Comprehensive Guide to Opening Port 80 on Oracle Cloud Infrastructure Compute Nodes

Network Layer Configuration Fundamentals

Opening port access for compute nodes in Oracle Cloud Infrastructure requires understanding its layered security architecture. First, ensure the virtual cloud network is properly configured with an internet gateway, which serves as the foundational infrastructure for external traffic entering the cloud environment. The route table must contain rules pointing to the internet gateway, typically with destination CIDR block set to 0.0.0.0/0 and next hop指向 the internet gateway.

Security List Configuration

Security lists function as subnet-level firewalls, controlling traffic entering and leaving subnets. Default security lists typically only permit SSH and specific ICMP traffic. To enable HTTP access, add a stateful rule: source address 0.0.0.0/0, IP protocol TCP, destination port range 80. Configuration example:

Source CIDR: 0.0.0.0/0
IP Protocol: TCP
Source Port: All
Destination Port: 80

This configuration allows HTTP requests from any IP address to enter the subnet.

Instance Firewall Management

After network layer configuration, the instance-level firewall becomes the critical control point. Oracle-provided system images have firewall protection enabled by default, which is a configuration layer many developers overlook.

Oracle Linux System Configuration

For compute instances based on Oracle Linux, use firewall-cmd to manage the firewall:

$ sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
$ sudo firewall-cmd --reload

The first command permanently adds TCP port 80 to the public zone, while the second reloads the configuration to apply changes.

Ubuntu System Configuration

The situation is more complex for Ubuntu systems. Although ufw is Ubuntu's default firewall management tool, Oracle-provided images may directly use iptables. First check firewall status:

$ sudo ufw status

If it shows inactive, still check iptables rules:

$ sudo iptables -L

Oracle images may contain restrictive iptables rules. To allow HTTP traffic, add specific rules:

$ sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
$ sudo netfilter-persistent save

Alternatively, if completely disabling the firewall is necessary (for testing environments only), execute:

$ sudo iptables -P INPUT ACCEPT
$ sudo iptables -P OUTPUT ACCEPT
$ sudo iptables -P FORWARD ACCEPT
$ sudo iptables -F

Before making changes, it's recommended to backup existing rules:

$ sudo iptables-save > ~/iptables-backup

Configuration Verification and Troubleshooting

After completing all configurations, test HTTP access from external sources:

$ curl http://<instance-public-IP>

If access fails, troubleshoot following this hierarchy:

1. Confirm internet gateway and routing configurations are correct
2. Verify security list rules are effective
3. Check instance firewall rules
4. Ensure web server (e.g., Apache) is running and listening on the correct port

Security Best Practices

In production environments, follow the principle of least privilege:

• Restrict security list source CIDR to necessary IP ranges rather than 0.0.0.0/0
• Use network security groups for more granular traffic control
• Regularly audit firewall rules and access logs
• Consider implementing web application firewalls for enhanced protection

Conclusion

Opening ports in Oracle Cloud Infrastructure requires coordinated multi-layer configurations. The internet gateway, routing, and security lists at the network layer form the first line of defense, while instance firewalls provide the second layer of protection. Understanding the default firewall behavior of different operating system images is crucial, particularly Oracle's special use of iptables. Through systematic configuration methods and hierarchical troubleshooting, port access can be ensured to be both secure and reliable.