Configuring access ports 80,443 (http/s)

NOTE: Please make sure that you have added SSH rules earlier

Allow access to HTTP(s) for CloudFlare networks only

Apply automatically:

Execute the command:

wget -q -O - https://gitlab.com/BoxExchanger-public/ufw-cloudflare/-/raw/main/cf_install.sh | sudo sh

Enable UFW.
```
ufw enable
```

Manual set up:

Create a folder to store the script:
```
mkdir -p ~/.scripts/cf_ips
```

Create a script with the following contents:

nano ~/.scripts/cf_ips/cf_ips.sh

cf_ips.sh

#!/bin/sh
PATH=$PATH:/sbin
wget https://www.cloudflare.com/ips-v4 -qO /tmp/cf_ips
echo "" >> /tmp/cf_ips
wget https://www.cloudflare.com/ips-v6 -qO ->> /tmp/cf_ips
for cfip in `cat /tmp/cf_ips`; do ufw allow proto tcp from $cfip to any port 80,443 comment "Cloudflare IP"; done
rm /tmp/cf_ips

Clean the temporary service file
```
rm /tmp/cf_ips
```

Set the cron (timer) to update addresses once a day

echo "0 0 * * * ~/.scripts/cf_ips/cf_ips.sh" | crontab -

Enable UFW.
```
ufw enable
```

Allow access to HTTP(s) for all networks

WARNING: this instruction is for those who do not use Cloudflare if you are using CloudFlare for your site use the instruction above

Allow access 80 and 443
```
ufw allow 80
```
```
ufw allow 443
```
Enable UFW.
```
ufw enable
```

PreviousConfiguring port 22 access (ssh)NextIP whitelisted by CloudFlare

Last updated 1 year ago