Try ingress

2026-03-13 16:34:22 +01:00 · 2024-05-20 18:12:42 +02:00
parent 80e005ff6a
commit 9a92fa1007
6 changed files with 34 additions and 13 deletions
--- a/birdnet-pi/CHANGELOG.md
+++ b/birdnet-pi/CHANGELOG.md
@@ -1,3 +1,5 @@
+- Breaking change : the main port has changed from 80 to 8081 to allow ssl
+- Enable ssl access using either caddy's automated ssl (see Readme), or HomeAssistant's let's encrypt from the addon options
 - [INGRESS] allow access to streamlit, logs

 ## 0.13-33 (19-05-2024)
--- a/birdnet-pi/README.md
+++ b/birdnet-pi/README.md
@@ -53,8 +53,8 @@ BIRDS_ONLINE_INFO: uses either allaboutbird (US birds in english) or ebird (univ
 SPECIES_CONVERTER: if yes, you need to put in the file /config/convert_species_list.txt the list of species you want to convert (example : Falco subbuteo_Faucon hobereau;Falco tinnunculus_Faucon Crécerelle). It will convert on the fly the specie when detected
 TZ: Etc/UTC specify a timezone to use, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 ssl: true/false
-certfile: fullchain.pem #ssl certificate, must be located in /ssl
-keyfile: privkey.pem #sslkeyfile, must be located in /ssl
+certfile: fullchain.pem #ssl certificate, must be located in /ssl. Generated by let's encrypt addon ; but you can also use yours
+keyfile: privkey.pem #sslkeyfile, must be located in /ssl. Generated by let's encrypt addon ; but you can also use yours.
 pi_password: set the user password to access the web terminal
 localdisks: sda1 #put the hardware name of your drive to mount separated by commas, or its label. ex. sda1, sdb1, MYNAS...
 networkdisks: "//SERVER/SHARE" # optional, list of smb servers to mount, separated by commas
@@ -89,6 +89,12 @@ The installation of this add-on is pretty straightforward and not different in c
 You can use apprise to send notifications with mqtt, then act on those using HomeAssistant
 Further informations : https://wander.ingstar.com/projects/birdnetpi.html

+## Using ssl
+
+Option 1 : Install let's encrypt addon, generate certificates. They are by default certfile.pem and keyfile.pem stored in /ssl. Just enable ssl from the addon option and it will work.
+
+Option 2 : Use caddy's default ssl but then it requires the external port 80 or 443 to be mapped
+
 ## Common issues

 Not yet available
--- a/birdnet-pi/config.json
+++ b/birdnet-pi/config.json
@@ -66,20 +66,26 @@
  "map": [
    "addon_config:rw",
    "media:rw",
-    "share:rw"
+    "share:rw",
+    "ssl"
  ],
  "name": "BirdNET-pi",
  "options": {
    "BIRDSONGS_FOLDER": "/config/BirdSongs",
    "BIRDS_ONLINE_INFO": "ebird.org",
-    "TZ": "Europe/Paris"
+    "TZ": "Europe/Paris",
+    "certfile": "keychain.pem",
+    "keyfile": "privkey.pem",
+    "ssl": false
  },
  "panel_icon": "mdi:bird",
  "ports": {
-    "80/tcp": 80
+    "80/tcp": null,
+    "8081/tcp": 80
  },
  "ports_description": {
-    "80/tcp": "Web ui"
+    "80/tcp": "Optional : set to 80 to use caddy's automatic ssl",
+    "8081/tcp": "Web ui"
  },
  "privileged": [
    "SYS_ADMIN",
@@ -95,13 +101,16 @@
    "cifsusername": "str?",
    "localdisks": "str?",
    "networkdisks": "str?",
-    "pi_password": "password"
+    "pi_password": "password",
+    "certfile": "str",
+    "keyfile": "str",
+    "ssl": "bool"
  },
  "slug": "birdnet-pi",
  "tmpfs": true,
  "udev": true,
  "url": "https://github.com/alexbelgium/hassio-addons/tree/master/birdnet-pi",
  "usb": true,
-  "version": "0.13-33",
+  "version": "0.13-34_test",
  "video": true
 }
--- a/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh
+++ b/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh
@@ -7,9 +7,12 @@ set -e
 ###############

 if bashio::config.true 'ssl'; then
+    bashio::log "Ssl is enabled using addon options, setting up nginx"
    bashio::config.require.ssl
    certfile=$(bashio::config 'certfile')
    keyfile=$(bashio::config 'keyfile')
    sed -i "/root/a tls /ssl/${certfile} /ssl/${keyfile}" /etc/caddy/Caddyfile
    sed -i "s|http://|https://|g" /etc/caddy/Caddyfile
 fi
+
+echo " "
--- a/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh
+++ b/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh
@@ -44,7 +44,8 @@ sed -i "/User=pi/d" "$HOME/BirdNET-Pi/templates/birdnet_log.service"
 sed -i "s|birdnet_log.sh|cat /proc/1/fd/1|g" "$HOME/BirdNET-Pi/templates/birdnet_log.service"

 # Make sure config is correctly formatted.
-echo "... avoid caddy formatting errors"
+echo "... caddyfile modifications"
 caddy fmt --overwrite /etc/caddy/Caddyfile
+sed -i "s|http://|http://:8081|g" /etc/caddy/Caddyfile

 echo " "
--- a/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf
+++ b/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf
@@ -8,22 +8,22 @@

    location /log {
      # Proxy pass
-      proxy_pass http://localhost:80;
+      proxy_pass http://localhost:8081;
    }

    location /stats {
      # Proxy pass
-      proxy_pass http://localhost:80;
+      proxy_pass http://localhost:8081;
    }

    location /terminal {
      # Proxy pass
-      proxy_pass http://localhost:80;
+      proxy_pass http://localhost:8081;
    }

    location / {
      # Proxy pass
-      proxy_pass http://localhost:80;
+      proxy_pass http://localhost:8081;

      # Next three lines allow websockets
      proxy_http_version 1.1;