> ## Documentation Index
> Fetch the complete documentation index at: https://docs.breezehost.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# VPS Networking Guide

> Configure IP addresses, firewalls, DNS, reverse proxies, and SSH tunneling

# VPS Networking Configuration

Networking is critical for any VPS. This guide covers IP management, firewall configuration, DNS setup, and reverse proxies.

## IP Address Management

Your VPS comes with at least one public IP address. You'll use this IP to:

* Connect via SSH
* Host web services
* Configure DNS records
* Set up VPN or reverse proxies

### Finding Your IP Address

Your primary IP is provided in your welcome email and visible in the the dashboard control panel.

From within your VPS, view IP addresses:

```bash theme={null}
# Show all network interfaces
ip addr show

# Or use older command
ifconfig
```

Example output:

```
eth0: inet 203.0.113.42/24
```

The address **203.0.113.42** is your public IP.

### Additional IP Addresses

Some plans support additional IP addresses. To request or manage extra IPs:

1. Log into the dashboard
2. Navigate to your VPS service
3. Look for "IP Management" or "Networking" section
4. Request additional IPs (charges may apply)

## Firewall Configuration (UFW)

UFW (Uncomplicated Firewall) on Ubuntu/Debian provides simple firewall management.

### Enable UFW

```bash theme={null}
# Enable the firewall
sudo ufw enable

# Check status
sudo ufw status
```

### Common Rules

```bash theme={null}
# Allow SSH (CRITICAL - never block this)
sudo ufw allow 22/tcp

# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Allow custom port (e.g., application on 25565)
sudo ufw allow 25565/tcp

# Allow port range
sudo ufw allow 5000:6000/tcp

# Block specific IP
sudo ufw deny from 192.0.2.1

# Delete a rule
sudo ufw delete allow 8080/tcp

# View all rules with details
sudo ufw show added
```

### Default Policies

```bash theme={null}
# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw default deny routed
```

<Warning>
  Always allow SSH (port 22) before enabling UFW, or you'll lock yourself out of your server.
</Warning>

### UFW with Services

UFW comes with presets for common services:

```bash theme={null}
# List available services
sudo ufw app list

# Allow by service name
sudo ufw allow Nginx Full
sudo ufw allow 'OpenSSH'
sudo ufw allow 'Apache Full'
```

## DNS Configuration

DNS points your domain name to your VPS's IP address.

### Pointing Your Domain to Breeze

You own your domain (Breeze doesn't sell domains). To point it to your VPS:

**Method 1: Using A Records (Recommended)**

1. Log into your domain registrar (GoDaddy, Namecheap, etc.)

2. Find DNS settings

3. Create or edit an A record:
   * **Name**: @ (or leave blank for root domain)
   * **Type**: A
   * **Value**: Your VPS IP address (e.g., 203.0.113.42)
   * **TTL**: 3600 (or default)

4. For subdomains, add A records with the subdomain name:
   * **Name**: www (or subdomain name)
   * **Type**: A
   * **Value**: Your VPS IP address

**Method 2: Using Nameservers**

If your VPS comes with nameserver support, update your domain to use Breeze's nameservers. Instructions will be provided in your welcome email.

### DNS Propagation

DNS changes take 24-48 hours to propagate globally (though usually faster). Check propagation:

```bash theme={null}
# On your local computer
nslookup example.com
dig example.com
```

### Reverse DNS (rDNS)

Reverse DNS helps email delivery and service reputation. Contact Breeze support to set up reverse DNS for your IP address.

## Web Server Setup (Reverse Proxy)

Most web applications run on local ports (3000, 8000, 5000) but need to be accessed on ports 80 (HTTP) and 443 (HTTPS).

### nginx Reverse Proxy

Install nginx:

```bash theme={null}
sudo apt update
sudo apt install nginx
```

Create a configuration file:

```bash theme={null}
sudo nano /etc/nginx/sites-available/myapp
```

Add configuration:

```nginx theme={null}
server {
    listen 80;
    server_name example.com www.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
```

Enable the site:

```bash theme={null}
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
```

### Apache Reverse Proxy

Enable proxy modules:

```bash theme={null}
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2
```

Create virtual host:

```bash theme={null}
sudo nano /etc/apache2/sites-available/myapp.conf
```

Add configuration:

```apache theme={null}
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com

    ProxyPreserveHost On
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```

Enable and restart:

```bash theme={null}
sudo a2ensite myapp
sudo apache2ctl configtest
sudo systemctl restart apache2
```

## SSL/TLS Certificates

Secure your applications with HTTPS using Let's Encrypt (free) or commercial certificates.

### Using Certbot (Let's Encrypt)

Install Certbot:

```bash theme={null}
sudo apt install certbot python3-certbot-nginx
# Or for Apache:
# sudo apt install certbot python3-certbot-apache
```

Obtain certificate:

```bash theme={null}
# For nginx
sudo certbot --nginx -d example.com -d www.example.com

# For Apache
sudo certbot --apache -d example.com -d www.example.com
```

Certbot will:

1. Verify domain ownership
2. Create SSL certificates
3. Automatically configure your web server
4. Set up automatic renewal

Check renewal:

```bash theme={null}
sudo certbot renew --dry-run
```

<Tip>
  Let's Encrypt certificates are free and Certbot auto-renews them. Use this for all production sites.
</Tip>

## SSH Tunneling

SSH tunneling creates encrypted tunnels through your VPS for secure communication.

### Port Forwarding (Local Tunneling)

Access a service on your VPS from your local machine through an encrypted tunnel:

```bash theme={null}
ssh -L local_port:localhost:remote_port user@your_server_ip
```

Example - access a database on port 5432:

```bash theme={null}
ssh -L 5432:localhost:5432 root@203.0.113.42
```

Then connect locally: `psql -h localhost -p 5432`

### Remote Forwarding

Expose a local service through your VPS (useful for development):

```bash theme={null}
ssh -R remote_port:localhost:local_port user@your_server_ip
```

### SOCKS Proxy

Create a SOCKS proxy to route all traffic through your VPS:

```bash theme={null}
ssh -D 1080 root@203.0.113.42
```

Configure your application to use localhost:1080 as a SOCKS proxy.

## Network Monitoring

Monitor your VPS's network activity:

### Check Network Interfaces

```bash theme={null}
# Show interface statistics
ip -s link show

# Or use ifstat if installed
sudo apt install ifstat
ifstat -i eth0 1
```

### Monitor Bandwidth Usage

```bash theme={null}
# Install iftop
sudo apt install iftop
sudo iftop -i eth0
```

### Check Connections

```bash theme={null}
# Show listening ports
sudo netstat -tulpn
# Or modern alternative:
sudo ss -tulpn

# Monitor connections in real-time
watch -n 1 'netstat -tulpn | grep ESTABLISHED'
```

### Bandwidth Per Application

```bash theme={null}
# Install nethogs
sudo apt install nethogs
sudo nethogs eth0
```

## Troubleshooting Network Issues

### No Internet Connection

1. Check interface is up:
   ```bash theme={null}
   ip addr show
   ```

2. Verify default gateway:
   ```bash theme={null}
   ip route show
   ```

3. Test connectivity:
   ```bash theme={null}
   ping 8.8.8.8
   ```

4. Check DNS resolution:
   ```bash theme={null}
   nslookup google.com
   ```

### High Bandwidth Usage

1. Identify traffic source:
   ```bash theme={null}
   sudo nethogs eth0
   ```

2. Check for unusual processes:
   ```bash theme={null}
   top
   ```

3. Review logs for attacks/issues:
   ```bash theme={null}
   sudo tail -f /var/log/syslog
   ```

### Slow Connection

1. Check MTU size:
   ```bash theme={null}
   ip link show eth0 | grep mtu
   ```

2. Run speed test:
   ```bash theme={null}
   # Install speedtest-cli
   pip install speedtest-cli
   speedtest
   ```

3. Check for packet loss:
   ```bash theme={null}
   ping -c 10 8.8.8.8
   ```

## Security Best Practices

* **Firewall**: Block unnecessary ports with UFW
* **SSH Keys**: Use key-based authentication instead of passwords
* **Fail2Ban**: Block brute force attacks (optional but recommended)
* **Monitoring**: Watch for unusual network activity
* **DDoS Protection**: Contact support for DDoS mitigation options

## Next Steps

<CardGroup cols={2}>
  <Card title="Managing Your VPS" icon="sliders" href="/vps/managing-vps">
    Learn VPS power controls and resource monitoring.
  </Card>

  <Card title="Getting Started" icon="rocket" href="/vps/getting-started">
    Initial VPS setup and security hardening.
  </Card>

  <Card title="Proxmox Overview" icon="server" href="/vps/proxmox-panel">
    Understand your virtualization infrastructure.
  </Card>
</CardGroup>
