From 195fe0765497982dc2e40d952f81819ecb3f5cbb Mon Sep 17 00:00:00 2001 From: Krakinou Date: Tue, 13 Dec 2022 22:55:38 +0100 Subject: [PATCH 1/9] Split nginx config file --- conf/api_nginx.conf | 37 ++++++++++++++++++++ conf/nginx.conf | 40 +--------------------- manifest.json | 2 +- scripts/backup | 1 + scripts/install | 1 + scripts/remove | 1 + scripts/restore | 1 + scripts/upgrade | 6 ++++ sources/hooks/conf_regen/95-nginx_domoticz | 2 +- 9 files changed, 50 insertions(+), 41 deletions(-) create mode 100644 conf/api_nginx.conf diff --git a/conf/api_nginx.conf b/conf/api_nginx.conf new file mode 100644 index 0000000..9c9e2a5 --- /dev/null +++ b/conf/api_nginx.conf @@ -0,0 +1,37 @@ +#This part should be split in a second file to not be overwritten +#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent; +location __API_PATH__/ { + #Alternative path for api, only authorized json command will be accepted + + #allow only local network on IPv4 + allow 192.168.0.0/16; + #allow all address in IPv6 => how to filter? + allow ::/1; + deny all; + + proxy_http_version 1.1; + proxy_read_timeout 90; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + proxy_set_header X-Scheme $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + proxy_pass http://localhost:__PORT__/; + proxy_set_header Host $host; + + set $api "0"; + + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; + } + + if ($api = 0) { + return 403; + } + +} diff --git a/conf/nginx.conf b/conf/nginx.conf index 92230a1..6a1d7db 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,42 +18,4 @@ location __PATH__/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} - -#This part should be split in a second file to not be overwritten -#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent; -location __API_PATH__/ { - #Alternative path for api, only authorized json command will be accepted - - #allow only local network on IPv4 - allow 192.168.0.0/16; - #allow all address in IPv6 => how to filter? - allow ::/1; - deny all; - - proxy_http_version 1.1; - proxy_read_timeout 90; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded_Proto $scheme; - proxy_set_header X-Scheme $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - more_set_headers "X-Frame-Options: SAMEORIGIN"; - proxy_pass http://localhost:__PORT__/; - proxy_set_header Host $host; - - set $api "0"; - - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } - - if ($api = 0) { - return 403; - } - -} +} \ No newline at end of file diff --git a/manifest.json b/manifest.json index b9a0866..eb0337d 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Very light weight open sources home automation system that lets you monitor and configure miscellaneous devices", "fr": "Logiciel open sources et gratuit de domotique qui vous permet de configurer un grand nombre d'appareils" }, - "version": "2020.2~ynh6", + "version": "2020.2~ynh7", "url": "https://www.domoticz.com", "upstream": { "license": "GPL-3.0-or-later", diff --git a/scripts/backup b/scripts/backup index ffa3451..ff2c423 100755 --- a/scripts/backup +++ b/scripts/backup @@ -47,6 +47,7 @@ ynh_backup --src_path="$final_path" #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/api_"$app".conf" [[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory #================================================= diff --git a/scripts/install b/scripts/install index ee581cb..23e8a5f 100755 --- a/scripts/install +++ b/scripts/install @@ -182,6 +182,7 @@ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/co yunohost tools regen-conf nginx # Create a dedicated NGINX config +ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_add_nginx_config diff --git a/scripts/remove b/scripts/remove index 1d25cb4..9304492 100755 --- a/scripts/remove +++ b/scripts/remove @@ -84,6 +84,7 @@ yunohost tools regen-conf postfix # Remove the dedicated NGINX config [[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" +ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_remove_nginx_config #================================================= diff --git a/scripts/restore b/scripts/restore index 7928f08..d6e51db 100755 --- a/scripts/restore +++ b/scripts/restore @@ -56,6 +56,7 @@ test "$backup_mach" = "$mach" \ ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 754e482..56df06e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -234,6 +234,12 @@ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/co yunohost tools regen-conf nginx # Create a dedicated NGINX config +if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] +then + ynh_print_warn --message="The nginx conf file will now be splitted between standard and api related path" + ynh_print_warn --message="Report any manual changes on the new /etc/nginx/conf.d/$domain.d/api_$app.conf file for json command to keep working" +fi +ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_add_nginx_config #================================================= diff --git a/sources/hooks/conf_regen/95-nginx_domoticz b/sources/hooks/conf_regen/95-nginx_domoticz index 72fb234..d037d49 100644 --- a/sources/hooks/conf_regen/95-nginx_domoticz +++ b/sources/hooks/conf_regen/95-nginx_domoticz @@ -16,7 +16,7 @@ nginx_mqtt="$nginx_conf"/conf.d/"$mqtt_domain".conf [[ -e $nginx_mqtt ]] || exit 0 -if [[ "$mqtt_domain" != "domain" ]]; then +if [[ "$mqtt_domain" != "$domain" ]]; then #single quote pour ne pas étendre les variables du fichier de config nginx et doubles quote pour les variables à étendre sed -i '/map $http_upgrade $connection_upgrade {/i upstream '"${mqtt_domain}"' {\n server localhost:'"${mqtt_port}"';\n}\n' $nginx_mqtt fi From bba7cff89a61cd1dd8c96d7376eb09d61d34f02b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 13 Dec 2022 21:55:42 +0000 Subject: [PATCH 2/9] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 33b6c9d..cc7943b 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ allow ::/1; This will authorized only IPv4 within local network to access your domoticz API. You may add individual IPv6 address in the same way. -**Shipped version:** 2020.2~ynh6 +**Shipped version:** 2020.2~ynh7 ## Disclaimers / important information diff --git a/README_fr.md b/README_fr.md index 16e6bf4..da14431 100644 --- a/README_fr.md +++ b/README_fr.md @@ -129,7 +129,7 @@ Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz Vous pouvez ajouter des adresses IPv6 de la même façon. -**Version incluse :** 2020.2~ynh6 +**Version incluse :** 2020.2~ynh7 ## Avertissements / informations importantes From 806525ab3fc4e605a1032470b4e426562cb6cd69 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Tue, 13 Dec 2022 22:58:38 +0100 Subject: [PATCH 3/9] Add api nginx file only if not existing --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 56df06e..f2c0390 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -238,8 +238,8 @@ if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] then ynh_print_warn --message="The nginx conf file will now be splitted between standard and api related path" ynh_print_warn --message="Report any manual changes on the new /etc/nginx/conf.d/$domain.d/api_$app.conf file for json command to keep working" + ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" fi -ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_add_nginx_config #================================================= From c7ba12573a53d21867d01a6d8c6f3733af22aebe Mon Sep 17 00:00:00 2001 From: Krakinou Date: Tue, 13 Dec 2022 23:19:57 +0100 Subject: [PATCH 4/9] use include instead of full file --- conf/api_nginx.conf | 43 ++++++------------------------------------- conf/nginx.conf | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/conf/api_nginx.conf b/conf/api_nginx.conf index 9c9e2a5..9ba552d 100644 --- a/conf/api_nginx.conf +++ b/conf/api_nginx.conf @@ -1,37 +1,6 @@ -#This part should be split in a second file to not be overwritten -#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent; -location __API_PATH__/ { - #Alternative path for api, only authorized json command will be accepted - - #allow only local network on IPv4 - allow 192.168.0.0/16; - #allow all address in IPv6 => how to filter? - allow ::/1; - deny all; - - proxy_http_version 1.1; - proxy_read_timeout 90; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded_Proto $scheme; - proxy_set_header X-Scheme $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - more_set_headers "X-Frame-Options: SAMEORIGIN"; - proxy_pass http://localhost:__PORT__/; - proxy_set_header Host $host; - - set $api "0"; - - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } - - if ($api = 0) { - return 403; - } - -} +#set the list of authorized json command here in regex format +#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's +#By default, sensors updates and toggle switch are authorized +if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; +} \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 6a1d7db..3fe815b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,4 +18,38 @@ location __PATH__/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +} + + +#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent; +location __API_PATH__/ { + #Alternative path for api, only authorized json command will be accepted + + #allow only local network on IPv4 + allow 192.168.0.0/16; + #allow all address in IPv6 => how to filter? + allow ::/1; + deny all; + + proxy_http_version 1.1; + proxy_read_timeout 90; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + proxy_set_header X-Scheme $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + proxy_pass http://localhost:__PORT__/; + proxy_set_header Host $host; + + set $api "0"; + + include /etc/nginx/conf.d/__DOMAIN__.d/api___APP__.conf; + + if ($api = 0) { + return 403; + } + +} + \ No newline at end of file From e5a9bb4727236590bc9781e4f03f629f7fd1c9ad Mon Sep 17 00:00:00 2001 From: Krakinou Date: Fri, 16 Dec 2022 00:18:36 +0100 Subject: [PATCH 5/9] Add api_$app.conf --- scripts/change_url | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/change_url b/scripts/change_url index 970f43f..ec2d106 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -87,6 +87,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +nginx_api_conf_path=/etc/nginx/conf.d/$domain.d/api_$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] @@ -107,8 +108,10 @@ then # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + mv nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/api_$app.conf" fi #================================================= From 193618d5dd95757c8cb88fd2bd951398175334fc Mon Sep 17 00:00:00 2001 From: Krakinou Date: Fri, 16 Dec 2022 00:20:33 +0100 Subject: [PATCH 6/9] Fix linter warning --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index eb0337d..0d54f75 100644 --- a/manifest.json +++ b/manifest.json @@ -22,7 +22,7 @@ "email": "misterl56@hotmail.com" }, "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 11.0.0" }, "multi_instance": false, "services": [ From 42ca3528e5ec0e4b9449045c756db1f476c405fb Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sat, 17 Dec 2022 11:12:04 +0100 Subject: [PATCH 7/9] Update scripts/change_url Co-authored-by: Tagada <36127788+Tagadda@users.noreply.github.com> --- scripts/change_url | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index ec2d106..2c9d891 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -87,7 +87,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -nginx_api_conf_path=/etc/nginx/conf.d/$domain.d/api_$app.conf +nginx_api_conf_path=/etc/nginx/conf.d/$old_domain.d/api_$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] From f393cf404538847340dc709da717539110dff6b2 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sat, 17 Dec 2022 16:46:44 +0100 Subject: [PATCH 8/9] f%#{%*&! typo --- scripts/change_url | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index ec2d106..c513580 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -108,7 +108,7 @@ then # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - mv nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf + mv $nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/api_$app.conf" From e0899cd4732f13d98f49fd5d77ca285e70ed5905 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sat, 17 Dec 2022 21:56:42 +0100 Subject: [PATCH 9/9] replace include --- scripts/change_url | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/change_url b/scripts/change_url index 840a656..10691c2 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -108,6 +108,7 @@ then # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + ynh_replace_string --match_string="/etc/nginx/conf.d/$old_domain.d/" --replace_string="/etc/nginx/conf.d/$new_domain.d/" --target_file="/etc/nginx/conf.d/$new_domain.d/$app.conf" mv $nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"