diff --git a/home-panel/Dockerfile b/home-panel/Dockerfile index 74f7c0e..b67e610 100644 --- a/home-panel/Dockerfile +++ b/home-panel/Dockerfile @@ -13,19 +13,22 @@ RUN \ yarn=1.16.0-r0 \ \ && apk add --no-cache \ - nginx=1.16.0-r2 \ + nginx=1.16.1-r0 \ nodejs-current=12.4.0-r0 \ \ - && curl -J -L -o /tmp/panel.zip \ - "https://github.com/timmo001/home-panel/releases/download/v1.0.0/home-panel-built-v0.10.0.zip" \ - && unzip -d /tmp /tmp/panel.zip \ - && mv /tmp/build /opt/panel \ + # TODO: Replace with release tag + && git clone --branch "master" --depth=1 \ + "https://github.com/timmo001/home-panel.git" /tmp/api \ + && mv /tmp/api/api /opt/panel \ \ - && git clone --branch "v1.0.0" --depth=1 \ - "https://github.com/timmo001/home-panel.git" /tmp/panel \ - && mv /tmp/panel/api /opt/api \ + && mkdir -p /tmp/panel \ + # TODO: Replace with actual download + && curl -J -L -o /tmp/panel.zip \ + "https://gitlab.com/timmo/home-panel/-/jobs/284851910/artifacts/download" \ + && unzip -d /tmp/panel /tmp/panel.zip \ + && mv /tmp/panel/build/* /opt/panel/public \ \ - && cd /opt/api \ + && cd /opt/panel \ && yarn install \ \ && yarn cache clean \ diff --git a/home-panel/config.json b/home-panel/config.json index 307a5d7..e175ec7 100644 --- a/home-panel/config.json +++ b/home-panel/config.json @@ -19,12 +19,10 @@ "homeassistant_api": true, "ingress": false, "ports": { - "80/tcp": 8234, - "3234/tcp": 3234 + "80/tcp": null }, "ports_description": { - "80/tcp": "Web UI", - "3234/tcp": "API" + "80/tcp": "Web UI (Not required for Hass.io Ingress)" }, "map": [ "config:rw", @@ -39,6 +37,7 @@ "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?", "ssl": "bool", "certfile": "str", - "keyfile": "str" + "keyfile": "str", + "leave_front_door_open": "bool?" } } diff --git a/home-panel/rootfs/etc/cont-init.d/nginx.sh b/home-panel/rootfs/etc/cont-init.d/nginx.sh index 844bfb9..8822a67 100644 --- a/home-panel/rootfs/etc/cont-init.d/nginx.sh +++ b/home-panel/rootfs/etc/cont-init.d/nginx.sh @@ -1,7 +1,7 @@ #!/usr/bin/with-contenv bashio # ============================================================================== -# Community Hass.io Add-ons: Matrix -# Configures NGINX for use with Riot +# Community Hass.io Add-ons: Home Panel +# Configures NGINX for use with thelounge # ============================================================================== declare port declare certfile @@ -16,8 +16,8 @@ if bashio::var.has_value "${port}"; then keyfile=$(bashio::config 'keyfile') mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf - sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf - sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf + sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf + sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf else mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf diff --git a/home-panel/rootfs/etc/cont-init.d/secrets.sh b/home-panel/rootfs/etc/cont-init.d/secrets.sh index 4227a28..37c13d2 100644 --- a/home-panel/rootfs/etc/cont-init.d/secrets.sh +++ b/home-panel/rootfs/etc/cont-init.d/secrets.sh @@ -4,4 +4,4 @@ # This updates the internal auth secret for the API # ============================================================================== # shellcheck disable=2094,2016 -bashio::jq /etc/home-panel/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/api/config/default.json +bashio::jq /opt/panel/config/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/panel/config/default.json diff --git a/home-panel/rootfs/etc/home-panel/default.json b/home-panel/rootfs/etc/home-panel/default.json deleted file mode 100644 index b658ca0..0000000 --- a/home-panel/rootfs/etc/home-panel/default.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "host": "localhost", - "port": 3234, - "public": "../public/", - "paginate": { - "default": 10, - "max": 50 - }, - "authentication": { - "secret": "API_AUTH_SECRET", - "strategies": ["jwt", "local"], - "path": "/authentication", - "service": "users", - "jwt": { - "header": { - "typ": "access" - }, - "audience": "https://timmo.dev/home-panel", - "subject": "anonymous", - "issuer": "feathers", - "algorithm": "HS256", - "expiresIn": "1d" - }, - "local": { - "entity": "user", - "usernameField": "username", - "passwordField": "password" - }, - "cookie": { - "enabled": true, - "name": "feathers-jwt", - "httpOnly": false, - "secure": false - } - }, - "nedb": "/data" -} diff --git a/home-panel/rootfs/etc/nginx/includes/proxy_params.conf b/home-panel/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 0000000..ec26601 --- /dev/null +++ b/home-panel/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding "gzip"; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/home-panel/rootfs/etc/nginx/includes/resolver.conf b/home-panel/rootfs/etc/nginx/includes/resolver.conf index 758ca69..6485af1 100644 --- a/home-panel/rootfs/etc/nginx/includes/resolver.conf +++ b/home-panel/rootfs/etc/nginx/includes/resolver.conf @@ -1 +1 @@ -resolver 172.30.32.2; +resolver 127.0.0.11; diff --git a/home-panel/rootfs/etc/nginx/includes/server_params.conf b/home-panel/rootfs/etc/nginx/includes/server_params.conf index f90db57..959e1e3 100644 --- a/home-panel/rootfs/etc/nginx/includes/server_params.conf +++ b/home-panel/rootfs/etc/nginx/includes/server_params.conf @@ -1,6 +1,6 @@ -root /opt/panel; +root /dev/null; server_name $hostname; -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; -add_header X-Robots-Tag none; +add_header "X-Content-Type-Options" "nosniff"; +add_header "X-XSS-Protection" "1; mode=block"; +add_header "X-Robots-Tag" "none"; diff --git a/home-panel/rootfs/etc/nginx/includes/upstream.conf b/home-panel/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 0000000..83597c2 --- /dev/null +++ b/home-panel/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:8234; +} diff --git a/home-panel/rootfs/etc/nginx/modules/ndk_http.conf b/home-panel/rootfs/etc/nginx/modules/ndk_http.conf deleted file mode 100644 index 2663122..0000000 --- a/home-panel/rootfs/etc/nginx/modules/ndk_http.conf +++ /dev/null @@ -1 +0,0 @@ -load_module "/usr/lib/nginx/modules/ndk_http_module.so"; diff --git a/home-panel/rootfs/etc/nginx/nginx.conf b/home-panel/rootfs/etc/nginx/nginx.conf index e0e2e26..7e5bc6f 100644 --- a/home-panel/rootfs/etc/nginx/nginx.conf +++ b/home-panel/rootfs/etc/nginx/nginx.conf @@ -18,7 +18,9 @@ error_log /proc/1/fd/1 error; # Load allowed environment vars env HASSIO_TOKEN; -env DISABLE_HA_AUTHENTICATION; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; # Max num of simultaneous connections by a worker process. events { @@ -48,6 +50,7 @@ http { } include /etc/nginx/includes/resolver.conf; + include /etc/nginx/includes/upstream.conf; include /etc/nginx/servers/*.conf; } diff --git a/home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled b/home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled index f09b758..10f7b46 100644 --- a/home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled +++ b/home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -3,8 +3,12 @@ server { include /etc/nginx/includes/server_params.conf; include /etc/nginx/includes/ssl_params.conf; + include /etc/nginx/includes/proxy_params.conf; - ssl on; ssl_certificate /ssl/%%certfile%%; ssl_certificate_key /ssl/%%keyfile%%; + + location / { + proxy_pass http://backend; + } } diff --git a/home-panel/rootfs/etc/nginx/servers/direct.disabled b/home-panel/rootfs/etc/nginx/servers/direct.disabled index b332dff..db08519 100644 --- a/home-panel/rootfs/etc/nginx/servers/direct.disabled +++ b/home-panel/rootfs/etc/nginx/servers/direct.disabled @@ -2,4 +2,9 @@ server { listen 80 default_server; include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + location / { + proxy_pass http://backend; + } } diff --git a/home-panel/rootfs/etc/nginx/servers/ingress.conf b/home-panel/rootfs/etc/nginx/servers/ingress.conf new file mode 100644 index 0000000..d655706 --- /dev/null +++ b/home-panel/rootfs/etc/nginx/servers/ingress.conf @@ -0,0 +1,13 @@ +server { + listen %%interface%%:%%port%% default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + location / { + allow 172.30.32.2; + deny all; + + proxy_pass http://backend; + } +} diff --git a/home-panel/rootfs/etc/services.d/api/run b/home-panel/rootfs/etc/services.d/api/run deleted file mode 100644 index 368ed5e..0000000 --- a/home-panel/rootfs/etc/services.d/api/run +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/with-contenv bashio -# ============================================================================== -# Community Hass.io Add-ons: Home Panel -# Starts server to serve the API -# ============================================================================== -bashio::log.info "Run API.." - -cd /opt/api \ - || bashio::exit.nok "Could not change into API directory" - -LOG_LEVEL=$(bashio::config 'log_level') - -if bashio::config.true 'ssl'; then - SSL_PATH_CERT="/ssl/$(bashio::config 'certfile')" - SSL_PATH_KEY="/ssl/$(bashio::config 'keyfile')" -fi - -export LOG_LEVEL -export SSL_PATH_CERT -export SSL_PATH_KEY - -exec node src/ diff --git a/home-panel/rootfs/etc/services.d/api/finish b/home-panel/rootfs/etc/services.d/home-panel/finish similarity index 100% rename from home-panel/rootfs/etc/services.d/api/finish rename to home-panel/rootfs/etc/services.d/home-panel/finish diff --git a/home-panel/rootfs/etc/services.d/home-panel/run b/home-panel/rootfs/etc/services.d/home-panel/run new file mode 100644 index 0000000..038868e --- /dev/null +++ b/home-panel/rootfs/etc/services.d/home-panel/run @@ -0,0 +1,19 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Community Hass.io Add-ons: Home Panel +# Starts server to serve the app +# ============================================================================== +bashio::log.info "Run Home Panel.." + +cd /opt/panel \ + || bashio::exit.nok "Could not change into app directory" + +LOG_LEVEL=$(bashio::config 'log_level') +SSL_SUPPRESS_WARNING="true" +SUPPRESS_ADDRESS="true" + +export LOG_LEVEL +export SSL_SUPPRESS_WARNING +export SUPPRESS_ADDRESS + +exec node src/ diff --git a/home-panel/rootfs/etc/services.d/nginx/finish b/home-panel/rootfs/etc/services.d/nginx/finish index 57fddf2..3d87d54 100644 --- a/home-panel/rootfs/etc/services.d/nginx/finish +++ b/home-panel/rootfs/etc/services.d/nginx/finish @@ -1,7 +1,7 @@ #!/usr/bin/execlineb -S0 # ============================================================================== # Community Hass.io Add-ons: Home Panel -# Take down the S6 supervision tree when NGINX fails +# Take down the S6 supervision tree when Nginx fails # ============================================================================== if -n { s6-test $# -ne 0 } if -n { s6-test ${1} -eq 256 } diff --git a/home-panel/rootfs/etc/services.d/nginx/run b/home-panel/rootfs/etc/services.d/nginx/run index 5f7e5ec..ed93676 100644 --- a/home-panel/rootfs/etc/services.d/nginx/run +++ b/home-panel/rootfs/etc/services.d/nginx/run @@ -1,15 +1,12 @@ #!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: Home Panel -# Runs the NGINX daemon +# Runs the Nginx daemon # ============================================================================== -# Wait for the API to start -bashio::net.wait_for 3234 -# Disable HA Authentication if front door is open -if bashio::config.true 'leave_front_door_open'; then - export DISABLE_HA_AUTHENTICATION=true -fi +# Wait for Home Panel to become available +bashio::net.wait_for 8234 + +bashio::log.info "Starting NGinx..." -bashio::log.info "Starting NGINX..." exec nginx