124 lines
3.8 KiB
Django/Jinja
124 lines
3.8 KiB
Django/Jinja
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
#default $http_connection;
|
|
'' close;
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
{% if inventory_hostname in wg_clients -%}
|
|
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
|
{% endif -%}
|
|
{% if nginx_http2 -%}
|
|
http2 on;
|
|
{% else -%}
|
|
http2 off;
|
|
{% endif %}
|
|
|
|
# include listen-proxy-protocol.conf;
|
|
include /etc/nginx/authelia_internal.conf;
|
|
include /etc/nginx/sudo-known.conf;
|
|
include /etc/nginx/sec.conf;
|
|
|
|
server_name {{ zwavejs_url }};
|
|
|
|
location / {
|
|
include /etc/nginx/require_auth.conf;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# nuke cache
|
|
add_header Last-Modified $date_gmt always;
|
|
add_header Cache-Control 'no-store' always;
|
|
if_modified_since off;
|
|
expires off;
|
|
etag off;
|
|
|
|
# nuke the service worker cache
|
|
# sub_filter '.js' '.js?id=$request_id';
|
|
# sub_filter_types '*';
|
|
# sub_filter_once off;
|
|
if ($is_args = '') {
|
|
rewrite ^(.*).js$ "$1.js?id=$request_id" redirect;
|
|
}
|
|
|
|
## for the special dashboard
|
|
## https://zwave-js.github.io/zwave-js-ui/#/usage/reverse-proxy?id=using-an-http-header
|
|
#proxy_set_header X-External-Path "/";
|
|
proxy_set_header X-External-Path $http_x_ingress_path;
|
|
|
|
proxy_pass http://{{ bridgewithdns.zwavejs }}:8091;
|
|
|
|
add_header "zwave" "true";
|
|
}
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
{% if hass_zigbee_enabled -%}
|
|
location /_zigbee/ {
|
|
# redirect to {{ hass_zigbee }}
|
|
rewrite ^/_zigbee/(.*)$ /_{{ hass_zigbee }}/$1 redirect;
|
|
}
|
|
|
|
location /_zigbee2mqtt/ {
|
|
include /etc/nginx/require_auth.conf;
|
|
|
|
sub_filter '/assets/' '/_zigbee2mqtt/assets/';
|
|
sub_filter '/static/' '/_zigbee2mqtt/static/';
|
|
sub_filter '.js">' '.js?id=$request_id">';
|
|
#sub_filter_types '*';
|
|
sub_filter_once off;
|
|
|
|
#rewrite ^/_zigbee2mqtt(/.*)$ $1 last;
|
|
|
|
proxy_redirect https://$host/ https://$host/_zigbee2mqtt/;
|
|
proxy_pass http://{{ bridgewithdns.hass_zigbee2mqtt }}:8633/;
|
|
|
|
location /_zigbee2mqtt/api {
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://{{ bridgewithdns.hass_zigbee2mqtt }}:8633/api;
|
|
}
|
|
}
|
|
|
|
location /_deconz/ {
|
|
include /etc/nginx/require_auth.conf;
|
|
|
|
sub_filter '/pwa/' '/_deconz/pwa/';
|
|
sub_filter '/api/' '/_deconz/api/';
|
|
sub_filter_types '*';
|
|
sub_filter_once off;
|
|
|
|
{% set basic_cleartext_user = hass_deconz_user ~ ":" ~ hass_deconz_passwd -%}
|
|
{% set basic_cleartext = hass_deconz_passwd -%}
|
|
#proxy_set_header Authorization "Basic {{ basic_cleartext | b64encode }}";
|
|
#proxy_pass_header Authorization;
|
|
|
|
proxy_redirect https://$host/ https://$host/_deconz/;
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://{{ bridgewithdns.hass_deconz }}:8080/;
|
|
|
|
#location /_deconz/api/ {
|
|
# proxy_http_version 1.1;
|
|
# proxy_pass http://{{ bridgewithdns.hass_deconz }}:8080/api/;
|
|
#}
|
|
}
|
|
{% endif -%}
|
|
|
|
access_log /var/log/nginx/access_{{ zwavejs_url }}.log main;
|
|
error_log /var/log/nginx/error_{{ zwavejs_url }}.log warn;
|
|
|
|
ssl_session_timeout 5m;
|
|
ssl_certificate /usr/local/etc/certs/{{ domain }}/fullchain.pem;
|
|
ssl_certificate_key /usr/local/etc/certs/{{ domain }}/privkey.pem;
|
|
|
|
add_header X-Robots-Tag "none" always;
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|