The problem is that if we don't add this feature in ansible-openwisp2 you will lose your manual edit the next time you upgrade openwisp2.
Adding this to ansible-openwisp2 would be almost trivial, you just need to define a variable here: https://github.com/openwisp/ansible-openwisp2/blob/master/defaults/main.yml Eg: *openwisp2_admin_allowed_network* which can default to *null* (meaning all networks are allowed) and if specified generates that block of configuration in the nginx template: https://github.com/openwisp/ansible-openwisp2/blob/master/templates/nginx.j2 {% if openwisp2_admin_allowed_network %} location /admin { try_files /opt/openwisp2/public_html/maintenance.html $uri @uwsgi; allow {{ openwisp2_admin_allowed_network }}; deny all; } {% endif %} Then you can test it by running the modified playbook (link the cloned repository to /etc/ansible/roles/openwisp.openwisp2) and ensuring the configuration is written on the server. To test if other ranges are effectively denied access you can send me your admin url privately. If you need more help come on chat! https://gitter.im/openwisp/general Federico On Tuesday, July 4, 2017 at 4:12:14 PM UTC+2, henriqsc wrote: > > Ok, apparently adding the following lines solved the problem at least for > the console part. > > location /admin { > try_files /opt/openwisp2/public_html/maintenance.html $uri @uwsgi; > allow TRUSTED_NETWORK; > deny all; > } > > Unfortunatly right now I don't have a client to check if itwill work > outside the trusted IP range, but I might have some of them soon. > > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
