Actually, I figured it out after a while and wrote this bash script to do the task for Discourse installations.
It resets your firewall, installs ufw-docker-util (that edits the after.rules), then adds ports 443 and 80 to your allowlist. Voila.
It also allows port 22 from any IP to make sure you don’t get locked out. After all works, secure port 22 again.
EDIT: script does work but rebuilding discourse after using it will fail:
fatal: unable to access 'https://github.com/discourse/discourse.git/': Could not resolve host: github.com
- so do NOT use the script unless you know how to solve this.
EDIT 2: Works on Ubuntu, but not on CentOS!