Opening up port 80 and 443 for Oracle Cloud servers

Are you working on setting up your Oracle Cloud server and are facing issues with sites rendering as expected? Such as, getting time out issues when navigating to the site's url?

This very well can be due to ports 80 and 443 not being fully opened.

With Cleavr.io, you can connect to your Oracle account and provision some of Oracle's free server options. Cleavr.io as part of the provision process will run some updates to ensure ports 80 and 443 are open.

However, if you are connecting to an Oracle server via the Custom Server option, then you'll need to manually perform some of these steps that Cleavr's Oracle integration option does automatically.

Before we get into the steps of making port 80 and 443 work properly on an Oracle server, you may be wondering why Cleavr only integrates with some of the free server options and does not provide paid tier options. In short, we wanted to provide users with a free server option and Oracle in one of the few providers that offers a decent free server option. However, the experience to connect with Oracle accounts is very rough around the edges plus these oddities around port connections have led us to delay integrating with Oracle further until their experiences improve.

But, let's get back to the main issue. When you provision a server via Oracle's cloud interface, ports 80 and 443 won't be fully opened until you make the following updates.

Step 1: Add ingress rules

For this first step, you'll need to access your Oracle Cloud account.

Port 80 and 443 will be closed by default. Assuming you plan to add websites to the server, open port 80 and 443 by clicking on Virtual Cloud Network from the server instance details screen.

Click Security List on the left menu.

Click on the security list

Click Add Ingress Rules

Add the following source and port -

Add the ingress rule for port 80. Do the same process for port 443.

At this juncture, you may be led to believe that ports 80 and 443 are opened. After all, you just set the ingress rule that opens up the ports.

Not so fast!

It'd be best and most expedient to scan the server ports to make sure that these ports are actually opened to the outside world.

We'll use Doneo.io's server port scanning tool to scan the server after making the above updates.

In the above, we can see that we still have some work to do to open up port 443.

Step 2: Modify iptables

For this step, we'll need to SSH into the server so we can run some terminal commands.

Run the following commands:

iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
netfilter-persistent save

This will update the iptables to allow port 443. If port 80 was blocked after performing a port scan, then also run the above but swap out 443 with 80.

Now, run another server port scan to see if 443 is open.

We can see from the screenshot above from the Doneo.io port scan that 443 is now open.

Your http and https sites should now be accessible to the public.

Hopefully, this article saves you some time and stress as this can be a frustrating issue to resolve.