roles/archweb: Define an allowed hosts var

Created a new variable called archweb_allowed_hosts that allows ipxe.archlinux.org to be served under archweb. We make sure on the nginx template that only a small subset of the locations is served with weaker ciphers.

roles/archweb: Define an allowed hosts var
0cc404c0 · Giancarlo Razzolini · b7eccef1 · 0cc404c0 · 0cc404c0
Verified Commit 0cc404c0 authored 5 years ago by Giancarlo Razzolini
--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
@@ -9,6 +9,7 @@ archweb_domains_redirects:
        'packages.archlinux.org': '/packages$request_uri'
 archweb_domains_templates:
        'ipxe.archlinux.org': 'ipxe.archlinux.org.j2'
+archweb_allowed_hosts: ["{{ archweb_domain }}", 'ipxe.archlinux.org']
 archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
 archweb_repository: 'https://github.com/archlinux/archweb.git'
 archweb_version: release_2019-12-18

--- a/roles/archweb/templates/local_settings.py.j2
+++ b/roles/archweb/templates/local_settings.py.j2
@@ -67,7 +67,7 @@ SECRET_KEY = '{{ vault_archweb_secret_key }}'
 MAILMAN_PASSWORD = '{{ vault_archweb_mailman_password }}'

 # Hostnames we allow this site to be served under
-ALLOWED_HOSTS = ['{{ archweb_domain }}']
+ALLOWED_HOSTS = [{% for host in archweb_allowed_hosts %}'{{ host }}', {% endfor -%}]

 ## CDN settings
 CDN_ENABLED = False