In the previous lesson we've successfully install the LEMP stack in our server. Now before we take any further steps, it highly recommended to setup Firewall in our server first. Basically the purpose of the Firewall is to add a security layer in our server by ensuring that the incoming and outgoing communication are appropriate with the rules that we made.

On Ubuntu server we can use the tool called ufw (Uncomplicated Firewall) to set up a firewall. In the terminal you can check the status of the firewall by typing this command:

ufw status

Because we have fresh Server installed, we'll find this message:

Status: inactive

You can also list the services that support by Firewall by saying:

ufw app list

You'll find: Nginx Full, Nginx HTTP, Nginx HTTPS and OpenSSH in the list. You can then define a rule to allow or deny any service to communicate within your server.

We will allow the OpenSSH service so that we can login to our server through SSH, transfer files or stuf like that. So in terminal we can say:

ufw allow OpenSSH

You'll find messages Rules updated and Rules updated (v6). The v6 is special service for Ip Address version 6.

We can do the same thing to allow Nginx service by saying:

ufw allow "Nginx HTTP"

We have no SSL installed in our server, that's why for the time being we allow Nginx HTTP instead of Nginx Full or Nginx HTTPS. Once we have SSL installed in our server we'll modify the rule and allow Nginx HTTPS or Nginx Full instead.

The last thing that we need to do is to actually enable the Firewall. We can do that by saying:

ufw enable

This command will reload the firewall and enable the firewall on boot. You'll get a message confirming you to enable the firewall or not. Answer y then hit return to proceed.

Now if you re-run this command ufw status, you will see the firewall status is active and you will see the  OpenSSH and Nginx HTTP services are listed in the list.