Nginx and UFW

Nginx and UFW

This is part of a mini series about self hosting your stuff. If you are following in order then this is Part One!.

In this post we will install Nginx so we can eventually deploy a reverse proxy for our applications. We'll also enable UFW (Uncomplicated Firewall) to reduce the attack surface of our network and we'll enable TLS.

As usual - commands are provided as examples, your system requirements may vary.

Prerequisites

Ubuntu 24.04 (Long Term Support) Server with root access. (This will work on others but
we are specifically using this ve rsion for this guide). Update your system in preparation.

sudo apt update
sudo apt upgrade

Install Nginx

As we are using an LTS ubuntu we stick with the package repos.

sudo apt install nginx

It's also worth enabling at boot so if you restart your server Nginx will start automatically

sudo systemctl enable nginx

UFW Configuration

UFW ( Uncomplicated Firewall is a package to allow easier control for nftables (or iptables if you're on older systems)

UFW lets you define rules, to allow http, https and ssh you can do the following.

ufw allow https
ufw allow http # if you need port 80
ufw allow ssh # this will allow ssh in general, this is not restricted to a port.

UFW also lets you allow things via application profiles so for Nginx, you can do

ufw allow 'Nginx Full'

To enable or disable UFW you should use the following

ufw enable #activates and turns on netfilter with your rules
ufw disable #disables the rules. 

If you wish to restrict your ports to only allow connections from a certain IP you can do so like so - remember that doing this wrong could lock you out of your system so becareful, especially if you don't have physical access to the server.

sudo ufw allow from 111.111.111.111 to any port 22 proto tcp #replace 111. with your IP address. 

To check the status of the firewall you can use

ufw status

Finish

That's it, Nginx isn't running yet but the basics are done. Now onto Part 2