YunoHost-Apps/domoticz_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/domoticz_ynh.git synced 2024-09-03 18:26:17 +02:00
Code Issues Activity Actions

use include instead of full file

Browse source
This commit is contained in:
Krakinou 2022-12-13 23:19:57 +01:00
parent 806525ab3f
commit c7ba12573a
2 changed files with 41 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
conf/api_nginx.conf
View file

@ -1,37 +1,6 @@
#This part should be split in a second file to not be overwritten
#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
location __API_PATH__/ {
#Alternative path for api, only authorized json command will be accepted
#allow only local network on IPv4
allow 192.168.0.0/16;
#allow all address in IPv6 => how to filter?
allow ::/1;
deny all;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
more_set_headers "X-Frame-Options: SAMEORIGIN";
proxy_pass http://localhost:__PORT__/;
proxy_set_header Host $host;
set $api "0";
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
if ($api = 0) {
return 403;
}
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}

34
conf/nginx.conf
View file

@ -19,3 +19,37 @@ location __PATH__/ {
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
#sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent;
location __API_PATH__/ {
#Alternative path for api, only authorized json command will be accepted
#allow only local network on IPv4
allow 192.168.0.0/16;
#allow all address in IPv6 => how to filter?
allow ::/1;
deny all;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
more_set_headers "X-Frame-Options: SAMEORIGIN";
proxy_pass http://localhost:__PORT__/;
proxy_set_header Host $host;
set $api "0";
include /etc/nginx/conf.d/__DOMAIN__.d/api___APP__.conf;
if ($api = 0) {
return 403;
}
}