1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/domoticz_ynh.git synced 2024-09-03 18:26:17 +02:00
domoticz_ynh/conf/nginx.conf

71 lines
2.1 KiB
Nginx Configuration File
Raw Normal View History

2020-10-05 23:05:58 +02:00
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
2020-12-05 23:08:32 +01:00
#Settings for main domoticz interface via web browser
2020-11-29 12:00:20 +01:00
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
more_set_headers "X-Frame-Options: SAMEORIGIN";
2020-10-05 23:05:58 +02:00
proxy_pass http://localhost:__PORT__/;
proxy_set_header Host $host;
2021-01-17 19:02:59 +01:00
#Allow upload until 10M to upload floorplan
client_max_body_size 10M;
2020-10-05 23:05:58 +02:00
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
2020-12-05 23:08:32 +01:00
}
#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
2020-12-06 15:46:57 +01:00
location __API_PATH__/ {
2020-12-05 23:08:32 +01:00
#Alternative path for api, only authorized json command will be accepted
#allow only local network on IPv4
allow 192.168.0.0/16;
#allow all address in IPv6 => how to filter?
allow ::/1;
deny all;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
more_set_headers "X-Frame-Options: SAMEORIGIN";
proxy_pass http://localhost:__PORT__/;
proxy_set_header Host $host;
set $api "0";
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
if ($api = 0) {
return 403;
}
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
2020-10-05 23:05:58 +02:00
}