diff --git a/roles/service-nginx-firmware/tasks/main.yml b/roles/service-nginx-firmware/tasks/main.yml index ffde07a..c2894d8 100644 --- a/roles/service-nginx-firmware/tasks/main.yml +++ b/roles/service-nginx-firmware/tasks/main.yml @@ -39,3 +39,12 @@ group: root mode: 0644 notify: reload nginx + +- name: write opkg.conf + template: + src: opkg_vhost.conf.j2 + dest: /etc/nginx/conf.d/opkg.conf + owner: root + group: root + mode: 0644 + notify: reload nginx diff --git a/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2 b/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2 new file mode 100644 index 0000000..6f4f5ba --- /dev/null +++ b/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2 @@ -0,0 +1,20 @@ +server { + listen 80; + listen [::]:80; + + server_name opkg.{{ http_domain_internal }}; + + allow 127.0.0.0/8; + allow ::1; +{% for prefix in internal_prefixes %} + allow {{ prefix.ipv4 }}; + allow {{ prefix.ipv6 }}; +{% endfor%} + deny all; + + location / { + proxy_pass https://downloads.openwrt.org/; + proxy_connect_timeout 6s; + } + +}