Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

February 17, 2019 348 views
Ubuntu 18.04 DigitalOcean Cloud Firewalls

Hello, I have a droplet set up as follows:

module "bastion_server" {
  ipv6                            = "false"
  region                        = "nyc1"
  private_networking  = "false}"
  name                         = "somename"
  source                       = "mysource"
  ssh_fingerprint         = ["${var.default_ssh_key_fingerprint}"]
}

and the following firewall rule set up:

resource "digitalocean_firewall" "bastion_server" {
  name = "only-ports-22-80-and-443"
  droplet_ids = ["${module.bastion_server.id}"]

  inbound_rule = [
    {
      protocol = "tcp"
      port_range = "22"
      source_addresses = ["myIP"]
    },
    {
      protocol = "tcp"
      port_range = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }, 
    {
      protocol = "icmp"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]

  outbound_rule = [ 
    {
      protocol = "icmp"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]
 }

With the above rules, I expect that this server allows:

  • ssh access from my ip only
  • inbound http and https connections from the internet
  • outbound responses to http/https and ICMP queries

The result though is that I can:

  • ssh into the server
  • but can’t install packages

Can someone please help me pinpoint what rule I am missing?

Thank you

Can someone please tell me what I am missing? Are

1 comment
1 Answer

Hi there,

Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening.
If it still doesn’t work, give some morer logs ;)

Have another answer? Share your knowledge.