this post was submitted on 17 Nov 2025
65 points (95.8% liked)

Selfhosted

53030 readers
1944 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
65
Headscale vs Netbird vs Pangolin - How do you like selfhosting them? (podcast.james.network)
submitted 2 days ago by kiol@discuss.online to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

cross-posted from: https://discuss.online/post/30666278

Headscale - The main objective of Headscale is to provide a non-proprietary implementation of the Tailscale protocol & control server for hobbyists and self-hosters. Acts as a replacement for the listening servers while allowing you to continue using your existing clients applications. Funnel functionality is currently considered in beta status. Does not include a web ui by default.

Netbird - Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls. You can try their hosted service or selfhost it, or whatever.

Pangolin - is a self-hosted tunneled reverse proxy server with identity and context aware access control, designed to easily expose and protect applications running anywhere. Pangolin acts as a central hub and connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports or requiring a VPN. Combines traefik reverse proxy with Single Sign On and Wireguard. Meant to be selfhosted, but they do offer a hosted instance.

Pin codes, temporary links, password links for exposing services as a “funnel”. Similar to cloudflare tunnels, where users cannot be bothered to sort things out and just want a service exposed.

top 19 comments
sorted by: hot top controversial new old
[–] oyzmo@lemmy.world 4 points 1 day ago (1 children)

Headscale is great! Netbird is easier, but their client for ios is soo battery hungry (at least the last time I tried).

[–] kiol@discuss.online 2 points 1 day ago (1 children)

When you say easier, do you mean because of the integrated webui?

[–] oyzmo@lemmy.world 2 points 1 day ago

Yes :)

[–] kiol@discuss.online 8 points 2 days ago (2 children)

Guess lemmy just pulls in all those notes, but still curious on how people like running these services. Headscale is a really nice project, but so are Netbird and Pangolin. I've been enjoying Netbird, but heard some people run into battery drain issues on clients. Was curious what other sorts of things crop up for people running these services themselves, or if it is smooth sailing.

[–] vividspecter@aussie.zone 8 points 1 day ago* (last edited 1 day ago)

I've used both Headscale and a while ago, Netbird. Some of this will be in comparison to raw Wireguard, which I'm also using.

I'm currently using Headscale, but it does have some annoyances. There were breaking changes fairly often for a while, although it looks to have mostly stabilised now. Tailscale itself is pretty invasive with its routing rules and DNS which can break things or cause unexpected behaviour, which doesn't occur with raw Wireguard which is more predictable once you understand it. The Tailscale android client has been somewhat unreliable and clunky, although getting better, although third party Android clients for Wireguard, in turn, have also improved Wireguard usage dramatically. On the other hand, Headscale (or Netbird) are pretty much necessary if you are on a CG-NAT and need ipv4 access, and more usable if you want to build a mesh network.

I can't remember if I tested the service Netbird or the self-hosted version (I think both) but the main thing I remember is that it had poor support for ipv6, which I consider mandatory. Otherwise, the Android client seemed solid and it felt well-designed overall. And maybe the ipv6 support is better now.

[–] hoppolito@mander.xyz 6 points 2 days ago (1 children)

I’ve been using NetBird for quite a while now. It has grown from an experiment in connecting to the server without exposing it to quite a stable setup that I make use of every day, and even got my partner and some of my family to use. That is the hosted offering, however, not me self hosting my own server component.

For a couple of months now, I’ve been eyeing pangolin though. It just seems like such an upgrade concerning identity and SSO - but equally a complete overhaul of my infrastructure and a steep learning curve.

I am itching to get it running but would probably have to approach it step-by-step, and roll it out pretty slowly, while transferring the existing services.

[–] kiol@discuss.online 3 points 2 days ago

Do you find they cover different use cases? Would it make sense to just selfhost Netbird, or to use a selfhosted Netbird in place of Pangolin?

[–] non_burglar@lemmy.world 7 points 1 day ago* (last edited 1 day ago) (1 children)

Pangolin is a reverse proxy implementation, so it doesn't really achieve the same thing as VPN software.

[–] kiol@discuss.online 2 points 1 day ago

Fair, but it can pair a VPN

[–] dangling_cat@piefed.blahaj.zone 6 points 1 day ago* (last edited 1 day ago) (3 children)

Pangolin is not a VPN. But it does magical things like allowing you to manage reverse proxy from both VPS and homelab within one UI interface.

[–] moonpiedumplings@programming.dev 1 points 1 day ago

No, they added a beta vpn feature.

[–] kiol@discuss.online 1 points 1 day ago

Right, it could be a pairing for a VPN to connect services in the VPS and homelab

[–] irmadlad@lemmy.world 1 points 1 day ago

It does bundle a lot of cool stuff together that you'd normally have to piece together.

[–] irmadlad@lemmy.world 1 points 1 day ago (1 children)

Holy missing paragraphs Batman!

[–] kiol@discuss.online 2 points 1 day ago (1 children)

That is just how Lemmy handles Castopod. Nothing to be done about it afaik.

[–] irmadlad@lemmy.world 1 points 1 day ago (1 children)

Wow, ok. I was having difficulty reading. Me skuzi

[–] kiol@discuss.online 4 points 1 day ago (1 children)

The actual post is below. That is just Lemmy rendering the description from the link. Filed an issue: https://code.castopod.org/adaures/castopod/-/issues/575

[–] irmadlad@lemmy.world 1 points 1 day ago (1 children)

I apologize. I didn't mean to make a big deal of it. I really meant my remark in jest as all the words were blurring. Old age and old eyes.

[–] kiol@discuss.online 1 points 1 day ago

I honestly find the fact that happens annoying, haha. Totally get it.