossorialowen•6h ago
Thanks!

I think what you are using (SSH, Tailscale) is great for your use case! We see this as more of a static and permanent tunnel to a service - less ephemeral than a ssh tunnel - and more to get public users into your application. Meaning if you had a internal app for your business or some homelab application like Immich or Grafana at home/work that you want to expose to your family in their browser this could be a good tool to use. Does that make sense?

barbazoo•4h ago
I’m using an nginxproxymanager as reverse proxy and ssl terminus for exactly that, Immich, home assistant, etc. What would I gain from your solution?
fossorialowen•4h ago
I think if that works for you then stick with it! Pangolin would mostly do the same thing. I think if you wanted more auth control like users and pin codes and OIDC and roles you might not get that with NPM out of the box but could add on.

Pangolin has a tunnel component to it so if you were challenged on the ISP front you can put this on the VPS and it just makes configuring the connection back to the network easier so you don't need to set up WG back etc... It wraps it all up nicely in a UI and simple install script. It can also all be automated with the API if you are into that kind of thing.

noduerme•28m ago
That makes a ton of sense actually! I'm excited to give it a try!
mbesto•4h ago
I use CF tunnels pretty extensively with my home unraid server.

The TL;DR is this - there are certain apps I host that I want to be public and don't want to onboard a Tailscale node (for example my sister uses my Plex server). So, instead of setting up a reverse proxy, I simply create a subdomain in DNS (via CF) and then route that subdomain to the CF tunnel.

It's like 3 form entries to do all of this for one site/service and automatically creates an SSL cert for me. I love it.

jonotime•3h ago
Out of curiosity why not give your sister restricted access to your tailnet instead? Then nothing is public.
omnimus•2h ago
My guess is that teaching and convincing someone to install tailscale on every device they need access is a lot harder than sending a link.

Thats why i use pangolin.

noduerme•21m ago
Tailscale and Plex do not play nicely, particularly since Plex implemented a bunch of shit to try to charge users for accessing their own files outside what it considers a local network. Switching to Jellyfin is on my maintenance list. It's very understandable that if you had given a family member access to your Plex server before this year and it "just worked" you might look now at Tailscale as a way to put them on your LAN and then decide that the complexity isn't worth it, given the hoops that Plex had apparently gone through to make that a non-viable option.

Fuck Plex, by the way. Good on them for building up and turning themselves into a streaming service of sorts. Add value and I'll pay for it. But suddenly one day your free mobile viewer app updates and requires payment to stream your own mp4 files? Seriously, they can go to hell. No one streaming movie files to their family is doing so because they love paying middle-men, by the way. And no core function of Plex can't be done freely.

hexfish•2h ago
Are you aware that serving media streams over the tunnel might be against the ToS? This is what kept me from using it tbh.
nodesocket•5h ago
This looks awesome. I am using Twingate (hosted and paid) currently in my production AWS VPC. AWS instance are in private subnets, no public ips attached, using a NAT instance for outbound internet, but very curious to try running Pangolin.

Can Pangolin also provide public access (currently I'm using Caddy as a reverse proxy)?

fossorialowen•4h ago
Yes! Thats where it excels I think. If you want public authenticated access for your users and / or need that tunneling component to get into your network or a set of distributed networks then Pangolin is your animal!
nicolas_•5h ago
Everyone on /r/homelab has been talking about it over the last few months. I bought a VPS and later realized a cheap tiny PC would be better for my use case combined with Proxmox. The next step is configuring a few more services and installing Pangolin on the VPS for easy reverse proxy management. I haven’t used it yet but all in all it looks awesome and the reviews I’ve seen are overwhelmingly positive. Thank you for building it!
heavyset_go•4h ago
Does this work well behind Docker Swarm or is it not designed for that?
fossorialowen•4h ago
Yes I think so. I know it works quiet well in compose but as you scale to swarm I am not sure if there would be pains. You can just pop the connector into your compose stack and it will connect to anything in the docker network which we personally do to host some of our basic infrastructure.
aborsy•3h ago
If you use this, it makes sense to run it at home. If you run it on a VPS, traffic is decrypted on VPS, the same privacy issue with Cloudflare tunnels. You have to trust the VPS provider.
fossorialowen•3h ago
This is true! But you have a little more control over who you might choose to trust. For example - you might trust AWS not to snoop in your VM more than you might trust CF to not collect valuable usage data about you when they decrypt your traffic.
mekster•10m ago
What can you even do if you can't trust a VPS provider?
PoKeRGT•3h ago
I have been using pangolin for a few months already and it's awesome. Installed in a small VPS (static IP) as an entry point for all the services I want to expose to friends and family from my homelab (dynamic IP), completely secure and very easy to manage.
coderhs•2h ago
Amazing project. I have been using tail scale connected to an nginx proxy manager hosted on a VPS, to make my application public. Wrote about it here: https://hsps.in/post/how-i-host-public-apps-using-tailscale/

But pangolin seems to be similar to that setup with a good UI, and more control. Definitely trying it out.

Quick question: Can it handle multiple domain names? I point multiple domain to the vps hosting my npm it proxy's them from there. Does Pangolin, also support multiple domains pointing to it?

djlameche•1h ago
Sorry if this is a noobish question, but would this allow me to access services on a VPS, that I do not want publicly accessible on the internet?

In other words: Let's say I have a VPS with eg. Keycloak running on it. I want to be able to access it for management purposes but don't want it exposed to other people on the internet. Would Pangolin be a way for me to do this?

TheTxT•55m ago
Did you already consider using ssh port forwarding? That way you can temporarily forward the local port that keycloak is running on to your machine
djlameche•28m ago
I did not consider it yet, I will look into it. I am thinking about hosting a pepper variety databse that I am developing, but I have 0 experience with hosting software, so I am a bit wary about what I will be exposing...
zakki•40m ago
I guess you have to use firewall as well. So basically you block any access from internet except VPN service. And you can have rule which IP allowed to access your VPN service.
jychang•31m ago
You want Tailscale for that.
oulipo•1h ago
"Easily expose services on IoT and edge devices for field monitoring"

can you give more details, would this be adapted to IoT devices running on MCUs like ESP32 etc?

raphinou•1h ago
Did you get outside contributions yet? I'm asking because it is dual licensed agpl and commercial (just like a recent project I'm working on), and am wondering how contributors react to the cla.

Btw I like your short and clear CLA! Did you check the wording of the cla with a lawyer? In my project I wanted to replace the perpetual license granted by contributors by 'a license granted as long as the software is also proposed under the agpl', but that might make it too complicated to still keep it succinct and legally clear.

oulipo•1h ago
Would Pangolin "integrate naturally" with something like Dokploy? Or is more meant to "replace" it?

Could you make a Dokploy template to let people deploy it easily?

LucidLynx•1h ago
What is the difference between Pangolin and NetBird, which is also a self-hosted and fully open-source solution?

https://github.com/netbirdio/netbird

resiros•12m ago
Would love to understand it better too. It looks like the use cases are similar but the tech is different. NetBird is an alternative to Tailscale that uses Wireguard under the hood while these seem to use Traefik under the hood.

I am personally a user of NetBird and love it.

The design of the UI is very similar though :)

44za12•42m ago
This is super exciting! The “Cloudflare Tunnel” lock-in has always bugged me, so seeing an open source option is genuinely refreshing. I’m especially curious how Pangolin handles the gritty stuff—flaky networks, authentication headaches, scaling up when things get real. If anyone’s kicked the tires on this in the wild, how does it compare to the “it just works” magic of Cloudflare? Bonus points if you’ve wrangled it into playing nice with self-hosted stuff on a home connection. For context, I’ve got a Raspberry Pi running my blog and a bunch of other hobby projects from home, so real-world stories would be gold.
PhilippGille•22m ago
There are dozens of open source alternatives to Cloudflare Tunnels: https://github.com/anderspitman/awesome-tunneling

That being said, I believe Pangolin is one of the better and polished ones.