Update ingress.conf

tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf

@@ -1,72 +1,38 @@
-server
-{
-  listen %%interface%%:%%port%% default_server;
-  include /etc/nginx/includes/server_params.conf;
-  include /etc/nginx/includes/proxy_params.conf;
-  client_max_body_size 0;
-  proxy_buffering off;
+server {
+    listen %%interface%%:%%port%% default_server;
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+    client_max_body_size 0;
 
-  location /
-  {
-    # Security
-    ######################
-    allow 172.30.32.2;
-    deny all;
+    location / {
+       proxy_pass http://127.0.0.1:8080;
+       proxy_buffering off;
+       proxy_read_timeout 30;
+       proxy_set_header Connection "Upgrade";
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Host $http_host;                   # try $host instead if this doesn't work
+       proxy_set_header X-Forwarded-Proto $scheme;         # http or https
+        
+       # Allow ingress subpath
+       proxy_set_header X-Script-Name %%ingress_entry%%;
+       proxy_cookie_path / %%ingress_entry%%;
 
-    # Base
-    ######################
-    proxy_bind $server_addr;
-    proxy_pass http://127.0.0.1:8080;
-    proxy_set_header Connection "Upgrade";
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       # Rewrite url
+       sub_filter_once off;
+       sub_filter_types *;
+       sub_filter "/static" "%%ingress_entry%%/static";
+       sub_filter "/media" "%%ingress_entry%%/media";
+       sub_filter "/view" "%%ingress_entry%%/view";
+       sub_filter "/search" "%%ingress_entry%%/search";
+       sub_filter "/edit" "%%ingress_entry%%/edit";
+       sub_filter "/api" "%%ingress_entry%%/api";
+       sub_filter "%%ingress_entry%%/api/hassio" "/api/hassio";
 
-    # Allow subpath
-    ######################
-    proxy_set_header X-Script-Name %%ingress_entry%%/;
-    proxy_cookie_path / %%ingress_entry%%/;
-
-    # Allow iframe
-    ######################
-    proxy_hide_header X-Frame-Options;
-    add_header Access-Control-Allow-Origin *;
-    proxy_set_header Accept-Encoding "";
-
-    # Avoid mixed contents
-    ######################
-    if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$")
-    {
-      set $x_scheme $1;
-      set $x_host $2;
-      set $x_port ":$3";
+       # Allow frames
+       proxy_hide_header "Content-Security-Policy";
+       add_header X-Frame-Options SAMEORIGIN;
+       add_header Access-Control-Allow-Origin *;
+       proxy_set_header Accept-Encoding "";
     }
-    if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$")
-    {
-      set $x_scheme $1;
-      set $x_host $2;
-      set $x_port "";
-    }
-    proxy_set_header X-Scheme $x_scheme;
-    proxy_redirect http://$host/ $x_scheme://$x_host$x_port/;
-    proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/;
-
-    # Rewrite url
-    ######################
-    sub_filter_once off;
-    sub_filter_types *;
-    sub_filter "%%ingress_entry%%//" "%%ingress_entry%%/";
-    sub_filter "/static" "%%ingress_entry%%/static";
-    sub_filter "/media" "%%ingress_entry%%/media";
-    #sub_filter "/view" "%%ingress_entry%%/view";
-    #sub_filter "/search" "%%ingress_entry%%/search";
-    #sub_filter "/edit/" "%%ingress_entry%%/edit/";
-
-    # Tests
-    ######################
-    #proxy_set_header X-Real-IP $remote_addr;
-    #proxy_set_header X-Forwarded-Host $server_name;
-    #proxy_set_header X-Forwarded-Proto $scheme;
-  }
-
+ 
 }