From 9a92fa1007dc4b76f6228ac2657ce74c7148659c Mon Sep 17 00:00:00 2001 From: Alexandre Date: Mon, 20 May 2024 18:12:42 +0200 Subject: [PATCH] Try ingress --- birdnet-pi/CHANGELOG.md | 2 ++ birdnet-pi/README.md | 10 +++++++-- birdnet-pi/config.json | 21 +++++++++++++------ birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh | 3 +++ .../etc/cont-init.d/81-modifications.sh | 3 ++- .../rootfs/etc/nginx/servers/ingress.conf | 8 +++---- 6 files changed, 34 insertions(+), 13 deletions(-) diff --git a/birdnet-pi/CHANGELOG.md b/birdnet-pi/CHANGELOG.md index 9ca88891b..56b64bdb3 100644 --- a/birdnet-pi/CHANGELOG.md +++ b/birdnet-pi/CHANGELOG.md @@ -1,3 +1,5 @@ +- Breaking change : the main port has changed from 80 to 8081 to allow ssl +- Enable ssl access using either caddy's automated ssl (see Readme), or HomeAssistant's let's encrypt from the addon options - [INGRESS] allow access to streamlit, logs ## 0.13-33 (19-05-2024) diff --git a/birdnet-pi/README.md b/birdnet-pi/README.md index 037d337da..1215f6b66 100644 --- a/birdnet-pi/README.md +++ b/birdnet-pi/README.md @@ -53,8 +53,8 @@ BIRDS_ONLINE_INFO: uses either allaboutbird (US birds in english) or ebird (univ SPECIES_CONVERTER: if yes, you need to put in the file /config/convert_species_list.txt the list of species you want to convert (example : Falco subbuteo_Faucon hobereau;Falco tinnunculus_Faucon Crécerelle). It will convert on the fly the specie when detected TZ: Etc/UTC specify a timezone to use, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List ssl: true/false -certfile: fullchain.pem #ssl certificate, must be located in /ssl -keyfile: privkey.pem #sslkeyfile, must be located in /ssl +certfile: fullchain.pem #ssl certificate, must be located in /ssl. Generated by let's encrypt addon ; but you can also use yours +keyfile: privkey.pem #sslkeyfile, must be located in /ssl. Generated by let's encrypt addon ; but you can also use yours. pi_password: set the user password to access the web terminal localdisks: sda1 #put the hardware name of your drive to mount separated by commas, or its label. ex. sda1, sdb1, MYNAS... networkdisks: "//SERVER/SHARE" # optional, list of smb servers to mount, separated by commas @@ -89,6 +89,12 @@ The installation of this add-on is pretty straightforward and not different in c You can use apprise to send notifications with mqtt, then act on those using HomeAssistant Further informations : https://wander.ingstar.com/projects/birdnetpi.html +## Using ssl + +Option 1 : Install let's encrypt addon, generate certificates. They are by default certfile.pem and keyfile.pem stored in /ssl. Just enable ssl from the addon option and it will work. + +Option 2 : Use caddy's default ssl but then it requires the external port 80 or 443 to be mapped + ## Common issues Not yet available diff --git a/birdnet-pi/config.json b/birdnet-pi/config.json index e538bf48b..ebfa26841 100644 --- a/birdnet-pi/config.json +++ b/birdnet-pi/config.json @@ -66,20 +66,26 @@ "map": [ "addon_config:rw", "media:rw", - "share:rw" + "share:rw", + "ssl" ], "name": "BirdNET-pi", "options": { "BIRDSONGS_FOLDER": "/config/BirdSongs", "BIRDS_ONLINE_INFO": "ebird.org", - "TZ": "Europe/Paris" + "TZ": "Europe/Paris", + "certfile": "keychain.pem", + "keyfile": "privkey.pem", + "ssl": false }, "panel_icon": "mdi:bird", "ports": { - "80/tcp": 80 + "80/tcp": null, + "8081/tcp": 80 }, "ports_description": { - "80/tcp": "Web ui" + "80/tcp": "Optional : set to 80 to use caddy's automatic ssl", + "8081/tcp": "Web ui" }, "privileged": [ "SYS_ADMIN", @@ -95,13 +101,16 @@ "cifsusername": "str?", "localdisks": "str?", "networkdisks": "str?", - "pi_password": "password" + "pi_password": "password", + "certfile": "str", + "keyfile": "str", + "ssl": "bool" }, "slug": "birdnet-pi", "tmpfs": true, "udev": true, "url": "https://github.com/alexbelgium/hassio-addons/tree/master/birdnet-pi", "usb": true, - "version": "0.13-33", + "version": "0.13-34_test", "video": true } diff --git a/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh b/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh index f6a31d7fa..a64a3b00a 100755 --- a/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh +++ b/birdnet-pi/rootfs/etc/cont-init.d/31-ssl.sh @@ -7,9 +7,12 @@ set -e ############### if bashio::config.true 'ssl'; then + bashio::log "Ssl is enabled using addon options, setting up nginx" bashio::config.require.ssl certfile=$(bashio::config 'certfile') keyfile=$(bashio::config 'keyfile') sed -i "/root/a tls /ssl/${certfile} /ssl/${keyfile}" /etc/caddy/Caddyfile sed -i "s|http://|https://|g" /etc/caddy/Caddyfile fi + +echo " " diff --git a/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh b/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh index 4cebbb178..69e441ca0 100755 --- a/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh +++ b/birdnet-pi/rootfs/etc/cont-init.d/81-modifications.sh @@ -44,7 +44,8 @@ sed -i "/User=pi/d" "$HOME/BirdNET-Pi/templates/birdnet_log.service" sed -i "s|birdnet_log.sh|cat /proc/1/fd/1|g" "$HOME/BirdNET-Pi/templates/birdnet_log.service" # Make sure config is correctly formatted. -echo "... avoid caddy formatting errors" +echo "... caddyfile modifications" caddy fmt --overwrite /etc/caddy/Caddyfile +sed -i "s|http://|http://:8081|g" /etc/caddy/Caddyfile echo " " diff --git a/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf b/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf index 2e1ccd80d..756633aee 100644 --- a/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf +++ b/birdnet-pi/rootfs/etc/nginx/servers/ingress.conf @@ -8,22 +8,22 @@ location /log { # Proxy pass - proxy_pass http://localhost:80; + proxy_pass http://localhost:8081; } location /stats { # Proxy pass - proxy_pass http://localhost:80; + proxy_pass http://localhost:8081; } location /terminal { # Proxy pass - proxy_pass http://localhost:80; + proxy_pass http://localhost:8081; } location / { # Proxy pass - proxy_pass http://localhost:80; + proxy_pass http://localhost:8081; # Next three lines allow websockets proxy_http_version 1.1;