How Connectivity Works
The Problem With Traditional VPSs
On a traditional VPS you typically have to:
- Open inbound ports — firewall allows SSH (22), HTTP (80/443)
- Run on a static IP or domain — clients need somewhere to connect
- Handle DDoS — public services are attack targets
- Manage SSL certificates — HTTPS needs rotation
The bar is too high for non-technical operators.
The realvco Solution: Cloudflare Tunnel
realvco uses Cloudflare Tunnel (formerly Argo Tunnel) to solve these problems.
How It Works
You (browser / phone)
│
▼ HTTPS
┌─────────────────────┐
│ Cloudflare CDN │ ◄── SSL termination, DDoS protection
│ (global edge) │
└─────────────────────┘
│
▼ encrypted tunnel
┌─────────────────────┐
│ Cloudflare Tunnel │
│ (cloudflared) │
└─────────────────────┘
│
▼ outbound only
┌─────────────┐
│ Your VPS │ ◄── no inbound ports needed
│ (mVPS) │
└─────────────┘Key Properties
| Property | Description | Benefit |
|---|---|---|
| Outbound-only | VPS initiates connections to Cloudflare | Firewall exposes no inbound ports |
| Encrypted tunnel | Traffic is encrypted end-to-end | Cannot be eavesdropped or tampered with |
| CDN acceleration | 300+ global edge nodes | Fast connection from anywhere |
| DDoS protection | Built into Cloudflare | Shields your service from attacks |
| Automatic SSL | Cloudflare handles certificates | No manual HTTPS configuration |
What This Means for You
Stronger Security
- No public ports: your VPS exposes nothing inbound
- Hidden real IP: outsiders see Cloudflare’s IP, not yours
- Automatic protection: DDoS attacks are absorbed by Cloudflare
Greater Convenience
- No DNS configuration: realvco provides a
*.realvco.comsubdomain - Automatic HTTPS: certificates auto-renew
- Global acceleration: quick access whether you’re in Taiwan, the US, or Europe
Simpler Operations
- No firewall setup: no iptables or UFW
- No port forwarding: no router or NAT config
- No certificate management: no Let’s Encrypt or SSL juggling
Technical Architecture
Inside Your mVPS
┌─────────────────────────────────────┐
│ Your mVPS │
│ ┌─────────────────────────────┐ │
│ │ Cloudflare Tunnel Agent │ │ ◄── outbound connection
│ │ (cloudflared) │ │
│ └─────────────────────────────┘ │
│ │ │
│ ┌───────────┼───────────┐ │
│ ▼ ▼ ▼ │
│ ┌────┐ ┌────┐ ┌────┐ │
│ │Rose│ │Ada │ │Vi │ │ ◄── 3 AI companions
│ │:80 │ │:80 │ │:80 │ │
│ └────┘ └────┘ └────┘ │
│ │ │ │ │
│ ┌┴─────────┴─────────┴┐ │
│ │ OpenClaw Gateway │ │
│ │ (port 8080) │ │
│ └─────────────────────┘ │
│ │ │
│ ┌─────────┴──────────┐ │
│ ▼ ▼ │
│ ┌────────┐ ┌────────┐ │
│ │Admin │ │Public │ │
│ │Panel │ │pages │ │
│ └────────┘ └────────┘ │
└─────────────────────────────────────┘URL Mapping
| Service | Internal Port | Public URL |
|---|---|---|
| Admin Panel | 8080 | https://xxx-00.realvco.com |
| Rose | 18100 | https://xxx-1.realvco.com |
| Ada | 18200 | https://xxx-2.realvco.com |
| Vi | 18300 | https://xxx-3.realvco.com |
Every URL fronts through Cloudflare CDN for acceleration and protection.
Limits and Caveats
Cloudflare Dependency
- If Cloudflare is down, connectivity is affected
- Your VPS’s local services still run
- SSH (if configured) can still reach the VPS directly for maintenance
Bandwidth Considerations
- Cloudflare Tunnel has no cap on HTTP traffic
- Large file transfers may be slower (CDN hops)
- For bulk file transfers, SFTP / SCP directly to the VPS is recommended
Regional Restrictions
- realvco is globally available
- A handful of jurisdictions may not reach Cloudflare (rare)