Question
Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)
- Posted February 17, 2019
- DigitalOcean Cloud FirewallsUbuntu 18.04
Hello, I have a droplet set up as follows:
module "bastion_server" {
ipv6 = "false"
region = "nyc1"
private_networking = "false}"
name = "somename"
source = "mysource"
ssh_fingerprint = ["${var.default_ssh_key_fingerprint}"]
}
and the following firewall rule set up:
resource "digitalocean_firewall" "bastion_server" {
name = "only-ports-22-80-and-443"
droplet_ids = ["${module.bastion_server.id}"]
inbound_rule = [
{
protocol = "tcp"
port_range = "22"
source_addresses = ["myIP"]
},
{
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "icmp"
source_addresses = ["0.0.0.0/0", "::/0"]
}
]
outbound_rule = [
{
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
]
}
With the above rules, I expect that this server allows:
- ssh access from my ip only
- inbound http and https connections from the internet
- outbound responses to http/https and ICMP queries
The result though is that I can:
- ssh into the server
- but can’t install packages
Can someone please help me pinpoint what rule I am missing?
Thank you
Can someone please tell me what I am missing? Are
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Accepted Answer
Hi there,
Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening. If it still doesn’t work, give some morer logs ;)
Duh! Also open up 80 and 443. Sigh!
EDIT: that does not solve the problem. What am I doing wrong?