Question
How to allow git connections with UFW firewall
- Posted March 1, 2021
- GitFirewallUbuntu 20.04Nginx
I am setting up a server by following the directions here:
Initial set up of Ubuntu 20.04 server: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04
Installing Nginx: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
Securing Nginx: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
I’ve followed everything step-by-step and my server works on HTTPS. However when I try to clone a git repo hosted on GitLab, the connection repeatedly fails with the following error:
kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Now, I have generated an SSH key on my server (via ssh-keygen) and added the public SSH key to the Gitlab website.
However the firewall is not allowing me to connect. I have tried “sudo ufw allow git” but this did not work.
I was able to clone the repo by disabling the firewall (sudo ufw disable) and then enabling the firewall after the repo has been cloned, however this is not a realistic solution for obvious reasons.
Can anyone help out? Do I allow a certain port or specific IP for Gitlab connections?
Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi @feynnbot,
Git has two types of cloning its repo via HTTP or SSH. In order to allow SSH, you can do :
Then try
To see all allowed connections.
Additionally, I’ll allow HTTP connections as well.
Alternatively, I’ve seen on some other forums that the following should work as well