0

I installed Nginx on my Ubuntu 18.04 server with the following command :

$ sudo apt-add-repository ppa:hda-me/nginx-stable

$ sudo apt update

$ ubuntu@www-example-com:~$ sudo apt install brotli nginx nginx-module-brotli
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  brotli nginx nginx-module-brotli
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,088 kB of archives.
After this operation, 4,340 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/hda-me/nginx-stable/ubuntu bionic/main amd64 nginx amd64 1.17.3-2-ppa7~bionic [566 kB]
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 brotli amd64 1.0.3-1ubuntu1.2 [266 kB]
Get:3 http://ppa.launchpad.net/hda-me/nginx-stable/ubuntu bionic/main amd64 nginx-module-brotli amd64 1.17.3-2-ppa7~bionic [256 kB]
Fetched 1,088 kB in 0s (10.6 MB/s)       
Selecting previously unselected package brotli.
(Reading database ... 91558 files and directories currently installed.)
Preparing to unpack .../brotli_1.0.3-1ubuntu1.2_amd64.deb ...
Unpacking brotli (1.0.3-1ubuntu1.2) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.17.3-2-ppa7~bionic_amd64.deb ...
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

You could find nginx-hda-bundle repository here:
* https://github.com/cryptofuture/nginx-hda-bundle

Please consider making a donation:
* https://github.com/cryptofuture/nginx-hda-bundle#donation

----------------------------------------------------------------------
Unpacking nginx (1.17.3-2-ppa7~bionic) ...
Selecting previously unselected package nginx-module-brotli.
Preparing to unpack .../nginx-module-brotli_1.17.3-2-ppa7~bionic_amd64.deb ...
----------------------------------------------------------------------

The Brotli dynamic module for nginx has been installed.
To enable this module, add the following to /etc/nginx/nginx.conf
and reload nginx:
    # ngx_brotli filter module - used to compress responses on-the-fly.
    load_module modules/ngx_http_brotli_filter_module.so;
    # ngx_brotli static module - used to serve pre-compressed files.
    # Both modules could be used separately
    load_module modules/ngx_http_brotli_static_module.so;

Please refer to the module documentation for further details:
https://github.com/google/ngx_brotli

----------------------------------------------------------------------
Unpacking nginx-module-brotli (1.17.3-2-ppa7~bionic) ...
Setting up nginx (1.17.3-2-ppa7~bionic) ...
Setting up brotli (1.0.3-1ubuntu1.2) ...
Setting up nginx-module-brotli (1.17.3-2-ppa7~bionic) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.39) ...

My problem is that it is impossible for me to add Nginx to my firewall with the following command. I don't understand why it doesn't work :

$ ubuntu@www-example-com:~$ sudo ufw allow 'Nginx Full'
ERROR: Could not find a profile matching 'Nginx Full'

$ ubuntu@www-example-com:~$ sudo ufw app list
Available applications:
  OpenSSH

UPDATE

ubuntu@www-example-com:~$ sudo ufw allow 80
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow 443
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow http
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow https
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw app list
Available applications:
  OpenSSH
Mathieu
  • 5
  • 2
  • 4
  • You don't need to have an application profile specifically for nginx. By allowing traffic on port 80 and 443 you have accomplished the same thing. The output of `sudo ufw status` should report that tcp traffic to those ports is currently allowed. – sippybear Mar 06 '20 at 22:31

2 Answers2

3

You could try just allowing the standard HTTP/HTTPS ports with these commands

sudo ufw allow 80
sudo ufw allow 443

I think you can also specify the protocols like this

sudo ufw allow http
sudo ufw allow https
Diego Velez
  • 825
  • 1
  • 7
  • 13
  • I understand absolutely nothing. My server has just been installed and even your answer does not work. – Mathieu Mar 06 '20 at 21:05
0

The output of sudo ufw app list reveals that no nginx profile was created.

This post over on the ubuntu stack exchange has a nice summary of how to create an application profile, or you can use the simpler solution that @Diego Velez suggests (which is what I would do)

sippybear
  • 3,197
  • 1
  • 13
  • 12