From d6b16822347c699acf660b89b6b5b4baba09f123 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Sat, 14 Oct 2023 22:41:27 +0200 Subject: [PATCH] Improve --- tandoor_recipes/config.json | 2 +- .../rootfs/etc/nginx/servers/ingress.conf | 112 ------------------ .../rootfs/etc/services.d/nginx/finish | 8 ++ .../rootfs/etc/services.d/nginx/run | 9 ++ 4 files changed, 18 insertions(+), 113 deletions(-) delete mode 100644 tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf create mode 100644 tandoor_recipes/rootfs/etc/services.d/nginx/finish create mode 100644 tandoor_recipes/rootfs/etc/services.d/nginx/run diff --git a/tandoor_recipes/config.json b/tandoor_recipes/config.json index b83850416..d406df5e1 100644 --- a/tandoor_recipes/config.json +++ b/tandoor_recipes/config.json @@ -111,6 +111,6 @@ "slug": "tandoor_recipes", "udev": true, "url": "https://github.com/alexbelgium/hassio-addons", - "version": "1.5.6-test_ssl", + "version": "1.5.6-test_ssl2", "webui": "[PROTO:ssl]://[HOST]:[PORT:8080]" } diff --git a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf deleted file mode 100644 index 3a2f5202a..000000000 --- a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf +++ /dev/null @@ -1,112 +0,0 @@ -server { - listen %%interface%%:%%port%% default_server; - include /etc/nginx/includes/server_params.conf; - include /etc/nginx/includes/proxy_params.conf; - client_max_body_size 0; - - root /opt/recipes/cookbook; - -location /switch-space/ { - proxy_pass http://127.0.0.1:8080/switch-space/; - - proxy_redirect "/" "%%ingress_entry%%/"; - - # Allow ingress subpath - #proxy_set_header X-Script-Name %%ingress_entry%%; - proxy_cookie_path / %%ingress_entry%%/; - - # Allow frames - add_header X-Frame-Options SAMEORIGIN; - add_header Access-Control-Allow-Origin *; - proxy_set_header Accept-Encoding ""; - - # avoid mixed content - # Ensure work with both http and https (code by @met67) - if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") { - set $x_scheme $1; - set $x_host $2; - set $x_port ":$3"; - } - # Ensure works if standard port (code by @met67) - if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") { - set $x_scheme $1; - set $x_host $2; - set $x_port ""; - } - proxy_set_header X-Scheme $x_scheme; - proxy_set_header X-Host $x_host; - proxy_set_header X-Port $x_port; - proxy_set_header X-Forwarded-Proto $x_scheme; - - proxy_set_header Host $x_host$x_port; # Required for addresses without ports - - # Correct url without port when using https - absolute_redirect off; - sub_filter_once off; - sub_filter_types *; - sub_filter https://$x_host/ https://$x_host$x_port/; - sub_filter http://$x_host/ http://$x_host$x_port/; - sub_filter "/static" "%%ingress_entry%%/static"; - sub_filter "/media" "%%ingress_entry%%/media"; - sub_filter "http://127.0.0.1:8080/" "/"; -} - - location / { - proxy_pass http://127.0.0.1:8080; - proxy_buffering off; - proxy_read_timeout 30; - proxy_set_header Connection "Upgrade"; - proxy_set_header Upgrade $http_upgrade; - - # Allow ingress subpath - proxy_set_header X-Script-Name %%ingress_entry%%; - proxy_cookie_path / %%ingress_entry%%/; - - # Allow frames - proxy_hide_header "Content-Security-Policy"; - add_header X-Frame-Options SAMEORIGIN; # Required for ingress frame - add_header Access-Control-Allow-Origin *; - proxy_set_header Accept-Encoding ""; - - # avoid mixed content - # Ensure work with both http and https (code by @met67) - if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") { - set $x_scheme $1; - set $x_host $2; - set $x_port ":$3"; - } - # Ensure works if standard port (code by @met67) - if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") { - set $x_scheme $1; - set $x_host $2; - set $x_port ""; - } - proxy_set_header X-Scheme $x_scheme; - proxy_set_header X-Host $x_host; - proxy_set_header X-Port $x_port; - proxy_set_header X-Forwarded-Proto $x_scheme; - - proxy_set_header Host $x_host$x_port; # Required for addresses without ports - - # Correct url without port when using https - absolute_redirect off; - sub_filter_once off; - sub_filter_types *; - sub_filter https://$x_host/ https://$x_host$x_port/; - sub_filter http://$x_host/ http://$x_host$x_port/; - - # Rewrite url - sub_filter "/static" "%%ingress_entry%%/static"; - sub_filter "/media" "%%ingress_entry%%/media"; - sub_filter "http://127.0.0.1:8080/" "/"; - } - -location /media/ { - alias /config/addons_config/tandoor_recipes/mediafiles/; - } - -location /static/ { - alias /data/recipes/staticfiles/; - } - -} diff --git a/tandoor_recipes/rootfs/etc/services.d/nginx/finish b/tandoor_recipes/rootfs/etc/services.d/nginx/finish new file mode 100644 index 000000000..444240135 --- /dev/null +++ b/tandoor_recipes/rootfs/etc/services.d/nginx/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/tandoor_recipes/rootfs/etc/services.d/nginx/run b/tandoor_recipes/rootfs/etc/services.d/nginx/run new file mode 100644 index 000000000..342b2ef69 --- /dev/null +++ b/tandoor_recipes/rootfs/etc/services.d/nginx/run @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e +# ============================================================================== + +bashio::net.wait_for "$port" localhost 8081 + +bashio::log.info "Starting NGinx..." +exec nginx