Close most ports on the deploy box by default

I noticed that incoming port 3000 connections were being allowed, oops! Not a huge deal, but I don't want to allow connections without HTTPS, and I don't want surprise surface area even if I'm not currently aware of attacks on it. Close it out!
2021-11-04 18:57:00 -07:00 · 2021-11-04 18:57:00 -07:00 · 8f28f87bee
commit 8f28f87bee
parent 9310a250d6
1 changed files with 24 additions and 0 deletions
--- a/deploy/playbooks/setup.yml
+++ b/deploy/playbooks/setup.yml
@ -24,6 +24,30 @@
        update_cache: yes
        name: fail2ban

+    - name: Configure ufw firewall to allow SSH connections on port 22
+      become: yes
+      community.general.ufw:
+        rule: allow
+        port: "22"
+
+    - name: Configure ufw firewall to allow HTTP connections on port 80
+      become: yes
+      community.general.ufw:
+        rule: allow
+        port: "80"
+
+    - name: Configure ufw firewall to allow HTTP connections on port 443
+      become: yes
+      community.general.ufw:
+        rule: allow
+        port: "443"
+
+    - name: Enable ufw firewall with all other ports closed by default
+      become: yes
+      community.general.ufw:
+        state: enabled
+        policy: deny
+
    - name: Create the app versions folder
      become: yes
      file: