Close most ports on the deploy box by default
I noticed that incoming port 3000 connections were being allowed, oops! Not a huge deal, but I don't want to allow connections without HTTPS, and I don't want surprise surface area even if I'm not currently aware of attacks on it. Close it out!
This commit is contained in:
parent
9310a250d6
commit
8f28f87bee
1 changed files with 24 additions and 0 deletions
|
|
@ -24,6 +24,30 @@
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
|
|
||||||
|
- name: Configure ufw firewall to allow SSH connections on port 22
|
||||||
|
become: yes
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "22"
|
||||||
|
|
||||||
|
- name: Configure ufw firewall to allow HTTP connections on port 80
|
||||||
|
become: yes
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "80"
|
||||||
|
|
||||||
|
- name: Configure ufw firewall to allow HTTP connections on port 443
|
||||||
|
become: yes
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "443"
|
||||||
|
|
||||||
|
- name: Enable ufw firewall with all other ports closed by default
|
||||||
|
become: yes
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
||||||
|
policy: deny
|
||||||
|
|
||||||
- name: Create the app versions folder
|
- name: Create the app versions folder
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue