0

I want to set up an nginx reverse proxy behind a NAT. It will proxy multiple internal servers to the outside world. ALL services will run on a non-standard port (i.e. not on 80 or 443). nginx will also do the HTTPS encryption for the internal servers which use HTTP. For that I want to use Let's Encrypt with certbot. Therefore I need to allow connections on ports 80+433 to nginx.

Is there a way to block any access to these ports apart from when certbot renews the certificates? As stated before, these ports are not used for anything else.

masgo
  • 433
  • 1
  • 4
  • 12
  • Use a wrapper script around certbot to open and close those ports in the firewall? – wurtel Jul 18 '19 at 11:53
  • just to be clear, the nginx has a public ip and the rest is served by sub hosts from lan? if yes thats quite easy, but first tell us more about your Plans @masgo – djdomi Jul 27 '19 at 19:19

0 Answers0