pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-08 05:56:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9631c234287c1aea2fb9f7eaa5ec00ad437b298
docs-v2/about/pangolin-vs-traditional-reverse-proxy.mdx
miloschwartz f0fa0d1857 remove global in some places
2025-08-01 23:34:28 -07:00

115 lines
4.1 KiB
Plaintext
Raw Blame History

---
title: "Pangolin vs. Reverse Proxy"
description: "Learn how Pangolin's distributed architecture eliminates single points of failure and provides authenticated access to your applications"
---
Pangolin builds upon traditional reverse proxy principles but adds distributed architecture, tunneling, and identity-aware access control. While traditional reverse proxies are typically single-server solutions, Pangolin operates as a distributed network of points of presence that provide highly-available access to your applications.
## Traditional Reverse Proxy Limitations
<CardGroup cols={2}>
<Card title="Single Point of Failure" icon="triangle-exclamation">
If the reverse proxy server goes down, all applications become inaccessible.
</Card>
<Card title="Geographic Limitations" icon="globe">
Users far from the server location experience higher latency.
</Card>
<Card title="Network Dependencies" icon="network-wired">
Requires public IP addresses and open ports on your network.
</Card>
<Card title="Basic Authentication" icon="shield">
Typically relies on network-based trust rather than user identity.
</Card>
</CardGroup>
## Pangolin's Dual-Layer High Availability
Pangolin provides high availability at two critical layers: ingress points and backend routing.
### How It Works
<Steps>
<Step title="Ingress Routing">
Request is routed to the closest available point of presence. If one goes down, there is always another point available.
</Step>
<Step title="Authentication">
User identity is verified at the point of presence before getting routed to your backend.
</Step>
<Step title="Tunnel Selection">
Pangolin selects the optimal tunnel route to your backend service.
</Step>
<Step title="Failover Handling">
If the primary tunnel fails, traffic automatically switches to an alternative route.
</Step>
<Step title="Response Delivery">
Response follows the same resilient path back to the user.
</Step>
</Steps>
<Info>
This dual-layer approach ensures your applications remain accessible even if individual points of presence or tunnel connections fail.
</Info>
## Key Differences
### Tunneling vs. Direct Network Access
| Traditional Reverse Proxy | Pangolin |
|--------------------------|----------|
| **Public IP Required** | **No Public IP Needed** |
| **Open Ports (80, 443)** | **No Open Ports** |
| **Complex Network Setup** | **Automatic Discovery** |
| **Network-Based Security** | **Encrypted WireGuard Tunnels** |
<Tip>
This tunneling capability makes Pangolin ideal for environments behind restrictive firewalls, CGNAT, or corporate networks.
</Tip>
### Identity-Aware Proxy (IAP)
Traditional reverse proxies rely on network-based trust, while Pangolin implements zero-trust access control:
<CardGroup cols={2}>
<Card title="Multi-Factor Authentication" icon="key">
Support for 2FA, passkeys, and OTP.
</Card>
<Card title="Single Sign-On" icon="users">
Integration with Google, Okta, and other identity providers.
</Card>
<Card title="Granular Permissions" icon="shield-check">
Role-based access control and path-based rules.
</Card>
<Card title="Contextual Rules" icon="map-pin">
IP-based, path-based, and geographic access policies.
</Card>
</CardGroup>
<Warning>
Unlike traditional reverse proxies, Pangolin authenticates every single request, ensuring that only authorized users can access your applications.
</Warning>
## Benefits Summary
| Feature | Traditional Reverse Proxy | Pangolin |
|---------|--------------------------|----------|
| **Availability** | Single point of failure | Distributed, fault-tolerant |
| **Performance** | Limited by server location | Regionally, optimized routing |
| **Security** | Network-based trust | Zero-trust, identity-aware |
| **Network Requirements** | Public IP, open ports | No public IP needed |
| **Authentication** | Basic or none | Advanced, multi-factor |
| **Scalability** | Manual scaling | Automatic regional distribution |
<Card title="Try Pangolin Cloud" icon="rocket" href="https://pangolin.fossorial.io/auth/signup">
Get distributed, authenticated access to your applications with Pangolin's regional network of points of presence.
</Card>
Reference in New Issue View Git Blame Copy Permalink