From 041b3eeb4df5b20da0424b945747abdfa79e1446 Mon Sep 17 00:00:00 2001 From: keneanung Date: Mon, 4 Jun 2018 16:59:06 +0200 Subject: [PATCH 1/5] Return HTTP code 301 only if ssl_only is not set --- nginx_proxy/vhost.mustache | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx_proxy/vhost.mustache b/nginx_proxy/vhost.mustache index 5b6d965..b147a02 100644 --- a/nginx_proxy/vhost.mustache +++ b/nginx_proxy/vhost.mustache @@ -10,10 +10,12 @@ server { root /ssl/wk/; } {{#certname}} +{{^ssl_only}} location / { return 301 https://$host$request_uri; } +{{/ssl_only}} } server { From 0faa81ccb7bc100eb8255e29517f23c5eb2469c2 Mon Sep 17 00:00:00 2001 From: keneanung Date: Mon, 4 Jun 2018 17:00:32 +0200 Subject: [PATCH 2/5] Add option ssl_only to config schema --- nginx_proxy/config.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nginx_proxy/config.json b/nginx_proxy/config.json index 2452273..6db5e79 100644 --- a/nginx_proxy/config.json +++ b/nginx_proxy/config.json @@ -1,6 +1,6 @@ { "name": "Nginx Proxy", - "version": "0.1.10", + "version": "0.2.0", "slug": "nginx_proxy", "description": "Nginx Proxy for multiple VHOSTS", "url": "https://github.com/bestlibre/hassio-addons/tree/master/nginx_proxy", @@ -23,7 +23,8 @@ "certname": "str?", "ssl_modern": "bool?", "auth": "str?", - "max_body_size": "str?" + "max_body_size": "str?", + "ssl_only": "bool?" } ] }, From 3856373999bea353a3c8464f08dbaa7c975924c5 Mon Sep 17 00:00:00 2001 From: keneanung Date: Mon, 4 Jun 2018 17:07:28 +0200 Subject: [PATCH 3/5] Document keep_http_enabled setting --- nginx_proxy/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nginx_proxy/README.md b/nginx_proxy/README.md index abda440..6b4a97c 100644 --- a/nginx_proxy/README.md +++ b/nginx_proxy/README.md @@ -35,7 +35,7 @@ for on how to format the value. #### certname (str) -If not set, only http is proxified. If set, the template used for the vhosts force https. +If not set, only http is proxified. If set and `keep_http_enabled` is not set to `true`, https is forced. The key and certchain must be located in `/ssl/letsencrypt/live/${certname}/privkey.pem` and `/ssl/letsencrypt/live/${certname}/fullchain.pem`. A solution to obtain them is to used the [certbot addon](https://github.com/bestlibre/hassio-addons/tree/master/certbot). @@ -43,6 +43,9 @@ The key and certchain must be located in #### ssl_modern (bool) If certname is set, you can set this parameter to switch betwwen ssl profils. The profile are the ones defined by the [mozilla ssl config generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/). Use the [modern one](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility) is set to `true`, the [intermediate one](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) is set to `false`or not set. +#### keep_http_enabled (bool) +If certname is set, this option allows you to keep accepting http connections by setting this to `true`. Leaving the option out or setting it to `false` will redirect HTTP requests to the HTTPS equivalent. + ## Usage exemple I proxyfy 4 services, 3 local to the pi, one on another host. My configs, for 4 subdomains, with two different certs (one for each physical hosts) are : From e07b64f2a2b8295453b823d66b5b895e4c794b1d Mon Sep 17 00:00:00 2001 From: keneanung Date: Mon, 4 Jun 2018 17:07:59 +0200 Subject: [PATCH 4/5] Rename option ssl_only to keep_http_enabled --- nginx_proxy/vhost.mustache | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx_proxy/vhost.mustache b/nginx_proxy/vhost.mustache index b147a02..1ee3069 100644 --- a/nginx_proxy/vhost.mustache +++ b/nginx_proxy/vhost.mustache @@ -10,12 +10,12 @@ server { root /ssl/wk/; } {{#certname}} -{{^ssl_only}} +{{^keep_http_enabled}} location / { return 301 https://$host$request_uri; } -{{/ssl_only}} +{{/keep_http_enabled}} } server { From 881a8c003e0ced1c87fc5b94c7becf3525bac257 Mon Sep 17 00:00:00 2001 From: keneanung Date: Mon, 4 Jun 2018 17:08:25 +0200 Subject: [PATCH 5/5] Rename ssl_only to keep_http_enabled --- nginx_proxy/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx_proxy/config.json b/nginx_proxy/config.json index 6db5e79..cc9394d 100644 --- a/nginx_proxy/config.json +++ b/nginx_proxy/config.json @@ -24,7 +24,7 @@ "ssl_modern": "bool?", "auth": "str?", "max_body_size": "str?", - "ssl_only": "bool?" + "keep_http_enabled": "bool?" } ] },