Hi there!

I have Flask (port 5000) and Angular (port 80) running on my droplet. I’d like to allow connections to my Flask backend only from the Angular app. I configure my firewall rules using ufw. From what I understand, the commands below should do the trick:

sudo ufw deny 5000/tcp
sudo ufw allow from to any port 5000 proto tcp

Unfortunately they doesn’t work and I end up with the Flask app being inaccessible from any IP. Is there any other way to achieve my goal? Perhaps other ufw rules?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers

Sorry for a duplicated question (and for posting my droplet IP. I should have mask it, unfortunately there is no edit option).


It is possible that the outgoing TCP connections on port 5000 are not allowed on your Angular Droplet. To test that what you could do is SSH to the droplet and then run:

telnet portquiz.net 5000

If you are unable to connect then you have to open port 5000 for outgoing TCP traffic on your frontend Droplet, you could do this with this command:

sudo ufw allow out 5000

Let me know how it goes!

  • This is the result of telnet command:

    Connected to portquiz.net.

    So I guess that everything is okay.

    I host both apps on a single droplet using Apache. From what I understand, the connection to backend server is made using my computer’s IP address, not my droplet’s IP, hence the error. I have also tried to modify my virtual host to no avail:

    <VirtualHost *:80>
        <Location />
          Require local

    I wonder if plugging a domain would change anything?

    • Hi there @izdwuut,

      The output of the telnet command looks alright indeed.

      As the two services, the backend and the frontend, are running on the same Droplet they should be able to communicate locally with the port closed for the rest of the world.

      If you are trying to access the Flask from your own PC, could you try running the following from your terminal to make sure that you have allowed the correct IP address:

      curl ifconfig.io

      Let me know how it goes.

Submit an Answer