revert

tandoor_recipes/CHANGELOG.md

@@ -1,5 +1,3 @@
-## 1.5.6-test_ssl (14-10-2023)
-- Test if ssl is working
 
 ## 1.5.6 (02-09-2023)
 - Update to latest version from TandoorRecipes/recipes

tandoor_recipes/README.md

@@ -1,4 +1,4 @@
-## ⚠ Open Issue : [🐛 [Tandoor Recipes] is broken in pushed 1.5.6-test_ssl builds. (opened 2023-10-15)](https://github.com/alexbelgium/hassio-addons/issues/1032) by [@dcossey014](https://github.com/dcossey014)
+## ⚠ Open Request : [✨ [REQUEST] Tandoor Recipes disable Gunicorn Media (opened 2023-06-28)](https://github.com/alexbelgium/hassio-addons/issues/885) by [@nough](https://github.com/nough)
 # Hass.io Add-ons: Tandoor recipes
 
 [![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
@@ -35,9 +35,6 @@ Required :
     "PORT": 9928 # By default, the webui is available on http://HAurl:9928. If you ever need to change the port, you should never do it within the app, but only through this option
     "Environment": 0|1 # 1 is debug mode, 0 is normal mode. You should run in normal mode unless actively developing.
 Optional :
-    "ssl" : "true|false", # Set ssl 
-    "certfile" : "fullchain.pem", # Name of your ssl files located in /ssl
-    "keyfile" : "privkey.pem", # Name of your ssl files located in /ssl
     "POSTGRES_HOST": "str?", # Needed for postgresql_external
     "POSTGRES_PORT": "str?", # Needed for postgresql_external
     "POSTGRES_USER": "str?", # Needed for postgresql_external

tandoor_recipes/config.json

@@ -62,15 +62,13 @@
     "DB_ENGINE": "django.db.backends.sqlite3",
     "DISABLE_INGRESS": "true",
     "POSTGRES_DB": "/config/addons_config/tandoor_recipes/recipes.db",
-    "TANDOOR_PORT": "8081",
     "TRUSTED_PROXIES": "**"
   },
   "image": "ghcr.io/alexbelgium/tandoor_recipes-{arch}",
   "map": [
     "config:rw",
     "share:rw",
-    "media:rw",
-    "ssl:ro"
+    "media:rw"
   ],
   "name": "Tandoor recipes",
   "options": {
@@ -78,9 +76,7 @@
     "DB_TYPE": "sqlite",
     "DEBUG": "0",
     "SECRET_KEY": "YOUR_SECRET_KEY",
-    "certfile": "fullchain.pem",
-    "externalfiles_folder": "/config/addons_config/tandoor_recipes/externalfiles",
-    "keyfile": "privkey.pem"
+    "externalfiles_folder": "/config/addons_config/tandoor_recipes/externalfiles"
   },
   "panel_icon": "mdi:silverware-fork-knife",
   "panel_title": "Tandoor Recipes",
@@ -100,10 +96,7 @@
     "POSTGRES_PORT": "str?",
     "POSTGRES_USER": "str?",
     "SECRET_KEY": "str",
-    "certfile": "str?",
-    "externalfiles_folder": "str?",
-    "keyfile": "str?",
-    "ssl": "bool?"
+    "externalfiles_folder": "str?"
   },
   "services": [
     "mysql:want"
@@ -111,6 +104,5 @@
   "slug": "tandoor_recipes",
   "udev": true,
   "url": "https://github.com/alexbelgium/hassio-addons",
-  "version": "1.5.6",
-  "webui": "[PROTO:ssl]://[HOST]:[PORT:8080]"
+  "version": "1.5.6"
 }

tandoor_recipes/rootfs/etc/cont-init.d/32-ingress.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/bashio
+# shellcheck shell=bash
+set -e
+
+if [[ -n "${DISABLE_INGRESS}" ]]; then
+    bashio::log.info "Ingress disabled"
+    sed -i "/nginx/d" /etc/cont-init.d/99-run.sh
+    exit 0
+fi
+
+#################
+# NGINX SETTING #
+#################
+declare ingress_interface
+declare ingress_port
+
+ingress_port="$(bashio::addon.ingress_port)"
+ingress_interface="$(bashio::addon.ip_address)"
+ingress_entry=$(bashio::addon.ingress_entry)
+sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
+sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
+sed -i "s|%%ingress_entry%%|${ingress_entry}|g" /etc/nginx/servers/ingress.conf

tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf

@@ -0,0 +1,112 @@
+server {
+    listen %%interface%%:%%port%% default_server;
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+    client_max_body_size 0;
+
+    root /opt/recipes/cookbook;
+
+location /switch-space/ {
+    proxy_pass http://127.0.0.1:8080/switch-space/;
+
+       proxy_redirect "/" "%%ingress_entry%%/";
+
+       # Allow ingress subpath
+       #proxy_set_header X-Script-Name %%ingress_entry%%;
+       proxy_cookie_path / %%ingress_entry%%/;
+
+       # Allow frames
+       add_header X-Frame-Options SAMEORIGIN;
+       add_header Access-Control-Allow-Origin *;
+       proxy_set_header Accept-Encoding "";
+
+        # avoid mixed content
+        # Ensure work with both http and https (code by @met67)
+        if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") {
+          set $x_scheme $1;
+          set $x_host   $2;
+          set $x_port   ":$3";
+        }
+        # Ensure works if standard port (code by @met67)
+        if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") {
+          set $x_scheme $1;
+          set $x_host   $2;
+          set $x_port   "";
+        }
+        proxy_set_header X-Scheme          $x_scheme;
+        proxy_set_header X-Host            $x_host;
+        proxy_set_header X-Port            $x_port;
+        proxy_set_header X-Forwarded-Proto $x_scheme;
+
+        proxy_set_header Host $x_host$x_port;              # Required for addresses without ports
+
+        # Correct url without port when using https
+       absolute_redirect off; 
+       sub_filter_once off;
+       sub_filter_types *;
+       sub_filter          https://$x_host/          https://$x_host$x_port/;
+       sub_filter          http://$x_host/           http://$x_host$x_port/;
+       sub_filter "/static" "%%ingress_entry%%/static";
+       sub_filter "/media" "%%ingress_entry%%/media";
+       sub_filter "http://127.0.0.1:8080/" "/";
+}
+
+    location / {
+       proxy_pass http://127.0.0.1:8080;
+       proxy_buffering off;
+       proxy_read_timeout 30;
+       proxy_set_header Connection "Upgrade";
+       proxy_set_header Upgrade $http_upgrade;
+
+       # Allow ingress subpath
+       proxy_set_header X-Script-Name %%ingress_entry%%;
+       proxy_cookie_path / %%ingress_entry%%/;
+
+       # Allow frames
+       proxy_hide_header "Content-Security-Policy";
+       add_header X-Frame-Options SAMEORIGIN;           # Required for ingress frame
+       add_header Access-Control-Allow-Origin *;
+       proxy_set_header Accept-Encoding "";
+
+        # avoid mixed content
+        # Ensure work with both http and https (code by @met67)
+        if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") {
+          set $x_scheme $1;
+          set $x_host   $2;
+          set $x_port   ":$3";
+        }
+        # Ensure works if standard port (code by @met67)
+        if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") {
+          set $x_scheme $1;
+          set $x_host   $2;
+          set $x_port   "";
+        }
+        proxy_set_header X-Scheme          $x_scheme;
+        proxy_set_header X-Host            $x_host;
+        proxy_set_header X-Port            $x_port;
+        proxy_set_header X-Forwarded-Proto $x_scheme;
+
+        proxy_set_header Host $x_host$x_port;              # Required for addresses without ports
+
+        # Correct url without port when using https
+        absolute_redirect off;
+        sub_filter_once off;
+        sub_filter_types *;
+        sub_filter          https://$x_host/          https://$x_host$x_port/;
+        sub_filter          http://$x_host/           http://$x_host$x_port/;
+
+       # Rewrite url
+       sub_filter "/static" "%%ingress_entry%%/static";
+       sub_filter "/media" "%%ingress_entry%%/media";
+       sub_filter "http://127.0.0.1:8080/" "/";
+    }
+
+location /media/ {
+    alias /config/addons_config/tandoor_recipes/mediafiles/;
+  }
+
+location /static/ {
+    alias /data/recipes/staticfiles/;
+  }
+
+}