Question

How to allow git connections with UFW firewall

I am setting up a server by following the directions here:

Initial set up of Ubuntu 20.04 server: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04

Installing Nginx: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04

Securing Nginx: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

I’ve followed everything step-by-step and my server works on HTTPS. However when I try to clone a git repo hosted on GitLab, the connection repeatedly fails with the following error:

kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Now, I have generated an SSH key on my server (via ssh-keygen) and added the public SSH key to the Gitlab website.

However the firewall is not allowing me to connect. I have tried “sudo ufw allow git” but this did not work.

I was able to clone the repo by disabling the firewall (sudo ufw disable) and then enabling the firewall after the repo has been cloned, however this is not a realistic solution for obvious reasons.

Can anyone help out? Do I allow a certain port or specific IP for Gitlab connections?

Thanks

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

KFSysMarch 2, 2021

Hi @feynnbot,

Git has two types of cloning its repo via HTTP or SSH. In order to allow SSH, you can do :

ufw allow openssh

Then try

ufw status

To see all allowed connections.

Additionally, I’ll allow HTTP connections as well.

Alternatively, I’ve seen on some other forums that the following should work as well

# For allowing access to github.com
sudo ufw allow out on eth0 to 192.30.252.0/22 port 22

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up