Easily Setup UFW Firewall in Ubuntu Cloud Server with LEMP Stack

Kushal Azza · Jan 6, 2020
Learn how to setup the UFW Firewall in Ubuntu Cloud Server to allow and deny specific network and an IP connection to the LEMP Stack. Also, allow only Nginx HTTPS request to the server.

Do you know that we also have a firewall for Ubuntu Cloud server? Just like we have for Windows PC and macOS system. It’s called Uncomplicated Firewall i.e. UFW Firewall.

We always hear about the hacks and data theft even for big brands and data companies. Whether it’s a small business in a local or huge multi-national company, there will always be a fear of data invasion. These firewalls actually work as a gate pass between the external world and the internal server.

In this article, we are going to learn how to install and configure the UFW firewall to allow only Nginx HTTPS and SSH connection to the Cloud Server.

If you follow, then this is the sixth article and video demo of the #CloudServer series. We recently published about LetsEncrypt setup for Nginx with a free SSL certificate.

Let’s dive into installing and configuring the UFW firewall for LEMP Stack server —

What is the UFW Firewall?

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.

Once we define the rules about whom to ‘allow’ and ‘deny’ connection, and firewall kick’s out all other invalid access to the network.

Install UFW Firewall on Ubuntu

you can easily install the UFW firewall using the below command in SSH.

sudo apt install ufw

Once you’ve completed the installation, you can check the status of whether UFW is active or not using the below command.

sudo ufw status

Install UFW Firewall and view Running Status

If the firewall is active, you will be able to view all the existing rules using the above command. Something like below:
UFW Status with Active Rules

Enable IPv6 Support for UFW Firewall

The UFW is default enabled for IPv4, however, you can enable the support for IPv6 by editing the default folder. This is not mandatory unless you need it.

sudo nano /etc/default/ufw

Once you are in the editor mode, find the IPV6 line and modify it to reflect as below.

Hire Kushal Azza on restoreBin
IPV6=yes

IPV6 Support in UFW Firewall

Close the editor once the change is done.

Setup Default policies for Connections

The default UFW policy only allows the outgoing network connection, and disable all incoming connection. This means you no outsider can connect the server unless you have allowed. But, any internal system can connect the outside world.

This helps improves overall network security and eliminate unauthorized login. Using below command you will just default to UFW settings to the originals.

Run the first command to deny any incoming connections.

sudo ufw default deny incoming

And this second command will be helping to allow all the outgoing connections only.

sudo ufw default allow outgoing

Default Policies for UFW connections

Allow UFW connection for SSH/SFTP

Since we have denied all the incoming connections, we need SSH to connect our server remotely.

In order to allow the SSH connection, just run below command.

sudo ufw allow SSH

If the above command doesn’t work. You can alternatively allow the connections to PORT 22 using the below command.

This also can also allow the SSH and SFTP connection to the Ubuntu Cloud server.

sudo ufw allow 22

Allow Port 22 connection with Firewall

You will now be able to connect SSH and SFTP safely.

Allow UFW Firewall for Nginx

We have allowed the SSH & SFTP connection, next we will be allowing the connection all the incoming and outgoing for our web server i.e. Nginx.

You can run the below command for allowing all HTTP and HTTPS incoming and outgoing connections to the Nginx web server using the below command.

sudo ufw allow 'Nginx Full'

However, if you want to just enable the HTTP connection, i.e. the connection to port 80, then you can allow using the below command.

Hire Kushal Azza on restoreBin
sudo ufw allow 'Nginx HTTP'

Lastly, if you’ve SSL encrypted connection to the web server, then you can just allow the HTTPS to Nginx using the below command.

sudo ufw allow 'Nginx HTTPS'

Allow Nginx HTTPS in UFW Firewall

This will open the connection only to port number 443 for a secured connection.

Enable and Disable the UFW Firewall

We can easily enable the UFW Firewall on Ubuntu using below command:

sudo ufw enable

Enable UFW Firewall Status

In order to disable Firewall protection, you can run the below command:

sudo ufw disable

Watch the video demo of UFW Firewall Setup

Watch the video of setting up the UFW Firewall on connections for Nginx HTTPS and SSH connection.

Setup UFW Firewall in Ubuntu Cloud to allow Nginx and SSH

Subscribe on YouTube

Hope you liked the video and found it helpful. Please subscribe to our channel.

What’s next in the #CloudServer series?

You’ve learned how to set up the UFW Firewall, next we are going add some additional Nginx security snippet. This will even make the server security stronger and avoid being hacked by injecting cross scripts.

If you've any thoughts on Easily Setup UFW Firewall in Ubuntu Cloud Server with LEMP Stack, then feel free to drop in below comment box. Also, please subscribe to our restoreBin YouTube channel for amazing videos tips. Cheers!

Hire Kushal Azza on restoreBin

Tags:

Share
Kushal Azza
Fond of latest technologies and gadgets. I'm a digital dev and analytics consultant. Also, the geek behind this blog!

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *