🔀 Setup FRP — Self-Hosted Reverse Proxy Tunnel
Deploy FRP (Fast Reverse Proxy) on Ubuntu to tunnel services from your home network through a public VPS — no port forwarding, no static IP, full TCP/UDP/HTTP support.
📦 Resources & Setup Scripts
Grab the automated bash script from GitHub to follow along with the video.
Quick Install:
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/frp/frp-ubuntu.sh
chmod +x frp-ubuntu.sh
sudo bash frp-ubuntu.sh
Tutorial Steps
1 Download the Script
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/frp/frp-ubuntu.sh
2 Make it Executable
chmod +x frp-ubuntu.sh
3 Run the Installer
The script installs Docker if needed, then deploys frps (the FRP server) on your public VPS. You then run frpc (the client) on your home server.
sudo bash frp-ubuntu.sh
4 Access the FRP Dashboard
Open your browser and navigate to:
http://<your-server-ip>:7500
5 Connect Your Client
Configure frpc on your home server to tunnel services through the frps public server — each service gets its own proxy definition.
Ports Used
| Port | Purpose |
|---|---|
| 7000 | FRP Control Port (frps — required) |
| 7500 | FRP Dashboard (internal — optional) |
| varies | Forwarded Service Ports (configured per tunnel) |
Overview
FRP (Fast Reverse Proxy) is a high-performance reverse proxy tunnel that lets you expose services running on a private network through a public VPS. It works by running frps (server) on a VPS with a public IP and frpc (client) on your home server. The client establishes an outbound connection to the server, which then forwards incoming traffic back through the tunnel. Supports TCP, UDP, HTTP, HTTPS, and STCP.
Why Use It
FRP solves the fundamental problem of self-hosting behind a home ISP: no static IP, carrier-grade NAT, or blocked inbound ports. Instead of fighting your ISP, FRP tunnels your traffic through a cheap VPS ($5/month) that does have a public IP. Unlike Cloudflare Tunnels, FRP is entirely self-hosted — no third-party dependency on your traffic path.
When You Need It
Who Should Use It
Real Use Cases
Main Features
How to Use After Installation
Security Best Practices
Ports and Firewall Notes
frps requires port 7000 for the control connection (TCP — frpc connects here). Port 7500 is the optional dashboard (internal only). Forwarded service ports are whatever you configure per proxy — open only the ports your services need. On your home server, no inbound ports need to be opened.
Backup and Maintenance
Common Mistakes
Troubleshooting
Alternatives
Cloudflare Tunnel (no VPS needed, no UDP, Cloudflare dependency), Rathole (Rust-based, more efficient), ngrok (cloud, rate-limited free tier), Bore (simpler, Go), WireGuard (VPN, different use case). FRP is the best self-hosted option when you need UDP support or want zero third-party dependencies.
When Not to Use It
If you have a static IP and can port-forward, you don't need FRP — just open the ports. If you're okay with Cloudflare managing your traffic, Cloudflared is simpler to set up. If all you need is SSH access, WireGuard or Tailscale VPN is a better fit than a full reverse proxy tunnel.
PrismaTechWork Professional Help
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Frequently Asked Questions
Do I need a VPS to run FRP?
Yes. frps (the server component) must run on a machine with a public IP address — a VPS from any cloud provider works. frpc (the client) runs on your home server. Budget VPS plans starting at $3–5/month from providers like Hetzner, DigitalOcean, or Vultr are sufficient.
What is the difference between FRP and Cloudflare Tunnel?
Both solve the same problem (exposing services behind NAT), but FRP is entirely self-hosted — your traffic only touches your VPS, not a third-party network. Cloudflare Tunnel routes traffic through Cloudflare's infrastructure, which adds DDoS protection and CDN benefits but also means Cloudflare can inspect your traffic. FRP also supports UDP; Cloudflare Tunnel does not.
Can FRP tunnel UDP traffic?
Yes. FRP supports UDP proxy type for tunneling UDP traffic — useful for game servers, DNS, VoIP, and WireGuard relays. Cloudflare Tunnel does not support UDP, making FRP the go-to choice for UDP-based services.
How many services can I tunnel through one FRP setup?
As many as you want — each service is a separate proxy definition in frpc.toml with its own bind port on the VPS. A single frpc-frps connection can multiplex many tunnels simultaneously. The only practical limit is the VPS bandwidth and available ports.
Is the tunnel traffic encrypted?
The control channel between frpc and frps can be encrypted with TLS (recommended). The data channel for each proxy can also use TLS. However, HTTP proxies without TLS on the VPS end transmit data unencrypted between the VPS and the visitor. Use HTTPS on your services for end-to-end encryption.
How does FRP compare to WireGuard for remote access?
WireGuard creates a VPN tunnel — all your traffic routes through the VPN, and remote devices appear on your local network. FRP is a reverse proxy — it exposes specific services publicly without giving remote clients network-level access. Use FRP for public-facing services; use WireGuard when you need full network access.
What happens if the VPS goes down?
All tunneled services become unreachable since frpc can't establish a connection to frps. FRP's frpc has a built-in reconnect loop — when the VPS comes back, the tunnel reconnects automatically without intervention. Consider using a monitoring service like Uptime Kuma to alert you if the VPS goes down.
How do I update FRP?
Run `docker compose pull && docker compose up -d` on the VPS for frps and on your home server for frpc. Keep both versions in sync — FRP doesn't guarantee backward compatibility between major versions. Check the GitHub releases page before upgrading.
