Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.breezehost.xyz/llms.txt

Use this file to discover all available pages before exploring further.

VPS Networking Configuration

Networking is critical for any VPS. This guide covers IP management, firewall configuration, DNS setup, and reverse proxies.

IP Address Management

Your VPS comes with at least one public IP address. You’ll use this IP to:
  • Connect via SSH
  • Host web services
  • Configure DNS records
  • Set up VPN or reverse proxies

Finding Your IP Address

Your primary IP is provided in your welcome email and visible in the the dashboard control panel. From within your VPS, view IP addresses: 
# Show all network interfaces
ip addr show

# Or use older command
ifconfig
Example output: 
eth0: inet 203.0.113.42/24
The address 203.0.113.42 is your public IP.

Additional IP Addresses

Some plans support additional IP addresses. To request or manage extra IPs:
  1. Log into the dashboard
  2. Navigate to your VPS service
  3. Look for “IP Management” or “Networking” section
  4. Request additional IPs (charges may apply)

Firewall Configuration (UFW)

UFW (Uncomplicated Firewall) on Ubuntu/Debian provides simple firewall management.

Enable UFW

# Enable the firewall
sudo ufw enable

# Check status
sudo ufw status

Common Rules

# Allow SSH (CRITICAL - never block this)
sudo ufw allow 22/tcp

# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Allow custom port (e.g., application on 25565)
sudo ufw allow 25565/tcp

# Allow port range
sudo ufw allow 5000:6000/tcp

# Block specific IP
sudo ufw deny from 192.0.2.1

# Delete a rule
sudo ufw delete allow 8080/tcp

# View all rules with details
sudo ufw show added

Default Policies

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw default deny routed
Always allow SSH (port 22) before enabling UFW, or you’ll lock yourself out of your server.

UFW with Services

UFW comes with presets for common services: 
# List available services
sudo ufw app list

# Allow by service name
sudo ufw allow Nginx Full
sudo ufw allow 'OpenSSH'
sudo ufw allow 'Apache Full'

DNS Configuration

DNS points your domain name to your VPS’s IP address.

Pointing Your Domain to Breeze

You own your domain (Breeze doesn’t sell domains). To point it to your VPS: Method 1: Using A Records (Recommended)
  1. Log into your domain registrar (GoDaddy, Namecheap, etc.)
  2. Find DNS settings
  3. Create or edit an A record:
    • Name: @ (or leave blank for root domain)
    • Type: A
    • Value: Your VPS IP address (e.g., 203.0.113.42)
    • TTL: 3600 (or default)
  4. For subdomains, add A records with the subdomain name:
    • Name: www (or subdomain name)
    • Type: A
    • Value: Your VPS IP address
Method 2: Using Nameservers If your VPS comes with nameserver support, update your domain to use Breeze’s nameservers. Instructions will be provided in your welcome email.

DNS Propagation

DNS changes take 24-48 hours to propagate globally (though usually faster). Check propagation: 
# On your local computer
nslookup example.com
dig example.com

Reverse DNS (rDNS)

Reverse DNS helps email delivery and service reputation. Contact Breeze support to set up reverse DNS for your IP address.

Web Server Setup (Reverse Proxy)

Most web applications run on local ports (3000, 8000, 5000) but need to be accessed on ports 80 (HTTP) and 443 (HTTPS).

nginx Reverse Proxy

Install nginx: 
sudo apt update
sudo apt install nginx
Create a configuration file: 
sudo nano /etc/nginx/sites-available/myapp
Add configuration: 
server {
    listen 80;
    server_name example.com www.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
Enable the site: 
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Apache Reverse Proxy

Enable proxy modules: 
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2
Create virtual host: 
sudo nano /etc/apache2/sites-available/myapp.conf
Add configuration: 
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com

    ProxyPreserveHost On
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable and restart: 
sudo a2ensite myapp
sudo apache2ctl configtest
sudo systemctl restart apache2

SSL/TLS Certificates

Secure your applications with HTTPS using Let’s Encrypt (free) or commercial certificates.

Using Certbot (Let’s Encrypt)

Install Certbot: 
sudo apt install certbot python3-certbot-nginx
# Or for Apache:
# sudo apt install certbot python3-certbot-apache
Obtain certificate: 
# For nginx
sudo certbot --nginx -d example.com -d www.example.com

# For Apache
sudo certbot --apache -d example.com -d www.example.com
Certbot will:
  1. Verify domain ownership
  2. Create SSL certificates
  3. Automatically configure your web server
  4. Set up automatic renewal
Check renewal: 
sudo certbot renew --dry-run
Let’s Encrypt certificates are free and Certbot auto-renews them. Use this for all production sites.

SSH Tunneling

SSH tunneling creates encrypted tunnels through your VPS for secure communication.

Port Forwarding (Local Tunneling)

Access a service on your VPS from your local machine through an encrypted tunnel: 
ssh -L local_port:localhost:remote_port user@your_server_ip
Example - access a database on port 5432: 
ssh -L 5432:localhost:5432 root@203.0.113.42
Then connect locally: psql -h localhost -p 5432

Remote Forwarding

Expose a local service through your VPS (useful for development): 
ssh -R remote_port:localhost:local_port user@your_server_ip

SOCKS Proxy

Create a SOCKS proxy to route all traffic through your VPS: 
ssh -D 1080 root@203.0.113.42
Configure your application to use localhost:1080 as a SOCKS proxy.

Network Monitoring

Monitor your VPS’s network activity:

Check Network Interfaces

# Show interface statistics
ip -s link show

# Or use ifstat if installed
sudo apt install ifstat
ifstat -i eth0 1

Monitor Bandwidth Usage

# Install iftop
sudo apt install iftop
sudo iftop -i eth0

Check Connections

# Show listening ports
sudo netstat -tulpn
# Or modern alternative:
sudo ss -tulpn

# Monitor connections in real-time
watch -n 1 'netstat -tulpn | grep ESTABLISHED'

Bandwidth Per Application

# Install nethogs
sudo apt install nethogs
sudo nethogs eth0

Troubleshooting Network Issues

No Internet Connection

  1. Check interface is up: 
    ip addr show
  2. Verify default gateway: 
    ip route show
  3. Test connectivity: 
    ping 8.8.8.8
  4. Check DNS resolution: 
    nslookup google.com

High Bandwidth Usage

  1. Identify traffic source: 
    sudo nethogs eth0
  2. Check for unusual processes: 
    top
  3. Review logs for attacks/issues: 
    sudo tail -f /var/log/syslog

Slow Connection

  1. Check MTU size: 
    ip link show eth0 | grep mtu
  2. Run speed test: 
    # Install speedtest-cli
pip install speedtest-cli
speedtest
  3. Check for packet loss: 
    ping -c 10 8.8.8.8

Security Best Practices

  • Firewall: Block unnecessary ports with UFW
  • SSH Keys: Use key-based authentication instead of passwords
  • Fail2Ban: Block brute force attacks (optional but recommended)
  • Monitoring: Watch for unusual network activity
  • DDoS Protection: Contact support for DDoS mitigation options

Next Steps

Managing Your VPS

Learn VPS power controls and resource monitoring.

Getting Started

Initial VPS setup and security hardening.

Proxmox Overview

Understand your virtualization infrastructure.