Configuring access ports 80,443 (http/s)

NOTE: Please make sure that you have added SSH rules earlier

Allow access to HTTP(s) for CloudFlare networks only

Apply automatically:

  1. Execute the command:

    wget -q -O - https://gitlab.com/BoxExchanger-public/ufw-cloudflare/-/raw/main/cf_install.sh | sudo sh

  2. Enable UFW.

    ufw enable

Manual set up:

  1. Create a folder to store the script:

    mkdir -p ~/.scripts/cf_ips

  2. Create a script with the following contents:

    nano ~/.scripts/cf_ips/cf_ips.sh
    cf_ips.sh
    #!/bin/sh
PATH=$PATH:/sbin
wget https://www.cloudflare.com/ips-v4 -qO /tmp/cf_ips
echo "" >> /tmp/cf_ips
wget https://www.cloudflare.com/ips-v6 -qO ->> /tmp/cf_ips
for cfip in `cat /tmp/cf_ips`; do ufw allow proto tcp from $cfip to any port 80,443 comment "Cloudflare IP"; done
rm /tmp/cf_ips

  3. Clean the temporary service file

    rm /tmp/cf_ips

  4. Set the cron (timer) to update addresses once a day

    echo "0 0 * * * ~/.scripts/cf_ips/cf_ips.sh" | crontab -

  5. Enable UFW.

    ufw enable
Allow access to HTTP(s) for all networks

WARNING: this instruction is for those who do not use Cloudflare if you are using CloudFlare for your site use the instruction above

  1. Allow access 80 and 443

    ufw allow 80
    ufw allow 443

  2. Enable UFW.

    ufw enable
PreviousConfiguring port 22 access (ssh)NextIP whitelisted by CloudFlare

Last updated