#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { #Settings for main domoticz interface via web browser proxy_http_version 1.1; proxy_read_timeout 90; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded_Proto $scheme; proxy_set_header X-Scheme $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; more_set_headers "X-Frame-Options: SAMEORIGIN"; proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; #Allow upload until 10M to upload floorplan client_max_body_size 10M; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } #This part should be split in a second file to not be overwritten #sub_path_only rewrite ^api___PATH__$ api___PATH__/ permanent; location __API_PATH__/ { #Alternative path for api, only authorized json command will be accepted #allow only local network on IPv4 allow 192.168.0.0/16; #allow all address in IPv6 => how to filter? allow ::/1; deny all; proxy_http_version 1.1; proxy_read_timeout 90; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded_Proto $scheme; proxy_set_header X-Scheme $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; more_set_headers "X-Frame-Options: SAMEORIGIN"; proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; set $api "0"; #set the list of authorized json command here in regex format #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's #By default, sensors updates and toggle switch are authorized if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { set $api "1"; } if ($api = 0) { return 403; } }