avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-01-10 09:51:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reapply "trusted proxies"

Browse Source 
This reverts commit 72be30c25f.
This commit is contained in:
Alexandre
2024-07-27 09:56:16 +02:00
parent 72be30c25f
commit 32abce6b77
3 changed files with 50 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
fireflyiii/config.json
View File

@@ -82,10 +82,12 @@
"silent": "true"
},
"ports": {
"8080/tcp": 3473
"8080/tcp": 3473,
"8443/tcp": null
},
"ports_description": {
"8080/tcp": "web interface"
"8080/tcp": "web interface",
"8443/tcp": "ssl web interface"
},
"schema": {
"APP_KEY": "str",
@@ -97,7 +99,10 @@
"DB_PORT": "str?",
"DB_USERNAME": "str?",
"Updates": "list(|hourly|daily|weekly)?",
"silent": "bool?"
"keyfile": "str",
"certfile": "str",
"silent": "bool?",
"ssl": "bool"
},
"services": [
"mysql:want"
@@ -106,6 +111,6 @@
"startup": "services",
"udev": true,
"url": "https://github.com/alexbelgium/hassio-addons",
"version": "6.1.19",
"version": "6.1.18-2",
"webui": "[PROTO:ssl]://[HOST]:[PORT:8080]"
}

30
fireflyiii/rootfs/etc/cont-init.d/30-ssl.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/with-contenv bashio
# shellcheck shell=bash
set -e
###############
# SSL SETTING #
###############
declare port
declare certfile
declare keyfile
# Ssl values
if bashio::config.true 'ssl'; then
echo "Defining ssl configuration"
bashio::config.require.ssl
certfile=$(bashio::config 'certfile')
keyfile=$(bashio::config 'keyfile')
#Check if files exist
echo "... checking if referenced certificates exist"
[ ! -f /ssl/"$certfile" ] && bashio::log.fatal "... use_own_certs is true but certificate /ssl/$certfile not found" && bashio::exit.nok
[ ! -f /ssl/"$keyfile" ] && bashio::log.fatal "... use_own_certs is true but certificate /ssl/$keyfile not found" && bashio::exit.nok
sed -i "/proxy_params.conf/a ssl_certificate /ssl/$certfile;" /etc/nginx/servers/ssl.conf
sed -i "/proxy_params.conf/a ssl_certificate_key /ssl/$keyfile;" /etc/nginx/servers/ssl.conf
bashio::log.info "Ssl enabled, please use https for connection. UI is at https://YOURIP:$(bashio::addon.port 2342)"
else
rm -r /etc/nginx/servers/ssl.conf
fi

17
fireflyiii/rootfs/etc/nginx/servers/ingress.conf → fireflyiii/rootfs/etc/nginx/servers/ssl.conf
View File

@@ -1,14 +1,21 @@
server {
listen %%interface%%:%%port%% default_server;
listen 8443;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
client_max_body_size 0;
location / {
root /var/www/firefly-iii/public/;
}
root /var/www/firefly-iii/public/;
index index.html;
location / {
root /var/www/firefly-iii/public/;
}
location ~* \.php(?:$|/) {
include snippets/fastcgi-php.conf;
@@ -17,5 +24,3 @@ server {
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
}