summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2021-07-28 18:53:23 +0200
committerNiklas Yann Wettengel <niyawe@niyawe.de>2021-07-28 18:53:23 +0200
commit140a04a8b58fdcef4f80398bc2f762d648a3a035 (patch)
tree4ae2db2340e78fc33fbe8ceb7796e0d60e168326
parent9ec1670a262597356c24bff27d473eccceb45b61 (diff)
run webserver for connectivity check
-rw-r--r--roles/configure_iptables/templates/ip6tables.rules2
-rw-r--r--roles/configure_iptables/templates/iptables.rules2
-rw-r--r--roles/install_nginx/files/nginx.conf32
-rw-r--r--setup_fastd.yml2
4 files changed, 37 insertions, 1 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 79d9f86..636541d 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -46,6 +46,8 @@ COMMIT
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd / wg
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 2508445..6d7fce1 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -49,6 +49,8 @@ COMMIT
{% for site in sites %}
-I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
{% endfor %}
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd / wg
diff --git a/roles/install_nginx/files/nginx.conf b/roles/install_nginx/files/nginx.conf
index 12e9948..b37c7b0 100644
--- a/roles/install_nginx/files/nginx.conf
+++ b/roles/install_nginx/files/nginx.conf
@@ -21,6 +21,38 @@ http {
charset UTF-8;
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server ipv6only=on;
+
+ index index.html index.htm;
+ root /srv/http;
+
+ location / {
+ try_files $uri $uri/ =404;
+ autoindex on;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ allow ::1;
+ deny all;
+ }
+
+ location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
+ expires 30d;
+ # Optional: Don't log access to assets
+ access_log off;
+ }
+ }
+
# Virtual Host Config
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 0a991cb..8429e56 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -10,7 +10,7 @@
#- install_ssmtp
- install_cronie
- install_php
- #- install_nginx
+ - install_nginx
- install_ntp
- install_haveged
- setup_batman