Configuring the firewall on a Nginx server

We need to configure the firewall on our Nginx server to allow access to the Nginx service. Follow these steps:

1. Check the firewall status using the ufw command:

        sudo ufw status 

   You should see the following output:

        Status: inactive 

1. If it's enabled, move to step 3. But, if you find it disabled, then enable the firewall using the following command:

        sudo ufw enable  

   You should see the following output

        Command may disrupt existing ssh connections.
        Proceed with operation (y|n)? y 
        Firewall is active and enabled on system startup 

1. List the available configurations using the following command. You should see three Nginx profiles and one OpenSSH profile:

        sudo ufw app list  

   You should see the following output

        Available applications: 
          Nginx Full 
          Nginx HTTP 
          Nginx HTTPS 
          OpenSSH

The Nginx Full profile opens port 80 (unencrypted) and port 443 (TLS/SSL).

The Nginx HTTP profile opens only port 80 (unencrypted).

The Nginx HTTPS profile opens only port 443 (TLS/SSL).

The OpenSSH profile opens only port 22 (SSH).

It is always recommended to enable the most restrictive profile.

1. To keep things simple, we will enable the Nginx Full profile, as shown in the following command:

        sudo ufw allow 'Nginx Full'  
        Rules updated 
        Rules updated (v6) 

1. Also, enable the OpenSSH profile if it's not active, as shown. This will allow us to continue accessing our Nginx machine over SSH:

        sudo ufw allow 'OpenSSH' 

You won't be able to log in to your Nginx machine if OpenSSH is disabled.

1. Verify the changes using the following command. You should see Nginx Full and OpenSSH as allowed:

        sudo ufw status  

   You should see the following output:

        Status: active  
        To                         Action      From 
        --                         ------      ---- 
        OpenSSH                    ALLOW       Anywhere 
        Nginx Full                 ALLOW       Anywhere 
        OpenSSH (v6)               ALLOW       Anywhere (v6) 
        Nginx Full (v6)            ALLOW       Anywhere (v6)

1. Check if the Nginx service is running using the systemctl command:

        systemctl status nginx  

   You should see the following output:

        ● nginx.service - A high performance web server and a reverse proxy
        server 
           Loaded: loaded (/lib/systemd/system/nginx.service; enabled;
           vendor preset: enabled) 
           Active: active (running) since Thu 2017-07-20 18:44:33 UTC;
        45min ago 
         Main PID: 2619 (nginx) 
            Tasks: 2 
           Memory: 5.1M 
              CPU: 13ms 
           CGroup: /system.slice/nginx.service 
                   ├─2619 nginx: master process /usr/sbin/nginx
           -g daemon on;                master_process on 
                   └─2622 nginx: worker process

1. From the previous output, you can see that our Nginx service is running fine. Now try to access it using the browser. First, get the IP address of your machine using the ip route command:

        ip route  

   You should see the following output:

        default via 10.0.2.2 dev enp0s3
        10.0.2.0/24 dev enp0s3  proto kernel
        scope link src 10.0.2.15
        192.168.56.0/24 dev enp0s8  proto kernel  scope link
        src 192.168.56.104 

1. Now access the Nginx home page using http://<IP Address>:80. You should see something similar to the following screenshot:

The Nginx index page