Blog About Contact

Setting Up iptables for SSH/HTTP/HTTPS for new server install

Published Mon, 7 Apr 2014

Whenever I set up a new cloud server I have to lookup the commands to set up iptables correctly for the three sevices I almost always have switched on - SSH, HTTP, HTTPS. So here's a script for later reference!

iptables -F
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -j DROP

Also a basic port 8080 reverse proxy setup for HTTP/HTTPS on nginx is handy too...

upstream app {
    #ip_hash;
    server localhost:8080;
}

server {
    listen 80;
    #rewrite ^(.*) https://$host$1 permanent;
    location / {
        proxy_pass http://app;
        proxy_redirect http:// https://;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
 }

server {

    listen 443;
    ssl on;
    ssl_certificate      /etc/nginx/myssl.crt;
    ssl_certificate_key  /etc/nginx/myssl.key;
    server_name  localhost;

    location / {
        proxy_pass http://app;
        proxy_redirect http:// https://;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

About the Author

Richard Nichols is an Australian software engineer with a passion for making things.

Follow him on twitter or subscribe by RSS or email.

You might also enjoy reading -


Discuss / Comment

No one has commented yet.

Add a comment

  • {{e.error}}

Thanks for your comment!/

Required.
Valid email address required.
Required.
Posting message, please wait...