UFW Setup - Cloudflare IPs and apt-get and SSH
I’m a little unsure on how to handle this:
I have a Dokku droplet which sits behind my Cloudflare. Now I want to whitelist only cloud flare IPs to access that droplet, however I also need to be able to SSH into that droplet (from anywhere I may be, so a fixed IP isn’t possible), need to be able to push code to my dokku master and I would also like things like apt-get to work without causing an issue.
So, are these the ports I need to allow - and would Cloudflare only need 443 (as I’m using Full Strict SSL on their side)
Or do i also need port 80? As surely my node app, when doing a build may require things from npm?
A little confused. It just feels like there’s not much I can do. I don;t see the point of even adding those Cloudflare IPs, if say something like NPM would require port 80 from anywhere.