Powerful enterprise-class cloud infrastructure
Secured virtual desktop secure environment
Set up an isolated private cloud environment
Safeguard your cloud servers against threats
Prevent server overload and maximize performance
Effortlessly add block storage to your servers
Provide hosting services to your clients
DNS records are responsible for directing internet traffic to email systems, servers, and websites. DNS record management is a crucial aspect of maintaining domains on the Internet. With a DNS management system, you can ensure that your domain is correctly configured for seamless functionality.
This step-by-step guide provides an overview of how to create and manage DNS records. It also covers record types such as TXT, A, CNAME, MX, and others, for adding your domain, updating nameservers, and testing your configurations. Use our instructions to optimize your domain’s performance and maintain its reliability across various services.
Creating and managing DNS records in Windows Server 2022 involves using DNS Manager tool or PowerShell.
If DNS Manager tool is not already installed, then use the following process:
2. Click Manage->Add Roles and Features.
3. In the Add Roles and Features wizard, click Next.
4. Select Role-based or feature-based installation. Click Next.
5. Select your server from the server pool. Click Next.
6. Check the box next to DNS Server under Server Roles.
7. In the new pop-up window, check the box next to Include Management Tools (if applicable). Click Add Features.
8. Click Next.
9. Click Next under Select Features.
10. Click Next under DNS server.
11. Click Install.
12. Once the installation is complete, click Close.
Restart the server to ensure the role is configured correctly.
13. From the left pane, select DNS in Server Manager.
14. Select your server. Right-click on the server and choose DNS Manager from the drop-down menu.
15. A DNS Manager pop-up window opens. Click on the server’s name.
16. When you are in the DNS Manager console, expand the name of your DNS server to view the Forward Lookup Zones and Reverse Lookup Zones.
Forward Lookup Zones: Forward Lookup Zones are used to resolve domain names to IP addresses. (For example, www.example.com -> 127.0.0.1). Records used are A, AAAA, CNAME, and MX. It is useful for accessing websites using human-readable names.
Reverse Lookup Zones: Reverse Lookup zones are used to map IP addresses to domain names (for example: 127.0.0.1 -> www.example.com). Records used are PTR (Pointer) records. They are used for logging and troubleshooting.
17. If you want to create a new zone, select Forward Lookup Zone or Reverse Lookup Zone.
From the Action menu on the top, Select New Zone (default).
18. The New Zone Wizard pop-up window will open. Click Next.
19. Select the Primary zone (default). Click Next.
20. Specify a zone name (ie, example.com). Click Next.
21. Select Create a new file with this file name (when you are a new user or in doubt). Click Next.
22. Select Do not allow dynamic updates (if you want to update them manually). Otherwise, you can select Allow both nonsecure and secure dynamic updates.
Click Next.
23. Once the New Zone Wizard is completed, you will see the settings that you specified. Click Finish.
24. Once the zone creation is finished, it will be reflected in the middle pane, as shown in the screen below.
Similarly, select Reverse Lookup Zone, from Action menu on the top, select New Zone and follow the same steps mentioned above.
25. After creating a zone, add new records by navigating to your zone under Forward/Reverse lookup zones.
Right-click on the zone and select New Host (A or AAAA).
26. New Host (A or AAAA) is used for mapping a domain to an IP address.
In the New Host (A or AAAA) pop-up window,
27. You will get a message saying, “The host record example.com was successfully created.” Click OK.
28. If you want to add more records, you can do that here. Otherwise click Done.
29. You will see that the New Host is reflected in the middle pane, as shown in the screen below.
30. Similarly, right-click on the zone (ie, example.com) and select New Alias (CNAME). This is used for creating an alias for another record.
31. Similarly, right-click on the zone (ie, example.com) and select New Mail Exchanger (MX). This is used for email server routing.
32. Similarly, right-click on the zone (ie, example.com) and select Other New Records. This is used for specialized record types like TXT, SRV, etc.
33. To edit records, right-click on the record and select Properties to modify it.
34. To delete a record, right-click on the record and click Delete.
35. Using PowerShell for DNS Management.
PowerShell is an alternative tool to DNS Manager. Below are the common commands to add, delete, edit, and view record.
In the start menu, type Windows PowerShell and select Run as Administrator.
Command: Add-DnsServerResourceRecordA -Name “www” -ZoneName “example.com” -IPv4Address “192.168.1.10”
Command: Add-DnsServerResourceRecordCName -Name “alias” -ZoneName “example.com” -HostNameAlias www.example.com
Command: Get-DnsServerResourceRecord -ZoneName “example.com”
Command: Remove-DnsServerResourceRecord -ZoneName “example.com” -Name “www” -Force
36. In the DNS Manager window, you will see the records that are added in the Windows PowerShell are reflected in the middle pane (alias, www).
37. To test DNS configuration, use nslookup.
Open the command prompt and run the below command:
Command: nslookup example.com
Note: Replace example.com with your Zone name.
The output you’re seeing indicates that your computer is using Google’s public DNS server (8.8.8.8) for DNS queries. This is not unusual if your network or system is configured to use Google’s DNS instead of your local DNS server.
38. To ensure your query checks your DNS records (ie, example.com), you need to point nslookup to your local DNS server.
Command: nslookup example.com <local-DNS-IP>
Now, you will see the Server, Address, Name, and Address.
OPNSense is one of the most popular open-source firewall and routing platforms. It’s known for its flexibility, robust features, and ease of use. OPNSense is based on FreeBSD, which provides advanced security features such as intrusion detection, VPN, traffic shaping, and monitoring. By deploying OPNSense on the Kamatera cloud platform, you can:
Let’s go through the steps to deploy an OPNSense Firewall using Kamatera’s service image.
2. Navigate to My Cloud on the left-hand side and select Servers. On the left-hand side navigation menu, click on Create New Server, or use the Create New Server button on the right-hand side.
3. Choose zone from the following options:
Depending on the zone you select, the available countries will be displayed.
For this example, we selected the Asia server domain.
4. Choose an image:
Kamatera offers a variety of app and server images to help users set up preconfigured resources. Users can explore the following options:
5. Choose Service Images and select OPNSense.
6. In Choose Version, select the latest version of OPNSense Firewall.
7. Upon selecting the version, OPNSense URL, Username, and Password are displayed.
8. Toggle the Detailed view button to ‘ON’ to view the detailed description, including the price.
9. Choose Server Specs:
Note: Type- B (General), CPU- 2, RAM- 8 GB, SSD DISC#1- 80 GB are selected. You can toggle the Daily Backup and Management Services button to ‘ON.’
| Field | Description |
|---|---|
| Type | Type B-General Purpose: Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed.
Type D–Dedicated: Server CPU are assigned to a dedicated physical CPU Core (2 threads) with reserved resources guaranteed. Type T-Burst: Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Exceeding an average usage of 10% will be extra charged for CPUs usage consumption. Type A-Availability: Server CPUs are assigned to a non-dedicated physical CPU thread with no resources guaranteed. Note: More information on CPU types is available on the My Cloud Pricing page. |
| CPU | Choose the number of vCPUs that will be installed on the server. Type B/T can be configured with up to 104 vCPUs per server. Based on Intel’s latest Xeon Processors, 2.7 GHz+. |
| RAM | Choose the amount of RAM that will be installed on the server. Type B/T/D can be configured with up to 512GB RAM per server. |
| SSD DISK | Choose SSD Storage Size. You can add up to 15 SSD Disk. SSD Storage includes unlimited IOPS and unlimited storage bandwidth, free of charge. |
| Daily backup | Toggle the switch to enable extended daily backups of your server’s storage to external backup storage. |
| Managed services | Toggle the switch to enable managed services to the server’s operating system by the technical support team.
|
10. Choose Networking:
Simple mode:
| Field | Description |
| Public Internet Network | Check to connect the server to a network interface connected to Public Internet Network. |
| Private Local Network | Check to connect the server to a network interface connected to Private Local Network. |
Advanced mode:
You can add network by clicking on +Add Network.
| Field | Description |
| NIC #1 | Select WAN from the options available in the drop-down menu.
Select auto from the options available in the drop-down menu.
Select auto from the options available in the drop-down menu.
|
| WAN Traffic | Select 5000 GB per month on 10 Gbit per second port. |
11. Advanced configuration:
Hide: to hide the advanced configuration.
Show: to see the advanced configuration.
| Field | Description |
| Install Script | Enter the script here to execute once the server is created.
Note: For Windows system use Power Shell. |
| Keep Server On Failure | Do not terminate server if start up script or provisioning fails |
| Server Notes | Enter any server notes to be noted. |
| Tags | Select the tags from the drop-down menu and click Add. |
12. Finalize Settings:
Finalize settings by setting the password, re-validating it, selecting the number of servers, specifying the server’s name, and enabling the Power On Servers option.
| Field | Description |
| Password | Select password
Password allowed characters: a-z, A-Z,0-9 !@#$^&*()~ and must need the following requirements:
|
| Validate | Re-enter the password to validate. |
| Servers | Select the number of servers the user wants. |
| Name # 1 | Enter the name of the server. |
| Power On Servers | Switch on the toggle button to see the details. |
13. Billing Cycle and Pricing:
Once the user enters the details in Finalize Settings, they can select either monthly or hourly billing. After choosing the billing cycle, click on CREATE SERVER.
Note: The Server Summary displays the location, operating system (including server specifications), add-on services, servers, and pricing.
14. The server will be added to the Tasks Queue.
15. Once the server is created, you will see the status as success. The server will appear under Server Management. Click Open, and a new screen will open.
16. On the right side, the overview of Windows Server that you just created is displayed.
Click CONNECT, and a new screen will open.
17. In the new screen, under the
18. A new tab opens, connecting to the new server displaying LAN, WAN, and other details. Login with username and password and hit Enter.
Now, the firewall is in live environment. We can interact with the live environment using the local console, HTTPS or SSH.
You can login to the shell using the username (go to step-17, to see username) and password (that is entered when you created a server) to operate the live environment via the local console.
The GUI is accessible at https://172.16.0.1/ (that is LAN) using username and password.
Using SSH, we can access the firewall at IP 172.16.0.1.
19. The console menu shows 13 options. From 0 to 13, enter an option and configure the system according to your requirements.
OPNsense has a command line interface (CLI) tool called “opnsense-update”. By entering option 8) Shell from the menu, the user can get to the shell and use opnsense-update.
Command: man opnsense-update
The other method to update the system is via console option 12) Update from console.
You can even assign interfaces by selecting option 1) Assign interfaces.
Ping the host by selecting 7) Ping host and enter your IP address.
What is shown on the Dashboard can be configured by adding and removing widgets. Some widgets also allow further configuration.
By default, the following widgets are present:
System Information: Shows information about the installed OPNsense version, updates etc.
Memory: Shows memory usage.
Disk: Shows disk usage.
CPU: Shows CPU usage.
Gateways: Shows used gateways.
Interface Statistics: Shows the number of packets, bytes and errors handled by each interface.
Firewall: Collects logged events from the moment the dashboard has loaded to represent a snapshot of what the firewall is currently seeing. Can be expanded to show a live log.
Traffic Graph: Shows traffic passing through the system.
Edit dashboard (pencil icon): Enter edit mode. Unlocks the dashboard temporarily so you can move, resize, remove, or configure widgets.
Add widget (plus icon): Opens a dialog window with a list of widgets that can be added to the Dashboard. Simply click on an entry in the list to add it to the Dashboard.
Restore default layout (widgets icon): Restores the dashboard to its default configuration discarding all your modifications.
Save: After editing the dashboard, you can make all changes persistent by clicking this button. Otherwise, the changes will be discarded as soon as you reload the page.
Edit (pencil icon): Click this to modify the widget settings. This button is only present if the widget is configurable.
Remove (cross icon): Removes the widget from the Dashboard.
The Disk Usage widget shown as diagram will change to table mode when the widget is enlarged to at least two rows.
Even for the Firewall diagram, when its size is one row, it shows less information.
Enlarging this firewall widget to three rows will turn into table mode and firewall log.
And that’s it! Congratulations, you have succesfully deployed an OPNSense Firewall using Kamatera.
FortiGate VM provides protection from a broad array of network threats. It is a virtualized version of Fortinet’s FortiGate firewall, that is designed to provide the same robust security features as the hardware-based version in a virtual environment.
It provides robust network security solutions by integrating protective functions into a single machine. Its high performance is ensured by accommodating networks of various sizes and scalability. FortiGate’s user-friendly interface and automation capabilities help organizations maintain robust security while meeting compliance requirements.
Here is a step-by-step guide to configuring FortiGate VM on Kamatera for maximum network security.
First, create an account on Kamatera.
Go to console.kamatera.com and sign up for an account by providing the following information:
Then, access the Kamatera management console.
Enter your username and password and click Login to access Kamatera Management Console.
Choose a zone.
Choose the zone that you need.
Note: For this setup, we used the Asia server domain to set up the Windows Server.
Kamatera offers a variety of App and Server Images to help users set up preconfigured resources. You can explore options such as:
In this, select Service Images and select FortiGate VM and choose the latest version of FortiGate VM.
Note: Here the latest version of FortiGate is 7.0.1.
You can see the details of FortiGate URL, username, and password.
Choose server specs.
| Field | Description |
| Type | Type B-General Purpose– Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed.
Type D–Dedicated – –Server CPU are assigned to a dedicated physical CPU Core (2 threads) with reserved resources guaranteed. Type T – Burst – Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Exceeding an average usage of 10% will be extra charged for CPUs usage consumption. Type A-Availability- Server CPUs are assigned to a non-dedicated physical CPU thread with no resources guaranteed. Note: More information on CPU types is available on the My Cloud- Pricing page. |
| CPU | Choose the number of vCPUs that will be installed on the server. Type B/T can be configured with upto 104 vCPUs per server. Based on Intel’s latest Xeon Processors, 2.7 GHz+. |
| RAM | Choose the amount of RAM that will be installed on the server. Type B/T/D can be configured with upto 512GB RAM per server. |
| SSD DISK | Choose SSD Storage Size. You can add upto 15 SSD Disk. SSD Storage includes unlimited IOPS and unlimited storage bandwidth, free of charge. |
| Daily Backup | Toggle the switch to enable extended daily backups of your server’s storage to external backup storage. |
| Management Services | Toggle the switch to enable Management Services to the server’s operating system by Kamatera Technical Support Team. |
4. Toggle Daily Backup and Management Services buttons enabled or disabled, according to your requirements.
| Field | Description |
| Daily Backup | Check to add an extended daily backup of your server’s storage to external backup storage. |
| Management services | Check to add management services to the server’s operating system by our Professional Services Support Team. |
You can select the network that works for you, whether it’s a public Internet network or a private local network.
Simple Mode
| Field | Description |
| Public Internet Network | Check to connect the server to a network interface connected to Public Internet Network. |
| Private Local Network | Check to connect the server to a network interface connected to Private Local Network. |
| Field | Description |
| NIC #1 | Select WAN from the options available in the drop-down menu.
Select auto from the options available in the drop-down menu.
Select auto from the options available in the drop-down menu.
|
| WAN Traffic | Select 5000 GB per month/ on 10 Gbit per second port. |
Hide – If the user wants to hide the advanced configuration.
Show – If you want to see the advanced configuration.
| Field | Description |
| Keep Server On Failure | Do not terminate server if Start up Script or Provisioning Fails |
| Tags | Select the Tags from the drop-down menu and click Add Tag. |
Finalize settings by setting the password, re-validating it, selecting the number of servers, specifying the server name, and enabling the Power On Servers option.
| Field | Description |
| Password | Select password
Password allowed characters: a-z, A-Z,0-9 !@#$^&*()~ and must need the following requirements:
|
| Validate | Re-enter the password to validate. |
| Servers | Select the number of servers the user wants. |
| Name # 1 | Enter the name of the server. |
| Power On Servers | Switch on the toggle button to see the details |
Note: Once the user enters the details in Finalize Settings, they can select either the Monthly Billing Cycle or Hourly Billing, depending on their requirements.
The user can choose between the Monthly Billing Cycle and Hourly Billing Cycle.
Note: The Server Summary displays the location, operating system (including server specifications), add-on services, servers, and pricing.
Click Create Server.
Click on Connect to connect to the server.
13. Click on Open Remote Console.
You may encounter problems such as your license has expired, then you need to add the new license by clicking on Upload.
After uploading, click OK.
Enter your Username and Password and click on Login.
Note: Here, we clicked on Begin.
Note: Optimal is selected.
Click on OK.
Network refers to the configuration settings related to how FortiGate VMs will interact and manage network traffic.
Now, in the middle pane, you can see the internal LAN: port 1 and port 2
HTTP is in red, because they are not secure and not recommended.
21. Click on Command prompt (CLI) button in the top right corner to check whether this FortiGate VM can access the Internet.
In the CLI Console, run the below command.
Command: exe ping 8.8.8.8
If you see the message shown in the screen below, then your VM is accessing the Internet.
Policies are rules that manage, and control networks based on certain predefined criteria.
Note: Select All Sessions in Logging Options.
Toggle Enable the policy on to enable the policy.
Click on Ok.
Active Directory (AD) is a database and a suite of services that connect users with the network resources needed to complete their tasks.
The directory, or database, contains essential information about the environment, including details about users and computers, as well as their permissions. For example, the database might list 100 user accounts, including each person’s job title, phone number, and password, along with their permissions.
The services manage much of the activity within the IT environment. They ensure that each user is authenticated, typically by verifying their user ID and password, and authorized, granting access only to the data and resources they are permitted to use.
Here are the steps for user and group management, maintenance and optimization of Active Directory on Kamatera.
To set up Active Directory, you first need to install Active Directory Domain Services on your Windows Server. After the installation, the server can be promoted to a Domain Controller. Follow these steps:
Promote Your Server to Domain Controller
Provide a secure password (kamatera@2024) for Directory Services Restore Mode.
Verify your server’s NetBIOS domain name (ADTESTSAMPLE) and select Next.
Unless you have a specific enterprise use case, it’s advisable to leave everything as default.
The installation wizard will perform validation of prerequisites before proceeding with the installation of AD DS. Once all the checks are passed successfully, select Install to initiate the installation process.
The installation process will commence.
Once the installation is complete, click Close to finish the wizard. The system will restart.
Your Active Directory Services have now been installed successfully. Your machine will be rebooted automatically to apply the changes.
After selecting the object, right click on it and select New from the menu and select User.
Now, click on Users. You can see the new user was created.
Now, we have 2 options. We can delete the user or disable the user.
Note: Once the user is deleted, you cannot get the user back.
Now, a new group is created under Users.
Add user to a group from the Group:
Right-click the group and select Properties.
Add user to the group from the User:
Right click on the group and select Delete.
You have now learned some of the ways to manage your active directory on Kamatera, including how to create, manage, and delete users and groups.
SSL stands for Secure Sockets Layer. SSL certificates are digital certificates which provide a secure connection between the user’s browser and web server. They are useful for securing online transactions. They use Hyper Text Transport Protocol Secure (HTTPS) to create a secure channel over an insecure network.
There are four parts to install and renew your SSL certificates on a Windows server.
First, let’s generate a CSR.
1. On the start menu, search for ‘IIS Manager’ and open it.
2. In the Connections pane, click on server name and double click on Server Certificates icon in the middle pane.
3. In the Actions pane, click on Create Certificate Request.
4. Fill out the Distinguished Name Properties.
Now, click on Next.
5. Specify Cryptographic Service Provider Properties.
Click on Next.
6. Choose the location to save the file and click on Finish.
Next, we will obtain the SSL certificate. You can get an SSL certificate from Windows Server 2022. Convert your SSL certificate text file to .crt file.
The third part of the process is to install the SSL certificate.
Note: Certbot on Windows can automate the renewal process of SSL certificates from Let’s encrypt.
Click on OK.
The last step is renewing your SSL certificate.
That’s it! You have made it through all four parts involved in installing and renewing your SSL certificates.
A firewall determines whether to permit or block network data based on predefined rules. When you first set up a server or introduce new applications that require internet connectivity, it is crucial to configure the firewall to grant access to the necessary incoming traffic.
This article will guide you through the process of opening a port in the firewall on your Windows server on Kamatera.
That’s it! You have successfully allowed a port through the firewall on your Kamatera Windows server.
The Remote Desktop Protocol (RDP) provides a convenient way to access Windows computers and servers remotely. By default, RDP listens on port 3389. This well-known port number can potentially attract attention from malicious actors scanning for vulnerabilities.
Changing the default RDP port number is a recommended security best practice. By configuring RDP to listen on an alternate, non-standard port, you reduce the perceived attack surface of your system. This makes it less conspicuous to automated port scans and potential attackers attempting to exploit the service remotely.
Now that you’ve made these configuration changes, it’s crucial to test and confirm that the Remote Desktop service is now listening on the new custom port as intended. Follow these steps to validate the new port setup:
This guide offers a simple overview of how to whitelist IP addresses using Sophos, a network security platform. Here, we will be focusing on enhancing network security by permitting access to specific IPs only. If you’re an admin looking to fortify your network’s defenses, follow these straightforward steps to navigate Sophos settings and configure the necessary firewall rules, ensuring a secure, optimized network infrastructure.
Access your Sophos firewall through the Sophos admin console. Next, go to firewall rules. Find the section for firewall rules under network protection:
Create a new rule or edit an existing one.
In the rule settings, specify the IP address to be whitelisted in the source field, set the action to allow, and define any additional parameters as required.
To add new IP address, click on + icon under sources. In the services field, you can click on the + icon to specify a specific port for that address. If you want to allow all ports, click on the folder icon and search for “any” in the left menu. Drag and drop the “any” parameter to the services field.
In the destination field, click on the + icon and specify your server IP address.
Note: If your server has a NAT setup, you need to specify your server’s internal IP.
Save the rule and ensure it’s activated.
This guide explains how to allow specific IP addresses through your Linux server’s firewall, a key step in keeping your network secure. By whitelisting IPs, you ensure only trusted traffic can access your system. This simple and practical guide is perfect for anyone looking to enhance their server’s security by controlling access via the internal firewalls.
If your server uses an Ubuntu operating system, Uncomplicated Firewall (UFW) is a user-friendly interface for managing netfilter firewall rules. Its simplicity makes it easy for administrators to secure their servers. Here’s how you can whitelist an IP address with UFW:
You can do this using SSH or the Kamatera management panel console. If you need more help, read our step-by-step guide on connecting to your server.
This entails executing the command ufw enable if it’s not already active.
Do this by running ufw allow from [IP_ADDRESS].
Check ufw status to ensure that your action went through.
IPTables is a robust tool included in most Linux distributions, directly integrated into the Linux kernel. It allows for configuring network packet filtering rules. Follow these steps to whitelist an IP address:
Step 1: Access your server through SSH or the Kamatera console.
Step 2: Insert an IP whitelist rule with the command iptables -I INPUT -s [IP_ADDRESS] -j ACCEPT.
Step 3: Preserve the changes across reboots by saving with sudo iptables-save.
For systems with Firewalld, managing your firewall rules can be straightforward with the right commands. Here’s the process to add an IP to your whitelist:
Step 1: Log into your server via SSH or console connection.
Step 2: Start Firewalld if it’s not running with systemctl start firewalld.
Step 3: Add the IP to the whitelist by executing firewall-cmd –permanent –zone=public –add-source=[IP_ADDRESS].
Step 4: Make the changes effective by reloading Firewalld with firewall-cmd –reload
ConfigServer Security & Firewall (CSF) is a popular security solution for servers. To add an IP to your whitelist in CSF, follow these steps:
Step 1: Log into your server where CSF is installed.
Step 2: Whitelist an IP by running csf -a “ip address” or by adding it to /etc/csf/csf.allow.
Step 3: Restart CSF to apply changes using sudo csf -r.
This guide provides a simple-to-follow guide on how to whitelist IP addresses in pfSense. pfSense is a free, open-source firewall and router that features unified threat management, load balancing, multi WAN, and more. This procedure secure your network by allowing only specified IPs through the firewall. If you’re an admin seeking to tighten security, you can follow these step-by-step instructions to configure firewall rules within your pfSense interface.
Log in to your pfSense firewall via the web interface. To access the pfSense management panel, proceed to your preferred web browser and access the pfSense web panel by running https://[Firewall_IP] in the search bar. Proceed to site when you get a security notification. This is a default message, since the pfSense panel is not secured with SSL certificate by default. You can safely ignore this message.
Go to Firewall > Rules located at the top menu of the page
Click on the green “add” button to add a new rule at the bottom of the page.
In the ‘Action’ field, you can specify to either ALLOW, DROP or REJECT the incoming traffic. Since we want to allow IP addresses, choose ALLOW.
Under the protocol field, you can specify to which IP protocol the rules should match. For example Any, TCP, or UDP.
In the Source field, click on ANY and pick the Address or Alias option. Specify the source IP address that you want to whitelist.
In the Destination section, you can leave it “any” if you want to whitelist the source IP address to all servers behind the firewall (if there are more than one). Or choose Address or Alias option and specify the internal IP address of the server.
Apply Changes: Click “Save” and then “Apply Changes” to activate the rule.
Securing NGINX with Let’s Encrypt on Ubuntu 22.04 involves obtaining an SSL/TLS certificate from Let’s Encrypt and configuring NGINX to use this certificate for HTTPS encryption. Here’s a step-by-step guide:
Before you begin, make sure you have the following:
Now, let’s secure NGINX with Let’s Encrypt:
```bash sudo apt update ```
```bash sudo apt install certbot python3-certbot-nginx ```
```bash sudo certbot --nginx -d your_domain ```
Certbot will interactively ask you for information and configure NGINX to use the obtained certificate.
Certbot will automatically set up a cron job to renew your certificate when it’s close to expiration. Certificates provided by Let’s Encrypt are usually valid for 90 days, so this automatic renewal process is essential to keep your website secure.
You can verify that the automatic renewal process works by running the following command:
```bash sudo certbot renew --dry-run ```
If there are no errors, the renewal process is working correctly.
Visit your website using HTTPS (e.g., `https://your_domain`). You should see a secure padlock icon in your browser’s address bar, indicating that your site is now using HTTPS.
By default, Certbot will create a server block for your domain in `/etc/nginx/sites-available/your_domain`. You can customize this configuration as needed, such as adding additional security headers or configuring specific SSL settings.
It’s a good practice to verify your SSL/TLS configuration using an online tool like SSL Labs. Enter your domain and check the rating and details of your SSL certificate setup.
Congratulations! You’ve successfully secured NGINX with Let’s Encrypt on Ubuntu 22.04. Your website is now accessible over HTTPS with a valid SSL/TLS certificate.
Have additional questions? Search below:
