From 140a04a8b58fdcef4f80398bc2f762d648a3a035 Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Wed, 28 Jul 2021 18:53:23 +0200
Subject: [PATCH] run webserver for connectivity check

---
 .../templates/ip6tables.rules                 |  2 ++
 .../templates/iptables.rules                  |  2 ++
 roles/install_nginx/files/nginx.conf          | 32 +++++++++++++++++++
 setup_fastd.yml                               |  2 +-
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 79d9f86..636541d 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -46,6 +46,8 @@ COMMIT
 # dns
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 2508445..6d7fce1 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -49,6 +49,8 @@ COMMIT
 {% for site in sites %}
 -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 {% endfor %}
+# http
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
diff --git a/roles/install_nginx/files/nginx.conf b/roles/install_nginx/files/nginx.conf
index 12e9948..b37c7b0 100644
--- a/roles/install_nginx/files/nginx.conf
+++ b/roles/install_nginx/files/nginx.conf
@@ -21,6 +21,38 @@ http {
 
     charset UTF-8;
 
+    server {
+            listen       80 default_server;
+            listen [::]:80 default_server ipv6only=on;
+
+            index  index.html index.htm;
+            root   /srv/http;
+
+            location / {
+                    try_files $uri $uri/ =404;
+                    autoindex on;
+            }
+
+            error_page   500 502 503 504  /50x.html;
+            location = /50x.html {
+                    root   /usr/share/nginx/html;
+            }
+
+            location /nginx_status {
+                    stub_status on;
+                    access_log   off;
+                    allow 127.0.0.1;
+                    allow ::1;
+                    deny all;
+            }
+
+            location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
+                    expires 30d;
+            # Optional: Don't log access to assets
+                    access_log off;
+            }
+    }
+
     # Virtual Host Config
     include /etc/nginx/conf.d/*.conf;
     include /etc/nginx/sites-enabled/*;
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 0a991cb..8429e56 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -10,7 +10,7 @@
       #- install_ssmtp
       - install_cronie
       - install_php
-      #- install_nginx
+      - install_nginx
       - install_ntp
       - install_haveged
       - setup_batman