SkillsApr 14, 2026·3 min read

frp — Fast Reverse Proxy to Expose Local Servers Behind NATs and Firewalls

frp is a high-performance reverse proxy written in Go. Expose a local HTTP/TCP/UDP service to the public internet through a relay server — the self-hosted alternative to ngrok and Cloudflare Tunnel.

Script Depot · Community

Agent ready

Review-first install path

This asset needs a review step. The copied prompt tells the agent to dry-run, show the writes, then proceed only after confirmation.

Needs Confirmation · 64/100Policy: confirm

Agent surface

Any MCP/CLI agent

Kind

Skill

Install

Single

Trust

Trust: Established

Entrypoint

step-1.md

Review-first command

npx -y tokrepo@latest install 06826b6b-3859-11f1-9bc6-00163e2b0d79 --target codex

Dry-run first, confirm the writes, then run this command.

TL;DR

frp exposes local servers behind NATs and firewalls to the public internet via a relay server.

§01

What it is

frp is a high-performance reverse proxy written in Go that exposes local HTTP, TCP, and UDP services to the public internet through a relay server. It is the self-hosted alternative to ngrok and Cloudflare Tunnel. You run a server component (frps) on a public VPS and a client component (frpc) on your local machine. Traffic routes through the relay.

This tool is for developers who need to expose local development servers, demo applications, or home lab services to the internet without complex networking setups.

§02

How it saves time or tokens

frp eliminates the need for port forwarding, dynamic DNS, or VPN setup. A simple configuration file connects your local service to a public URL in seconds. Unlike ngrok, frp is self-hosted with no subscription limits on connections, bandwidth, or custom domains.

§03

How to use

Set up frps on a public server.
Configure frpc on your local machine.
Start both components.
Access your local service via the public server's address.

# On your public server - run frps
./frps -c frps.toml

# On your local machine - run frpc
./frpc -c frpc.toml

§04

Example

Server configuration (frps.toml):

bindPort = 7000
vhostHTTPPort = 80
vhostHTTPSPort = 443

Client configuration (frpc.toml):

serverAddr = 'your-server.com'
serverPort = 7000

[[proxies]]
name = 'web'
type = 'http'
localPort = 3000
customDomains = ['dev.your-server.com']

[[proxies]]
name = 'ssh'
type = 'tcp'
localPort = 22
remotePort = 6000

Now dev.your-server.com routes to your local port 3000, and SSH is accessible on port 6000.

§05

Related on TokRepo

DevOps tools — Networking and infrastructure tools
Self-hosted solutions — Self-hosted alternatives

§06

Common pitfalls

You need a public server (VPS) to run frps. This is an ongoing cost, unlike free-tier ngrok.
Unencrypted frp traffic can be intercepted. Enable TLS between frpc and frps for security.
Exposing services to the internet creates security risks. Add authentication and access controls.
frp does not provide automatic HTTPS certificates. Use a reverse proxy like Nginx with Let's Encrypt in front of frps.
High traffic through frp adds latency compared to direct connections. The relay server becomes a bottleneck for bandwidth-intensive services.
Review the official documentation before deploying to production to ensure compatibility with your specific environment and requirements.
Start with default settings and customize incrementally. Changing too many configuration options at once makes debugging harder.

Frequently Asked Questions

How is frp different from ngrok?+

frp is self-hosted and free. ngrok is a managed service with free and paid tiers. frp gives you full control but requires a public server. ngrok is easier to start with but has connection limits on free plans.

What protocols does frp support?+

frp supports HTTP, HTTPS, TCP, UDP, and STCP (secret TCP for peer-to-peer connections). It can expose any network service that uses these protocols.

Can I use custom domains with frp?+

Yes. Point your domain's DNS to the frps server, and configure customDomains in the frpc config. frp routes traffic based on the HTTP Host header to the correct local service.

Is frp secure?+

frp supports TLS encryption between client and server, token-based authentication, and IP allowlists. However, security is your responsibility. Configure TLS, use strong tokens, and limit exposed services.

Can multiple local services share one frp server?+

Yes. Define multiple proxies in your frpc configuration, each mapping a different local port to a different public endpoint. One frps server can serve many frpc clients.

Citations (3)

frp GitHub— frp is a fast reverse proxy written in Go
frp Documentation— frp documentation and configuration
Nginx Reverse Proxy Docs— Reverse proxy and tunneling concepts

Related on TokRepo

DevOps tools Self-hosted tools Featured workflows

Discussion

No comments yet. Be the first to share your thoughts.

Related Assets

Pangolin — Identity-Aware Reverse Proxy with Built-In Tunneling

Pangolin is a self-hosted reverse proxy and tunnel server that adds identity-aware access control to any service you expose, using WireGuard under the hood.

Skills

Script Depot

Rathole — Lightweight High-Performance Reverse Proxy for NAT Traversal in Rust

A fast and resource-efficient reverse proxy written in Rust for exposing local services behind NATs and firewalls, serving as a lightweight alternative to frp and ngrok.

Skills

AI Open Source

Zoraxy — Self-Hosted Reverse Proxy with Web Dashboard

A general-purpose HTTP reverse proxy and forwarding tool written in Go, featuring an intuitive web UI for managing virtual hosts, TLS certificates, and traffic routing without editing config files.

Skills

AI Open Source

NPS — Lightweight NAT Traversal and Reverse Proxy Server

A high-performance intranet penetration proxy server written in Go with a web management dashboard, supporting TCP/UDP tunneling, HTTP/HTTPS proxying, SOCKS5, and P2P connections.

Scripts

Script Depot