# NPS — Lightweight NAT Traversal and Reverse Proxy Server > A high-performance intranet penetration proxy server written in Go with a web management dashboard, supporting TCP/UDP tunneling, HTTP/HTTPS proxying, SOCKS5, and P2P connections. ## Install Save as a script file and run: # NPS — Lightweight NAT Traversal and Reverse Proxy Server ## Quick Use ```bash # Server side (public IP machine) ./nps install ./nps start # Client side (behind NAT) ./npc -server=YOUR_SERVER_IP:8024 -vkey=YOUR_KEY -type=tcp ``` ## Introduction NPS is a lightweight, high-performance reverse proxy and NAT traversal tool written in Go. It enables developers and teams to expose services running behind firewalls or NAT networks to the public internet, with a web-based management interface for configuring tunnels and monitoring traffic. ## What NPS Does - Creates TCP and UDP tunnels to expose internal services through a public server - Provides HTTP and HTTPS reverse proxying with custom domain binding - Supports SOCKS5 proxy mode for general-purpose traffic forwarding - Offers a web management dashboard for creating clients, tunnels, and access controls - Enables P2P connections between clients to reduce server bandwidth consumption ## Architecture Overview NPS follows a server-client model. The server runs on a machine with a public IP and manages all tunnel configurations. Clients connect to the server using a unique verification key over a persistent multiplexed connection. Traffic is forwarded through the server or directly via P2P when both endpoints support it. The server stores configuration in a file-based database and exposes a web UI on a configurable port. ## Self-Hosting & Configuration - Download prebuilt binaries for Linux, macOS, Windows, or FreeBSD from the releases page - Run the server with `./nps install && ./nps start` to launch the web dashboard on port 8080 - Create clients and tunnels through the web UI or via the configuration file - Configure bandwidth limits, connection limits, and access control lists per client - TLS encryption is supported for both the management interface and tunnel traffic ## Key Features - Single binary deployment with no external dependencies for both server and client - Web dashboard with real-time traffic monitoring, client status, and tunnel management - Bandwidth and connection limiting per client for multi-tenant usage - Compressed transmission reduces bandwidth usage on slow or metered connections - Multi-user support with API tokens for programmatic tunnel management ## Comparison with Similar Tools - **frp** — Similar feature set; NPS adds a built-in web dashboard and multi-user management - **ngrok** — Managed SaaS with free tier limits; NPS is fully self-hosted with no restrictions - **Cloudflare Tunnel** — Requires Cloudflare; NPS works with any server and domain - **Tailscale/Headscale** — Mesh VPN approach; NPS focuses on per-service tunnel exposure - **rathole** — Rust-based and lighter; NPS provides a richer management UI and more protocols ## FAQ **Q: What protocols does NPS support for tunneling?** A: TCP, UDP, HTTP, HTTPS, and SOCKS5. Each tunnel type is configured independently per client. **Q: Can I use NPS to expose a web application with a custom domain?** A: Yes. Configure an HTTP tunnel with a custom host header, then point your domain DNS to the NPS server. **Q: Is traffic between client and server encrypted?** A: NPS supports TLS encryption for the control channel. For tunnel traffic, you can enable compression and encryption in the configuration. **Q: How does P2P mode work?** A: When enabled, NPS attempts to establish a direct connection between two clients using hole punching. If P2P fails, traffic falls back to routing through the server. ## Sources - https://github.com/ehang-io/nps - https://ehang-io.github.io/nps/ --- Source: https://tokrepo.com/en/workflows/asset-241ffd37 Author: Script Depot