Question

Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

Hello, I have a droplet set up as follows:

module "bastion_server" {
  ipv6                            = "false"
  region                        = "nyc1"
  private_networking  = "false}"
  name                         = "somename"
  source                       = "mysource"
  ssh_fingerprint         = ["${var.default_ssh_key_fingerprint}"]
}

and the following firewall rule set up:

resource "digitalocean_firewall" "bastion_server" {
  name = "only-ports-22-80-and-443"
  droplet_ids = ["${module.bastion_server.id}"]

  inbound_rule = [
    {
      protocol = "tcp"
      port_range = "22"
      source_addresses = ["myIP"]
    },
    {
      protocol = "tcp"
      port_range = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }, 
    {
      protocol = "icmp"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]

  outbound_rule = [ 
    {
      protocol = "icmp"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]
 }

With the above rules, I expect that this server allows:

  • ssh access from my ip only
  • inbound http and https connections from the internet
  • outbound responses to http/https and ICMP queries

The result though is that I can:

  • ssh into the server
  • but can’t install packages

Can someone please help me pinpoint what rule I am missing?

Thank you

Can someone please tell me what I am missing? Are

Subscribe
Share

Duh! Also open up 80 and 443. Sigh!

EDIT: that does not solve the problem. What am I doing wrong?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there,

Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening. If it still doesn’t work, give some morer logs ;)