trusted proxies

fireflyiii/rootfs/etc/cont-init.d/30-ssl.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+###############
+# SSL SETTING #
+###############
+declare port
+declare certfile
+declare keyfile
+
+# Ssl values
+if bashio::config.true 'ssl'; then
+    echo "Defining ssl configuration"
+    bashio::config.require.ssl
+    certfile=$(bashio::config 'certfile')
+    keyfile=$(bashio::config 'keyfile')
+
+    #Check if files exist
+    echo "... checking if referenced certificates exist"
+    [ ! -f /ssl/"$certfile" ] && bashio::log.fatal "... use_own_certs is true but certificate /ssl/$certfile not found" && bashio::exit.nok
+    [ ! -f /ssl/"$keyfile" ] && bashio::log.fatal "... use_own_certs is true but certificate /ssl/$keyfile not found" && bashio::exit.nok
+
+
+    sed -i "/proxy_params.conf/a ssl_certificate /ssl/$certfile;" /etc/nginx/servers/ssl.conf
+    sed -i "/proxy_params.conf/a ssl_certificate_key /ssl/$keyfile;" /etc/nginx/servers/ssl.conf
+    bashio::log.info "Ssl enabled, please use https for connection. UI is at https://YOURIP:$(bashio::addon.port 2342)"
+else
+    rm -r /etc/nginx/servers/ssl.conf
+fi

fireflyiii/rootfs/etc/nginx/servers/ssl.conf

@@ -1,14 +1,21 @@
 server {
-    listen %%interface%%:%%port%% default_server;
+    listen 8443;
 
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/proxy_params.conf;
 
+    ssl_certificate /ssl/%%certfile%%;
+    ssl_certificate_key /ssl/%%keyfile%%;
+
     client_max_body_size 0;
 
-  location / {
-    root /var/www/firefly-iii/public/;
-  }
+	root /var/www/firefly-iii/public/;
+
+	index index.html;
+
+    location / {
+        root /var/www/firefly-iii/public/;
+    }
 
    location ~* \.php(?:$|/) {
       include snippets/fastcgi-php.conf;
@@ -17,5 +24,3 @@ server {
       fastcgi_pass unix:/run/php/php8.0-fpm.sock;
    }
 }
-
-