How to set up UFW with Nginx

Configure UFW firewall rules to allow HTTP, HTTPS, and SSH traffic for an Nginx web server on Ubuntu.

Prerequisites
Step-by-Step: Set Up UFW with Nginx
1. Allow SSH Before Enabling UFW
2. Allow Nginx HTTP and HTTPS with UFW Application Profile
3. Set Default Policies
4. Enable UFW
5. Verify the Rules
Common Issues

Configure UFWto allow HTTP (port 80), HTTPS (port 443), and SSH(port 22) traffic for a production Nginxweb server on Ubuntu.

Prerequisites

Ubuntu server with Nginx and UFW installed
Root or sudo access

Step-by-Step: Set Up UFW with Nginx

1. Allow SSH Before Enabling UFW

sudo ufw allow ssh

Always add the SSH rule first.Enabling UFW without SSH access locks you out of a remote server.

2. Allow Nginx HTTP and HTTPS with UFW Application Profile

UFW includes predefined application profiles for Nginx:

sudo ufw allow 'Nginx Full'

The Nginx Full profile opens both port 80 (HTTP) and port 443 (HTTPS). Alternatives: Nginx HTTP (port 80 only) and Nginx HTTPS (port 443 only).

3. Set Default Policies

sudo ufw default deny incoming
sudo ufw default allow outgoing

4. Enable UFW

sudo ufw enable

5. Verify the Rules

sudo ufw status verbose

Common Issues

Certbotfails after enabling UFW— The ACME HTTP-01 challenge requires port 80. Ensure Nginx Full or Nginx HTTP profile is allowed. See Certbot: Some challenges have failed.