2020-10-05 23:05:58 +02:00
|
|
|
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
|
|
|
location __PATH__/ {
|
|
|
|
|
2020-12-05 23:08:32 +01:00
|
|
|
#Settings for main domoticz interface via web browser
|
2020-11-29 12:00:20 +01:00
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_read_timeout 90;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded_Proto $scheme;
|
|
|
|
proxy_set_header X-Scheme $scheme;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
|
2020-10-05 23:05:58 +02:00
|
|
|
proxy_pass http://localhost:__PORT__/;
|
|
|
|
proxy_set_header Host $host;
|
2021-01-17 19:02:59 +01:00
|
|
|
#Allow upload until 10M to upload floorplan
|
|
|
|
client_max_body_size 10M;
|
|
|
|
|
2020-10-05 23:05:58 +02:00
|
|
|
|
|
|
|
|
|
|
|
# Force usage of https
|
|
|
|
if ($scheme = http) {
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Include SSOWAT user panel.
|
|
|
|
include conf.d/yunohost_panel.conf.inc;
|
2020-12-05 23:08:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
|
2020-12-06 15:46:57 +01:00
|
|
|
location __API_PATH__/ {
|
2020-12-05 23:08:32 +01:00
|
|
|
#Alternative path for api, only authorized json command will be accepted
|
|
|
|
|
|
|
|
#allow only local network on IPv4
|
|
|
|
allow 192.168.0.0/16;
|
|
|
|
#allow all address in IPv6 => how to filter?
|
|
|
|
allow ::/1;
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_read_timeout 90;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded_Proto $scheme;
|
|
|
|
proxy_set_header X-Scheme $scheme;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
|
|
|
|
proxy_pass http://localhost:__PORT__/;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
|
|
|
set $api "0";
|
|
|
|
|
|
|
|
#set the list of authorized json command here in regex format
|
|
|
|
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
|
|
|
|
#By default, sensors updates and toggle switch are authorized
|
|
|
|
if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
|
|
|
|
set $api "1";
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($api = 0) {
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Force usage of https
|
|
|
|
if ($scheme = http) {
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
}
|
|
|
|
|
2020-10-05 23:05:58 +02:00
|
|
|
}
|