Native Android developer/Consultant for Appwise, I work on custom projects for clients.
PHP/JS (web) developer in my freetime. Trying to keep learning in an ever changing tech world.
Great post! This is also my default workflow when I setup a new VPS.
Just a couple of tips:
Just like SSH has an alternative syntax you can do the same for port 80 and 443. ufw allow http & ufw allow https
You can also run the command: ufw app list
This will show a list of available applications that you can add to your UFW firewall so that if the port config has changed for example this will also be updated in your UFW.
My UFW rules:
To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
If you want your server to accept IPv6 you will need to enable this in your UFW config.
sudo nano /etc/default/ufw
And then change this: IPV6=yes
UFW reboot required after this change of course.
For fail2ban I have 3 jails enabled: sshd, sshd-ddos and nginx-botsearch
Current status for my sshd jail:
Status for the jail: sshd
|- Filter
| |- Currently failed: 2
| |- Total failed: 28259
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 78
`- Banned IP list:
I have 17 years of experience as a Full Stack Developer. I like how Python is robust and JavaScript is ambitious. Sometimes I dream in my mind about the wind in my sail...
Great post! This is also my default workflow when I setup a new VPS.
Just a couple of tips:
Just like SSH has an alternative syntax you can do the same for port 80 and 443.
ufw allow http&ufw allow httpsYou can also run the command:
ufw app listThis will show a list of available applications that you can add to your UFW firewall so that if the port config has changed for example this will also be updated in your UFW.
My UFW rules:
If you want your server to accept IPv6 you will need to enable this in your UFW config.
And then change this:
IPV6=yesUFW reboot required after this change of course.
For fail2ban I have 3 jails enabled:
sshd,sshd-ddosandnginx-botsearchCurrent status for my
sshdjail:Thanks to you, I pay attention to
sshd-ddos!In front of the nginx on my server I have traefik inside the docker container. I will try to research how to make them work together.