Monthly Archives: March 2026

Opening port 443 (HTTPS) and port 80 (HTTP) on Oracle Cloud Infrastructure (OCI)

Posted on by
Reply

If you found this guide, then you are in the situation of having a webserver such as (Nginx or Apache) running in OCI, but you are unable to reach the webserver.  This guide covers Ubuntu (at the time of this writing 24.04 Noble Numbat).

The first requirement is to set up the appropriate Ingress rules for the desired port in the OCI console. If you have already completed the ingress rules and are confident they were done correctly, you can skip this section of the guide.

  1. Navigate to Virtual Cloud Networks
    https://cloud.oracle.com/networking/vcns
  2. Click on your available VCN. If it doesn’t exist, you will need to create one.
  3. Navigate to the Security page.
  4. Click on your available Security List. If it doesn’t exist, you will need to create one.
  5. Navigate to Security Rules page
  6. Add a rule with the following properties
    • Source Type CIDR
    • Source CIDR 0.0.0.0/0
    • IP Protocol TCP
    • Destination Port Range [your desired port, e.g., 443]
  7. Click Add Ingress Rules button

Now that the desired port has been allowed through the virtual firewall, the next step is to adjust the firewall in the operating system.

When I was researching this issue on the web, I came across several guides that involved modifying iptables rules and making them persistent. For example:

I cant seem to open ports 443 or 80
byu/Sector-No inoraclecloud

A quick tips to people who are having issue opening ports on oracle cloud.
byu/ArtSchoolRejectedMe inoraclecloud

Oracle also has published a guide:

https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/apache-on-ubuntu/01oci-ubuntu-apache-summary.htm

After reading through these guides, what I realized is that the Oracle version of Ubuntu came with the netfilter-persistent and iptables-persistent packages already installed.  The guides suggest you adjust the configuration of these to allow the traffic.  However, a more simple solution is to remove both packages altogether.  In this way you will rely on the virtual firewall rules and the OS will not have a software firewall.

Issue the following command to remove the packages and associated configuration:

sudo apt-get purge netfilter-persistent iptables-persistent

Then reboot the server.  When the server comes back up, the traffic should be passing through the port defined in the OCI console for the virtual firewall.