Solve the problem that Armbian cannot access the 1Panel panel after installing the UFW firewall: an effective solution revealed

foreword

• The official tutorial is very good, but there are still some flaws. The author starts from the practical way and brings us useful knowledge!

armbian install firewall

• armbian official deployment documentation

1. update package

   sudo apt update
   

2. install ufw

   sudo apt install ufw
   

   • Operation result:

   root@armbian:~# sudo apt install ufw
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   The following NEW packages will be installed:
     ufw
   0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
   Need to get 167 kB of archives.
   After this operation, 857 kB of additional disk space will be used.
   Get:1 https://mirrors.tuna.tsinghua.edu.cn/debian bullseye/main arm64 ufw all 0.36-7.1 [167 kB]
   Fetched 167 kB in 0s (335 kB/s)
   Preconfiguring packages ...
   Selecting previously unselected package ufw.
   (Reading database ... 35412 files and directories currently installed.)
   Preparing to unpack .../archives/ufw_0.36-7.1_all.deb ...
   Unpacking ufw (0.36-7.1) ...
   Setting up ufw (0.36-7.1) ...
   Creating config file /etc/ufw/before.rules with new version
   Creating config file /etc/ufw/before6.rules with new version
   Creating config file /etc/ufw/after.rules with new version
   Creating config file /etc/ufw/after6.rules with new version
   Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/systemd/system/ufw.service.
   Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
   Processing triggers for man-db (2.9.4-2) ...
   

3. start ufw

   # 默认情况下，它将允许常见的服务端口（如 SSH、HTTP、HTTPS）通过，而其他所有端口将被拒绝
   sudo ufw enable
   

   root@armbian:~# sudo ufw enable
   WARN: uid is 0 but '/etc/default' is owned by 1001
   WARN: uid is 0 but '/etc' is owned by 1001
   WARN: uid is 0 but '/usr/sbin' is owned by 1001
   WARN: uid is 0 but '/usr' is owned by 1001
   Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
   Firewall is active and enabled on system startup
   

   • Although, there is a warning message, but it's ok, solve it later

4. Check firewall status

   root@armbian:~# sudo ufw status
   WARN: uid is 0 but '/etc/default' is owned by 1001
   WARN: uid is 0 but '/etc' is owned by 1001
   WARN: uid is 0 but '/usr/sbin' is owned by 1001
   WARN: uid is 0 but '/usr' is owned by 1001
   Status: active
   

• At this point, if you follow the 1panel official tutorial, you will find that the connection between the 1panel panel and the server has been disconnected due to the existence of the firewall. How do you click the switch button on the panel according to the official tutorial!

5. Check firewall status (supplement: skippable)

sudo iptables -L

Cause Analysis

Since 1panel is installed by default, the access port is arbitrarily generated, so it cannot be accessed through the default opened http80 port and https433 port, so we need to check the port of 1panel, and then open the corresponding port of the port.

solution

Step 1: View the panel entry port of 1panel

1pctl user-info

• For example: (the modification of the port made by the author before)
• See the Armbian installation 1panel tutorial

root@armbian:~# 1pctl user-info
username: root
password: xxxx
port: 1234
ssl: disable
entrance: xxxx

Step 2: Open access to the specified port

• portThe port number is the value checked in the first step

  sudo ufw allow <端口号>
  

  • For example

root@armbian:~# sudo ufw allow 1234
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Rule added
Rule added (v6)

Step 3: Restart the firewall

• Activate the firewall and configure it according to the rules you added earlier

  sudo ufw enable
  

  • For example:

  root@armbian:~# sudo ufw enable
  WARN: uid is 0 but '/etc/default' is owned by 1001
  WARN: uid is 0 but '/etc' is owned by 1001
  WARN: uid is 0 but '/usr/sbin' is owned by 1001
  WARN: uid is 0 but '/usr' is owned by 1001
  Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
  Firewall is active and enabled on system startup
  

Step 4: Check the status of the firewall [optional]

• Make sure the firewall is enabled and contains port rules that allow access to 1Panel panels

  sudo ufw status
  

  • For example:

  root@armbian:~# sudo ufw status
  WARN: uid is 0 but '/etc/default' is owned by 1001
  WARN: uid is 0 but '/etc' is owned by 1001
  WARN: uid is 0 but '/usr/sbin' is owned by 1001
  WARN: uid is 0 but '/usr' is owned by 1001
  Status: active
  To                         Action      From
  --                         ------      ----
  1234                       ALLOW       Anywhere
  1234 (v6)                  ALLOW       Anywhere (v6)
  

• So far, you have solved the problem, please visit the panel entry of 1panel detected in the first step and log in again to check the firewall