If you are following my mini-series this is PART ONE

In this post we will using Nginx to deploy a reverse proxy for our applications. We'll also enable UFW (Uncomplicated Firewall) to reduce the attack surface of our network.

As usual - commands are provided as examples, your system requirements may vary.

Prerequisites


Ubuntu 24.04 (Long Term Support) Server with root access. (This will work on others but we are specifically using this version for this guide)

Installing Nginx

As we are using an LTS ubuntu we stick with the package repos. 

sudo apt update
sudo apt install nginx

It's also worth enabling at boot so if you restart your server Nginx will start automatically

systemctl daemon-reload
systemctl enable nginx
systemctl start nginx

UFW

⚠️
Changing UFW can cause you to lose access to your system remotely. If you only have access via SSH be careful whilst enabling or changing firewall rules

Lets ensure SSH remains available -

sudo ufw allow 22

If you feel comfortable and are accessing your server from a static IP you can restrict this further 

sudo ufw allow from 100.100.100.100 proto tcp to any port 22

UFW lets you define rules via application profiles so to enable Nginx you can do the following. 

sudo ufw allow "Nginx HTTPS"
sudo ufw delete allow "Nginx Full"

Alternatively you can allow each port required 

sudo ufw allow 443
sudo ufw allow 80

To check the status of UFW you can use

sudo ufw status

To enable or disable UFW you should use the following

sudo ufw enable
# to disable UFW
sudo ufw disable