Merge pull request #71 from home-assistant/build

Nginx proxy
2026-02-11 16:14:20 +01:00 · 2017-05-18 13:45:21 +02:00
parent 6d10c1d164 bf5e0314d4
commit eac715ffa8
4 changed files with 112 additions and 0 deletions
--- a/nginx_proxy/Dockerfile
+++ b/nginx_proxy/Dockerfile
@@ -0,0 +1,15 @@
+FROM %%BASE_IMAGE%%
+
+# Add env
+ENV LANG C.UTF-8
+
+# Setup base
+RUN apk add --no-cache jq nginx libressl
+
+# Copy data
+COPY run.sh /
+COPY nginx.conf /etc/
+
+RUN chmod a+x /run.sh
+
+CMD [ "/run.sh" ]
--- a/nginx_proxy/config.json
+++ b/nginx_proxy/config.json
@@ -0,0 +1,25 @@
+{
+  "name": "Nginx HomeAssistant SSL proxy",
+  "version": "0.1",
+  "slug": "nginx_proxy",
+  "description": "Use nginx as SSL proxy to HomeAssistant instance",
+  "url": "https://home-assistant.io/addons/nginx_proxy/",
+  "startup": "after",
+  "boot": "auto",
+  "ports": {
+    "80/tcp": 80,
+    "443/tcp": 443
+   },
+  "map": ["ssl"],
+  "options": {
+    "domain": "domain",
+    "certfile": "fullchain.pem",
+    "keyfile": "privkey.pem"
+  },
+  "schema": {
+    "domain": "str",
+    "certfile": "str",
+    "keyfile": "str"
+  },
+  "image": "homeassistant/{arch}-addon-nginx_proxy"
+}
--- a/nginx_proxy/nginx.conf
+++ b/nginx_proxy/nginx.conf
@@ -0,0 +1,47 @@
+daemon off;
+error_log stderr;
+
+http {
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    server {
+        server_name %%DOMAIN%%;
+
+        # These shouldn't need to be changed
+        listen [::]:80 default_server ipv6only=off;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        server_name %%DOMAIN%%;
+
+        ssl_certificate /ssl/%%FULLCHAIN%%;
+        ssl_certificate_key /ssl/%%PRIVKEY%%;
+
+        # dhparams file
+        ssl_dhparam /data/dhparams.pem;
+
+        listen [::]:443 http2 default_server ipv6only=off;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+        ssl on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+
+        proxy_buffering off;
+
+        location / {
+            proxy_pass http://172.17.0.1:8123;
+            proxy_set_header Host $host;
+            proxy_redirect http:// https://;
+            proxy_http_version 1.1;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
+    }
+}
--- a/nginx_proxy/run.sh
+++ b/nginx_proxy/run.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -e
+
+CONFIG_PATH=/data/options.json
+DHPARAMS_PATH=/data/dhparams.pem
+
+DOMAIN=$(jq --raw-output ".domain" $CONFIG_PATH)
+KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
+CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
+
+
+# Generate dhparams
+if [ ! -f "$DHPARAMS_PATH" ]; then
+    echo "[INFO] Generate dhparams..."
+    openssl dhparam -dsaparam -out "$DHPARAMS_PATH" 4096 > /dev/null
+fi
+
+# Prepare config file
+sed -i "s/%%FULLCHAIN%%/$CERTFILE/g" /etc/nginx.conf
+sed -i "s/%%PRIVKEY%%/$KEYFILE/g" /etc/nginx.conf
+sed -i "s/%%DOMAIN%%/$DOMAIN/g" /etc/nginx.conf
+
+# start server
+echo "[INFO] Run nginx"
+exec nginx -c /etc/nginx.conf < /dev/null