Uncomplicated Firewall... how do we set that up?
Just before (or immediately after) you've got nginx installed, it's time to think about getting a firewall in place.
ufw (Ucomplicated FireWall) is just the ticket.
Enable ufw, and allow 80, for inbound http requests, and 22 for SSH, as follows:
sudo ufw enable;sudo ufw allow 22/tcp;sudo ufw allow 80/tcp
To check if
ufw is set up as expected...
$ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6)
And for extra info you can try:
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6)
And to see which apps are registered with ufw...
$ sudo ufw app list Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
Considerations for later...
HTTPS connections can be allowed with this command:
sudo ufw allow https
If you'd rather use the port number, 443, use this command:
sudo ufw allow 443