diff --git a/roles/archweb/defaults/main.yml b/roles/archweb/defaults/main.yml
index 664eef3fe6514bf8e791612136adc781f0c258f8..0868f464eb2fd75a5c390c99786f001d7044e907 100644
--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
@@ -9,6 +9,7 @@ archweb_domains_redirects:
         'packages.archlinux.org': '/packages$request_uri'
 archweb_domains_templates:
         'ipxe.archlinux.org': 'ipxe.archlinux.org.j2'
+archweb_allowed_hosts: ["{{ archweb_domain }}", 'ipxe.archlinux.org']
 archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
 archweb_repository: 'https://github.com/archlinux/archweb.git'
 archweb_version: release_2019-12-18
diff --git a/roles/archweb/templates/local_settings.py.j2 b/roles/archweb/templates/local_settings.py.j2
index 4e1bcaedad05ca1ad1e18418a072b798b54177f2..1e8449d9af6f7d8f73ad3b80c5c6197a3d2f0c50 100644
--- a/roles/archweb/templates/local_settings.py.j2
+++ b/roles/archweb/templates/local_settings.py.j2
@@ -67,7 +67,7 @@ SECRET_KEY = '{{ vault_archweb_secret_key }}'
 MAILMAN_PASSWORD = '{{ vault_archweb_mailman_password }}'
 
 # Hostnames we allow this site to be served under
-ALLOWED_HOSTS = ['{{ archweb_domain }}']
+ALLOWED_HOSTS = [{% for host in archweb_allowed_hosts %}'{{ host }}', {% endfor -%}]
 
 ## CDN settings
 CDN_ENABLED = False