Do you know that we also have a firewall for Ubuntu Cloud server? Just like we have for Windows PC and macOS system. It’s called Uncomplicated Firewall i.e. UFW Firewall.
We always hear about the hacks and data theft even for big brands and data companies. Whether it’s a small business in a local or huge multi-national company, there will always be a fear of data invasion. These firewalls actually work as a gate pass between the external world and the internal server.
In this article, we are going to learn how to install and configure the UFW firewall to allow only Nginx HTTPS and SSH connection to the Cloud Server.
If you follow, then this is the sixth article and video demo of the #CloudServer series. We recently published about LetsEncrypt setup for Nginx with a free SSL certificate.
Let’s dive into installing and configuring the UFW firewall for LEMP Stack server —
What is the UFW Firewall?
The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.
Once we define the rules about whom to ‘allow’ and ‘deny’ connection, and firewall kick’s out all other invalid access to the network.
Install UFW Firewall on Ubuntu
you can easily install the UFW firewall using the below command in SSH.
sudo apt install ufw
Once you’ve completed the installation, you can check the status of whether UFW is active or not using the below command.
sudo ufw status
If the firewall is active, you will be able to view all the existing rules using the above command. Something like below:
Enable IPv6 Support for UFW Firewall
The UFW is default enabled for IPv4, however, you can enable the support for IPv6 by editing the default folder. This is not mandatory unless you need it.
sudo nano /etc/default/ufw
Once you are in the editor mode, find the IPV6 line and modify it to reflect as below.
IPV6=yes
Close the editor once the change is done.
Setup Default policies for Connections
The default UFW policy only allows the outgoing network connection, and disable all incoming connection. This means you no outsider can connect the server unless you have allowed. But, any internal system can connect the outside world.
This helps improves overall network security and eliminate unauthorized login. Using below command you will just default to UFW settings to the originals.
Run the first command to deny any incoming connections.
sudo ufw default deny incoming
And this second command will be helping to allow all the outgoing connections only.
sudo ufw default allow outgoing
Allow UFW connection for SSH/SFTP
Since we have denied all the incoming connections, we need SSH to connect our server remotely.
In order to allow the SSH connection, just run below command.
sudo ufw allow SSH
If the above command doesn’t work. You can alternatively allow the connections to PORT 22 using the below command.
This also can also allow the SSH and SFTP connection to the Ubuntu Cloud server.
sudo ufw allow 22
You will now be able to connect SSH and SFTP safely.
Allow UFW Firewall for Nginx
We have allowed the SSH & SFTP connection, next we will be allowing the connection all the incoming and outgoing for our web server i.e. Nginx.
You can run the below command for allowing all HTTP and HTTPS incoming and outgoing connections to the Nginx web server using the below command.
sudo ufw allow 'Nginx Full'
However, if you want to just enable the HTTP connection, i.e. the connection to port 80, then you can allow using the below command.
sudo ufw allow 'Nginx HTTP'
Lastly, if you’ve SSL encrypted connection to the web server, then you can just allow the HTTPS to Nginx using the below command.
sudo ufw allow 'Nginx HTTPS'
This will open the connection only to port number 443 for a secured connection.
Enable and Disable the UFW Firewall
We can easily enable the UFW Firewall on Ubuntu using below command:
sudo ufw enable
In order to disable Firewall protection, you can run the below command:
sudo ufw disable
Watch the video demo of UFW Firewall Setup
Watch the video of setting up the UFW Firewall on connections for Nginx HTTPS and SSH connection.
Hope you liked the video and found it helpful. Please subscribe to our channel.
What’s next in the #CloudServer series?
You’ve learned how to set up the UFW Firewall, next we are going add some additional Nginx security snippet. This will even make the server security stronger and avoid being hacked by injecting cross scripts.
If you've any thoughts on Easily Setup UFW Firewall in Ubuntu Cloud Server with LEMP Stack, then feel free to drop in below comment box. Also, please subscribe to our restoreBin YouTube channel for amazing videos tips. Cheers!