the goal is to make razuna only “visible” to nginx, but not to the “world”. That means: http://mydomain.tld:8080/razuna is the initial url after installation
Block port 8080 from outside, but keep local connections through (so nginx can request) - “YOURIPHERE” means your ip to outside, e.g. 1.2.3.4
iptables -A INPUT -s YOURIPHERE -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j DROP
If you want to allow more hosts to connect to 8080, just add lines with the corresponding IP or netmask at the beginning! The line iptables -D INPUT -p tcp -m tcp --dport 8080 -j DROP
must be the last one in your script!