How to Setup Firewall in an Nginx Server with Configuration

Introduction

UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables.

In today's digital landscape, cybersecurity has become more critical than ever. As the number of online threats continues to rise, protecting your server from unauthorized access and malicious attacks is essential. One of the most effective ways to safeguard your Nginx web server is by implementing a firewall. A firewall acts as a barrier between your server and the outside world, controlling the incoming and outgoing traffic based on pre-defined rules. In this blog post, we will walk you through the process of setting up a firewall for your Nginx server to enhance its security and protect it from potential threats.

Prerequisites

Before we begin, ensure that you have the following:

  1. An Nginx web server installed and configured.

  2. Access to your server with administrative privileges.

  3. Basic knowledge of the Linux terminal.

Step 1: Update Your System

Start by updating your system's package list to ensure that you have the latest software repositories and packages.

sudo apt update 

sudo apt upgrade

Step 2: Install UFW

UFW is a user-friendly interface for managing iptables, the default firewall management tool for Linux. Let's install UFW:

sudo apt install ufw

Step 3: Enable UFW

After the installation is complete, enable UFW to start protecting your server:

sudo ufw enable

Step 4: Set Default Policies

By default, UFW denies all incoming and outgoing traffic. To allow essential services like SSH, HTTP, and HTTPS, we need to set the default policies accordingly:

sudo ufw default deny incoming 

sudo ufw default allow outgoing

Step 5: Allow SSH Connections

If you're connected to your server via SSH, make sure to allow SSH traffic to avoid getting locked out:

sudo ufw allow ssh

Step 6: Allow Nginx HTTP and HTTPS

If your Nginx server is hosting websites, allow HTTP (port 80) and HTTPS (port 443) traffic:

sudo ufw allow http 

sudo ufw allow https

Step 7: Allow Additional Services (Optional)

Depending on your specific server setup, you might need to allow other services such as FTP (port 21) or SMTP (port 25). Use the following command to enable them:

sudo ufw allow <port_number>

Step 8: Check Status and Enable UFW

Before enabling UFW, it's good to review the rules and check if everything is set correctly:

sudo ufw status verbose

If the status output looks good, go ahead and enable UFW:

sudo ufw enable

Step 9: Managing Rules

To add or remove rules at any time, use the allow and deny commands with the desired port numbers or services. For example:

sudo ufw allow 1234/tcp 

sudo ufw deny 5678/udp

Conclusion

Your firewall is now configured to allow (at least) SSH connections. Be sure to allow any other incoming connections that your server needs, while limiting any unnecessary connections, so your server will be functional and secure.

With the firewall in place, your server is now better protected against potential threats and unauthorized access. Always remember to keep your system and firewall rules up to date to ensure maximum security.

Note: Before implementing firewall rules, it's crucial to have a clear understanding of your server's specific requirements and services. Misconfigured firewalls can lead to unintended consequences, such as blocking legitimate traffic, so proceed with caution and make sure to backup your server data before making significant changes.