diff --git a/profiles/templates/homeassistant/nginx/0-ini.env b/profiles/templates/homeassistant/nginx/0-ini.env new file mode 100644 index 0000000..f70918c --- /dev/null +++ b/profiles/templates/homeassistant/nginx/0-ini.env @@ -0,0 +1,3 @@ +# Calculate format=samba path=/var/calculate name=#-cut(1)-# grep(/var/calculate/ini.env,\[nginx\])== protected +[nginx] +zigbee2mqtt_subpath = #-rnd(pas,32)-# diff --git a/profiles/templates/homeassistant/nginx/homeassistant.conf b/profiles/templates/homeassistant/nginx/homeassistant.conf index eca3332..94dd393 100644 --- a/profiles/templates/homeassistant/nginx/homeassistant.conf +++ b/profiles/templates/homeassistant/nginx/homeassistant.conf @@ -1,49 +1,54 @@ -# Calculate path=/etc/nginx/sites-enabled exists(/etc/nginx/sites-enabled/#-cut()-#)== comment=# +# Calculate path=/etc/nginx/sites-enabled exists(/etc/nginx/sites-enabled/#-cut()-#)== exists(/var/calculate/www/homeassistant/homeassistant-live)!= comment=# map $http_upgrade $connection_upgrade { default upgrade; '' close; } +#?ini(homeassistant.protocol)==https# +server { + listen 80; + server_name #-ini(homeassistant.domain)-#; + return 301 https://#-ini(homeassistant.domain)-#$request_uri; +} +#ini# server { + server_name #-ini(homeassistant.domain)-#; + +#?ini(homeassistant.protocol)==https# + ssl_certificate /var/calculate/ssl/fullchain.pem; + ssl_certificate_key /var/calculate/ssl/privkey.pem; + + listen 443 ssl; +#!ini# listen 80; +#ini# + + # Home Assistant location / { - proxy_pass "http://127.0.0.1:8123"; - proxy_connect_timeout 60; + proxy_pass http://127.0.0.1:8123; + proxy_set_header Host $host; + proxy_redirect http:// https://; proxy_http_version 1.1; - proxy_intercept_errors off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection $connection_upgrade; + } + + # Zigbee2MQTT + location /#-ini(nginx.zigbee2mqtt_subpath)-#/ { + proxy_pass http://localhost:8080/; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /#-ini(nginx.zigbee2mqtt_subpath)-#/api { + proxy_pass http://localhost:8080/api; + proxy_set_header Host $host; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } -} -server { - server_name #-ini(homeassistant.domain)-#; - - ssl_certificate /var/calculate/ssl/fullchain.pem; - ssl_certificate_key /var/calculate/ssl/privkey.pem; - - listen 443 ssl; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; - ssl_protocols TLSv1.2; - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - proxy_buffering off; - - location / { - proxy_pass http://127.0.0.1:8123; - proxy_set_header Host $host; - proxy_redirect http:// https://; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } } diff --git a/scripts/homeassistant/step/3-zigbee2mqtt.sh b/scripts/homeassistant/step/3-zigbee2mqtt.sh index ad68a35..3453e6f 100755 --- a/scripts/homeassistant/step/3-zigbee2mqtt.sh +++ b/scripts/homeassistant/step/3-zigbee2mqtt.sh @@ -74,6 +74,8 @@ mqtt: serial: # Location of USB sniffer port: ${ini[zigbee2mqtt.dev]} -frontend: true +frontend: + port: 8080 + host: 127.0.0.1 EOF eend diff --git a/scripts/homeassistant/step/4-config.sh b/scripts/homeassistant/step/4-config.sh index 01eb89d..59d1858 100755 --- a/scripts/homeassistant/step/4-config.sh +++ b/scripts/homeassistant/step/4-config.sh @@ -35,7 +35,7 @@ recorder: panel_iframe: zigbee: title: "Zigbee2mqtt" - url: "http://${ini[homeassistant.domain]}:8080" + url: "${ini[homeassistant.protocol]}://${ini[homeassistant.domain]}/${ini[nginx.zigbee2mqtt_subpath]}" icon: mdi:zigbee EOF