Networking and DNS
Your services need to be reachable by name. This page explains how to set up DNS and decide which ports to expose.
What this page covers
- Understanding your public IP: static vs. dynamic (DDNS)
- DNS setup: A records, wildcard subdomains
- Port planning: which ports to open (80, 443, and optionally 22)
- Firewall rules with
ufw
DNS setup
For each service you plan to expose (e.g., gitea.example.com, youtrack.example.com), create an A record pointing to your server's public IP. A wildcard record (*.example.com) simplifies this by routing all subdomains to a single IP, letting your reverse proxy handle routing by hostname.
Port planning
| Port | Purpose |
|---|---|
| 22 | SSH (restrict to your IP if possible) |
| 80 | HTTP (redirect to HTTPS) |
| 443 | HTTPS (all services via reverse proxy) |
Avoid exposing individual service ports directly. Route everything through the reverse proxy on 443.
Firewall with ufw
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable