aljaz/addons
1
0
Fork 0
mirror of https://github.com/aljazceru/addons.git synced 2025-12-17 13:14:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change redirection method for incorrect hostname (#177)

Browse Source 
* Change redirection method for incorrect hostname

* Update nginx.conf

* Update run.sh

* Update config.json
This commit is contained in:
Alex MF
2017-09-05 09:16:37 +01:00
committed by Pascal Vizeli
parent 1f0f8a217c
commit 211f534ca3
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nginx_proxy/config.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "NGINX Home Assistant SSL proxy", "name": "NGINX Home Assistant SSL proxy",
"version": "0.6", "version": "0.7",
"slug": "nginx_proxy", "slug": "nginx_proxy",
"description": "An SSL/TLS proxy", "description": "An SSL/TLS proxy",
"url": "https://home-assistant.io/addons/nginx_proxy/", "url": "https://home-assistant.io/addons/nginx_proxy/",

9
nginx_proxy/nginx.conf
View File

@@ -13,6 +13,11 @@ http {
} }
server { server {
server_name _;
listen [::]:80 default_server ipv6only=off;
listen [::]:443 ssl http2 default_server ipv6only=off;
ssl_certificate /data/ssl-cert-snakeoil.pem;
ssl_certificate_key /data/ssl-cert-snakeoil.key;
return 444; return 444;
} }
@@ -20,7 +25,7 @@ http {
server_name %%DOMAIN%%; server_name %%DOMAIN%%;
# These shouldn't need to be changed # These shouldn't need to be changed
listen [::]:80 default_server ipv6only=off; listen [::]:80;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
@@ -33,7 +38,7 @@ http {
# dhparams file # dhparams file
ssl_dhparam /data/dhparams.pem; ssl_dhparam /data/dhparams.pem;
listen [::]:443 http2 default_server ipv6only=off; listen [::]:443 http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on; ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

9
nginx_proxy/run.sh
View File

@@ -4,17 +4,24 @@ set -e
CONFIG_PATH=/data/options.json CONFIG_PATH=/data/options.json
DHPARAMS_PATH=/data/dhparams.pem DHPARAMS_PATH=/data/dhparams.pem
SNAKEOIL_CERT=/data/ssl-cert-snakeoil.pem
SNAKEOIL_KEY=/data/ssl-cert-snakeoil.key
DOMAIN=$(jq --raw-output ".domain" $CONFIG_PATH) DOMAIN=$(jq --raw-output ".domain" $CONFIG_PATH)
KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH) KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH) CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
# Generate dhparams # Generate dhparams
if [ ! -f "$DHPARAMS_PATH" ]; then if [ ! -f "$DHPARAMS_PATH" ]; then
echo "[INFO] Generate dhparams..." echo "[INFO] Generate dhparams..."
openssl dhparam -dsaparam -out "$DHPARAMS_PATH" 4096 > /dev/null openssl dhparam -dsaparam -out "$DHPARAMS_PATH" 4096 > /dev/null
fi fi
if [ ! -f "$SNAKEOIL_CERT" ]; then
echo "[INFO] Create snakeoil (self-signed certificate)"
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $SNAKEOIL_KEY -out $SNAKEOIL_CERT -subj '/CN=localhost'
fi
# Prepare config file # Prepare config file
sed -i "s/%%FULLCHAIN%%/$CERTFILE/g" /etc/nginx.conf sed -i "s/%%FULLCHAIN%%/$CERTFILE/g" /etc/nginx.conf
sed -i "s/%%PRIVKEY%%/$KEYFILE/g" /etc/nginx.conf sed -i "s/%%PRIVKEY%%/$KEYFILE/g" /etc/nginx.conf