Shinka Systems

Infrastructure

UFW Firewall Setup for Web Servers: SSH, HTTP, HTTPS, and App Ports

A practical UFW firewall setup guide for Linux web servers, covering SSH safety, HTTP and HTTPS rules, app port exposure, provider firewalls, rollback, and documentation.

Shashikant · June 29, 2026 · 16 min read

Back to blog
Flat isometric Shinka Systems illustration for UFW firewall setup on web servers
  • UFW firewall
  • UFW configuration
  • Nginx reverse proxy
  • VPS security checklist
  • Linux server hardening

Firewall baseline

A firewall rule is an operations decision, not only a command.

For a production web server, UFW should express what the server is meant to expose: SSH for admins, HTTP and HTTPS for users, and as little else as possible. The app port, database port, and admin tools need deliberate treatment.

SSHAdmin access
80/443Web traffic
PrivateApp internals

UFW is popular because it makes host firewall management approachable. That simplicity is valuable, but it does not remove the need for planning. A good firewall setup starts with knowing the app architecture: which service receives public traffic, which service talks to the database, where Nginx sits, and how administrators recover if SSH is blocked.

Official source note: Ubuntu documents UFW as the uncomplicated firewall tool used to manage firewall rules on Ubuntu Server: Ubuntu firewall documentation.

Firewall setup path

01Identify public services and private internals02Allow SSH, HTTP, HTTPS, then block everything else03Test access and document rollback before handover