Blog...
Add my RSS feed!
Tunneling My Homelab
23 September 2024
Hosting public services without port forwarding
Tunneling my homelab to a VPS was really a lot easier than I expected. For a good while I was reluctant to buy a VPS since I didn't know if I was actually going to get it to work, but after seeing this article about frp I decided to give it a go.
The VPS I've gone with is a 2 GB Linode running Alpine Linux and my home servers are running NixOS.
To enable frp on my home server, I've added a module like this:
{
services.frp = {
enable = true;
role = "client";
settings = {
serverAddr = "vps.public.ip.address";
serverPort = 7000;
auth.method = "token";
auth.token = "my token";
transport.protocol = "tcp";
proxies = [
{
name = "my service";
type = "tcp";
localIP = "service.local.ip";
localPort = service port number;
remotePort = service port number;
}
];
};
};
}
To enable it on the VPS I installed frp with doas apk add frp and wrote the following to /etc/frp/frps.toml:
bindPort = 7000
auth.method = "token"
auth.token = "my token"
And that's all there is to it! You can now access all the forwarded services from the address of your VPS.
I also use Caddy as a reverse proxy to enable HTTPS and map the all of the services to subdomains. To do this all you need is to install Caddy and create a file under /etc/caddy/Caddyfile that looks something like this:
"myservice.domain.tld" {
reverse_proxy vps.public.ip:port
}
So far it's been very fast and stable, I definitely reccommend trying this if you're looking for a way to host your homelab publically without port forwarding or revealing your IP.
Categories: Technology Self-hosting Networking NixOS Linux
