frp #
Initially I used NGINX streams, as that seemed to work great. As I've been getting time outs for about 2 minutes twice a day, I wanted to do something else. I first tried SSH tunnels, but those kept failing. After seeing zvava.org -> frp, I wanted to try frp.
I essentially use frp to bind homeserver-ip:80 and homeserver-ip:443 to vps-ip:80 and vps-ip:443, because I don't feel like exposing my home ip address and because I really dislike CloudFlare.
server config #
The server config is pretty simple, I just used UFW to secure my VPS further than the token.
1bindPort = 7000
2
3auth.method = "token"
4auth.token = ""
client config (nixos) #
For NixOS, luckily there's a NixOS module for frp. It works pretty cool, the following code is what I used:
1pkgs, config, lib, ... }:
2{
3 services.frp = {
4 enable = true;
5 role = "client";
6 settings = {
7 serverAddr = "vps-ip";
8 serverPort = 7000;
9 auth.method = "token";
10 auth.token = "";
11 transport.protocol = "tcp";
12 proxies = [
13 {
14 name = "http";
15 type = "tcp";
16 localIP = "localhost";
17 localPort = 80;
18 remotePort = 80;
19 }
20 {
21 name = "https";
22 type = "tcp";
23 localIP = "localhost";
24 localPort = 443;
25 remotePort = 443;
26 }
27 ];
28 };
29 };
30}
That was all for me, it works great!
client config (normal linux) #
1serverAddr = ""
2serverPort = 7000
3auth.method = "token"
4auth.token = ""
5
6[[proxies]]
7name = "http"
8type = "tcp"
9localIP = "localhost"
10localPort = 80
11remotePort = 80
12
13[[proxies]]
14name = "https"
15type = "tcp"
16localIP = "localhost"
17localPort = 443
18remotePort = 443
UFW config #
Like I said, I used UFW to further harden/secure my VPS. I did the following:
1ufw default deny incoming
2ufw allow in ssh # or: ufw allow in $whatever_your_ssh_port_is
3ufw allow 80
4ufw allow 443
5ufw allow from homeserver-ip
6ufw limit sshport/tcp
7ufw enable
That'd be all, I hope that helps :)