Split nginx config file

conf/api_nginx.conf

@@ -0,0 +1,37 @@
+#This part should be split in a second file to not be overwritten
+#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
+location __API_PATH__/ {
+  #Alternative path for api, only authorized json command will be accepted
+
+  #allow only local network on IPv4
+  allow 192.168.0.0/16;
+  #allow all address in IPv6 => how to filter?
+  allow ::/1;
+  deny all;
+
+  proxy_http_version 1.1;
+  proxy_read_timeout 90;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded_Proto $scheme;
+  proxy_set_header X-Scheme $scheme;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $connection_upgrade;
+  more_set_headers "X-Frame-Options: SAMEORIGIN";
+  proxy_pass http://localhost:__PORT__/;
+  proxy_set_header Host $host;
+  
+  set $api "0";
+  
+  #set the list of authorized json command here in regex format
+  #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
+  #By default, sensors updates and toggle switch are authorized
+  if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
+    set $api "1";
+  }
+
+  if ($api = 0) {
+    return 403;
+  }
+
+}

conf/nginx.conf

@@ -18,42 +18,4 @@ location __PATH__/ {
   
   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;
-}
+}
-
-#This part should be split in a second file to not be overwritten
-#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
-location __API_PATH__/ {
-  #Alternative path for api, only authorized json command will be accepted
-
-  #allow only local network on IPv4
-  allow 192.168.0.0/16;
-  #allow all address in IPv6 => how to filter?
-  allow ::/1;
-  deny all;
-
-  proxy_http_version 1.1;
-  proxy_read_timeout 90;
-  proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded_Proto $scheme;
-  proxy_set_header X-Scheme $scheme;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection $connection_upgrade;
-  more_set_headers "X-Frame-Options: SAMEORIGIN";
-  proxy_pass http://localhost:__PORT__/;
-  proxy_set_header Host $host;
-  
-  set $api "0";
-  
-  #set the list of authorized json command here in regex format
-  #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
-  #By default, sensors updates and toggle switch are authorized
-  if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
-    set $api "1";
-  }
-
-  if ($api = 0) {
-    return 403;
-  }
-
-}

manifest.json

@@ -6,7 +6,7 @@
         "en": "Very light weight open sources home automation system that lets you monitor and configure miscellaneous devices",
         "fr": "Logiciel open sources et gratuit de domotique qui vous permet de configurer un grand nombre d'appareils"
     },
-    "version": "2020.2~ynh6",
+    "version": "2020.2~ynh7",
     "url": "https://www.domoticz.com",
     "upstream": {
         "license": "GPL-3.0-or-later",

scripts/backup

@@ -47,6 +47,7 @@ ynh_backup --src_path="$final_path"
 #=================================================
 
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/api_"$app".conf"
 [[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf"  --not_mandatory
 
 #=================================================

scripts/install

@@ -182,6 +182,7 @@ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/co
 yunohost tools regen-conf nginx
 
 # Create a dedicated NGINX config
+ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
 ynh_add_nginx_config
 
 

scripts/remove

@@ -84,6 +84,7 @@ yunohost tools regen-conf postfix
 # Remove the dedicated NGINX config
 [[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
 
+ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
 ynh_remove_nginx_config
 
 #=================================================

scripts/restore

@@ -56,6 +56,7 @@ test "$backup_mach" = "$mach" \
 ynh_script_progression --message="Restoring the NGINX web server configuration..."
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+ynh_restore_file --origin_path="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory
 
 #=================================================

scripts/upgrade

@@ -234,6 +234,12 @@ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/co
 yunohost tools regen-conf nginx
 
 # Create a dedicated NGINX config
+if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] 
+then 
+	ynh_print_warn --message="The nginx conf file will now be splitted between standard and api related path"
+	ynh_print_warn --message="Report any manual changes on the new /etc/nginx/conf.d/$domain.d/api_$app.conf file for json command to keep working"
+fi
+ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
 ynh_add_nginx_config
 
 #=================================================

sources/hooks/conf_regen/95-nginx_domoticz

@@ -16,7 +16,7 @@ nginx_mqtt="$nginx_conf"/conf.d/"$mqtt_domain".conf
 [[ -e $nginx_mqtt ]] || exit 0
 
 
-if [[ "$mqtt_domain" != "domain" ]]; then
+if [[ "$mqtt_domain" != "$domain" ]]; then
 #single quote pour ne pas étendre les variables du fichier de config nginx et doubles quote pour les variables à étendre
         sed -i '/map $http_upgrade $connection_upgrade {/i upstream '"${mqtt_domain}"' {\n  server localhost:'"${mqtt_port}"';\n}\n' $nginx_mqtt
 fi