Report this

What is the reason for this report?

Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

Posted on February 17, 2019

Hello, I have a droplet set up as follows:

module "bastion_server" {
  ipv6                            = "false"
  region                        = "nyc1"
  private_networking  = "false}"
  name                         = "somename"
  source                       = "mysource"
  ssh_fingerprint         = ["${var.default_ssh_key_fingerprint}"]
}

and the following firewall rule set up:

resource "digitalocean_firewall" "bastion_server" {
  name = "only-ports-22-80-and-443"
  droplet_ids = ["${module.bastion_server.id}"]

  inbound_rule = [
    {
      protocol = "tcp"
      port_range = "22"
      source_addresses = ["myIP"]
    },
    {
      protocol = "tcp"
      port_range = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }, 
    {
      protocol = "icmp"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]

  outbound_rule = [ 
    {
      protocol = "icmp"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]
 }

With the above rules, I expect that this server allows:

  • ssh access from my ip only
  • inbound http and https connections from the internet
  • outbound responses to http/https and ICMP queries

The result though is that I can:

  • ssh into the server
  • but can’t install packages

Can someone please help me pinpoint what rule I am missing?

Thank you

Can someone please tell me what I am missing? Are



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there,

Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening. If it still doesn’t work, give some morer logs ;)

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.