kenjim/appa-net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zet: document UFW rules required for nginx on LAN

Browse Source 
Ports 80 and 443 must be open in UFW so LAN clients using split DNS
can reach nginx directly without going through pfSense NAT.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Kenji M
2026-06-19 15:08:17 +00:00
parent 7c4c786e7b
commit 22d17d39f9
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
zet.home.arpa/nginx/README.md
View File

@@ -63,6 +63,17 @@ sudo systemctl restart nginx # full restart
sudo nginx -t # test config syntax before applying sudo nginx -t # test config syntax before applying
``` ```
## UFW Firewall Rules
Ports 80 and 443 must be open in UFW on zet for LAN clients to reach nginx directly (split DNS bypasses pfSense NAT):
```bash
sudo ufw allow 80/tcp comment 'nginx HTTP'
sudo ufw allow 443/tcp comment 'nginx HTTPS'
```
Current UFW status also allows: Samba, NFS (LAN only), SSH (22), Squid (3128), Gitea (3000).
## pfSense NAT Rules ## pfSense NAT Rules
| WAN Port | Redirect to | Port | Description | | WAN Port | Redirect to | Port | Description |