Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dont force ssl redirects for ngnix_proxy #73

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Dont force ssl redirects for ngnix_proxy #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
041b3ee
Return HTTP code 301 only if ssl_only is not set
keneanung Jun 4, 2018
0faa81c
Add option ssl_only to config schema
keneanung Jun 4, 2018
3856373
Document keep_http_enabled setting
keneanung Jun 4, 2018
e07b64f
Rename option ssl_only to keep_http_enabled
keneanung Jun 4, 2018
881a8c0
Rename ssl_only to keep_http_enabled
keneanung Jun 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion nginx_proxy/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,17 @@ for
on how to format the value.

#### certname (str)
If not set, only http is proxified. If set, the template used for the vhosts force https.
If not set, only http is proxified. If set and `keep_http_enabled` is not set to `true`, https is forced.

The key and certchain must be located in
`/ssl/letsencrypt/live/${certname}/privkey.pem` and `/ssl/letsencrypt/live/${certname}/fullchain.pem`. A solution to obtain them is to used the [certbot addon](https://github.com/bestlibre/hassio-addons/tree/master/certbot).

#### ssl_modern (bool)
If certname is set, you can set this parameter to switch betwwen ssl profils. The profile are the ones defined by the [mozilla ssl config generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/). Use the [modern one](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility) is set to `true`, the [intermediate one](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) is set to `false`or not set.

#### keep_http_enabled (bool)
If certname is set, this option allows you to keep accepting http connections by setting this to `true`. Leaving the option out or setting it to `false` will redirect HTTP requests to the HTTPS equivalent.

## Usage exemple
I proxyfy 4 services, 3 local to the pi, one on another host. My configs, for 4 subdomains, with two different certs (one for each physical hosts) are :

Expand Down
5 changes: 3 additions & 2 deletions nginx_proxy/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "Nginx Proxy",
"version": "0.1.10",
"version": "0.2.0",
"slug": "nginx_proxy",
"description": "Nginx Proxy for multiple VHOSTS",
"url": "https://github.com/bestlibre/hassio-addons/tree/master/nginx_proxy",
Expand All @@ -23,7 +23,8 @@
"certname": "str?",
"ssl_modern": "bool?",
"auth": "str?",
"max_body_size": "str?"
"max_body_size": "str?",
"keep_http_enabled": "bool?"
}
]
},
Expand Down
2 changes: 2 additions & 0 deletions nginx_proxy/vhost.mustache
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ server {
root /ssl/wk/;
}
{{#certname}}
{{^keep_http_enabled}}

location / {
return 301 https://$host$request_uri;
}
{{/keep_http_enabled}}
}

server {
Expand Down