75 lines
2.3 KiB
Django/Jinja
75 lines
2.3 KiB
Django/Jinja
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
#default $http_connection;
|
|
'' close;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
{% if inventory_hostname in wg_clients -%}
|
|
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
|
{% endif -%}
|
|
|
|
include /etc/nginx/authelia_internal.conf;
|
|
include listen-proxy-protocol.conf;
|
|
include /etc/nginx/sudo-known.conf;
|
|
|
|
server_name {{ hass_url }};
|
|
|
|
location / {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_pass http://127.0.0.1:8123;
|
|
}
|
|
|
|
location = {{ nginx_zwavejs_path }} {
|
|
# zwavejs needs to be accessed with a trailing / to respond.
|
|
#
|
|
# temporary redirects dont get remembered by the browser
|
|
# and redirect issues are no fun
|
|
return 302 https://{{ hass_url }}{{ nginx_zwavejs_path }}/;
|
|
}
|
|
|
|
location {{ nginx_zwavejs_path }} {
|
|
#add_header Access-Control-Allow-Origin "*" always;
|
|
# kill cache
|
|
add_header Last-Modified $date_gmt always;
|
|
add_header Cache-Control 'no-store' always;
|
|
if_modified_since off;
|
|
expires off;
|
|
etag off;
|
|
|
|
include /etc/nginx/require_auth.conf;
|
|
|
|
rewrite ^ $request_uri;
|
|
rewrite '^{{ nginx_zwavejs_path }}(/.*)$' $1 break;
|
|
|
|
proxy_set_header X-External-Path {{ nginx_zwavejs_path }};
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
#proxy_socket_keepalive on;
|
|
|
|
proxy_pass http://{{ bridgewithdns.zwavejs }}:8091$uri;
|
|
#proxy_pass http://{{ bridgewithdns.zwavejs }}:8091;
|
|
# for the special dashboard
|
|
# https://zwave-js.github.io/zwave-js-ui/#/usage/reverse-proxy?id=using-an-http-header
|
|
# proxy_set_header X-External-Path $http_x_ingress_path;
|
|
}
|
|
|
|
access_log /var/log/nginx/access_{{ hass_url }}.log main;
|
|
error_log /var/log/nginx/error_{{ hass_url }}.log warn;
|
|
|
|
ssl_session_timeout 5m;
|
|
ssl_certificate /usr/local/etc/certs/{{ hass_url }}/fullchain.pem;
|
|
ssl_certificate_key /usr/local/etc/certs/{{ hass_url }}/privkey.pem;
|
|
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|