run webserver for connectivity check

3 files changed, 36 insertions, 0 deletions

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 79d9f86..636541d 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -46,6 +46,8 @@ COMMIT
 # dns
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 2508445..6d7fce1 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -49,6 +49,8 @@ COMMIT
 {% for site in sites %}
 -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 {% endfor %}
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
diff --git a/roles/install_nginx/files/nginx.conf b/roles/install_nginx/files/nginx.conf
index 12e9948..b37c7b0 100644
--- a/roles/install_nginx/files/nginx.conf
+++ b/roles/install_nginx/files/nginx.conf
@@ -21,6 +21,38 @@ http {
 
     charset UTF-8;
 
+    server {
+            listen       80 default_server;
+            listen [::]:80 default_server ipv6only=on;
+
+            index  index.html index.htm;
+            root   /srv/http;
+
+            location / {
+                    try_files $uri $uri/ =404;
+                    autoindex on;
+            }
+
+            error_page   500 502 503 504  /50x.html;
+            location = /50x.html {
+                    root   /usr/share/nginx/html;
+            }
+
+            location /nginx_status {
+                    stub_status on;
+                    access_log   off;
+                    allow 127.0.0.1;
+                    allow ::1;
+                    deny all;
+            }
+
+            location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
+                    expires 30d;
+            # Optional: Don't log access to assets
+                    access_log off;
+            }
+    }
+
     # Virtual Host Config
     include /etc/nginx/conf.d/*.conf;
     include /etc/nginx/sites-enabled/*;