✨ Add ingress support (#1)

* 🔨 Upgrade to base 3.1.0 * ✨ Add ingress, standardise config
hassio-addons · Apr 19, 2019 · 8025753 · 8025753
1 parent 578dfa3
commit 8025753
Show file tree

Hide file tree

Showing 21 changed files with 261 additions and 164 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -8,8 +8,8 @@ variables:
 
   ADDON_LEGACY_TAGS: "true"
 
-  ADDON_AARCH64_BASE: "hassioaddons/base-aarch64:3.0.0"
-  ADDON_AMD64_BASE: "hassioaddons/base-amd64:3.0.0"
-  ADDON_ARMHF_BASE: "hassioaddons/base-armhf:3.0.0"
-  ADDON_ARMV7_BASE: "hassioaddons/base-armv7:3.0.0"
-  ADDON_I386_BASE: "hassioaddons/base-i386:3.0.0"
+  ADDON_AARCH64_BASE: "hassioaddons/base-aarch64:3.1.0"
+  ADDON_AMD64_BASE: "hassioaddons/base-amd64:3.1.0"
+  ADDON_ARMHF_BASE: "hassioaddons/base-armhf:3.1.0"
+  ADDON_ARMV7_BASE: "hassioaddons/base-armv7:3.1.0"
+  ADDON_I386_BASE: "hassioaddons/base-i386:3.1.0"
diff --git a/thelounge/Dockerfile b/thelounge/Dockerfile
@@ -1,4 +1,4 @@
-ARG BUILD_FROM=hassioaddons/base:3.0.1
+ARG BUILD_FROM=hassioaddons/base:3.1.0
 # hadolint ignore=DL3006
 FROM ${BUILD_FROM}
 

diff --git a/thelounge/build.json b/thelounge/build.json
@@ -1,11 +1,11 @@
 {
     "args": {},
     "build_from": {
-        "aarch64": "hassioaddons/base-aarch64:3.0.1",
-        "amd64": "hassioaddons/base-amd64:3.0.1",
-        "armhf": "hassioaddons/base-armhf:3.0.1",
-        "armv7": "hassioaddons/base-armv7:3.0.1",
-        "i386": "hassioaddons/base-i386:3.0.1"
+        "aarch64": "hassioaddons/base-aarch64:3.1.0",
+        "amd64": "hassioaddons/base-amd64:3.1.0",
+        "armhf": "hassioaddons/base-armhf:3.1.0",
+        "armv7": "hassioaddons/base-armv7:3.1.0",
+        "i386": "hassioaddons/base-i386:3.1.0"
     },
     "squash": false
 }
diff --git a/thelounge/config.json b/thelounge/config.json
@@ -4,7 +4,6 @@
   "slug": "thelounge",
   "description": "A self-hosted web IRC client",
   "url": "https://github.com/hassio-addons/addon-thelounge",
-  "webui": "[PROTO:ssl]://[HOST]:[PORT:15100]",
   "startup": "application",
   "arch": [
     "aarch64",
@@ -20,19 +19,17 @@
   "homeassistant_api": true,
   "host_network": false,
   "ingress": true,
-  "ingress_port": 15102,
   "ports": {
-    "15100/tcp": 15100
+    "80/tcp": null
   },
   "ports_description": {
-    "15100/tcp": "The Lounge Web UI"
+    "80/tcp": "The Lounge Web UI (Not required for Hass.io Ingress)"
   },
   "map": [
     "config:rw",
     "ssl"
   ],
   "options": {
-    "log_level": "info",
     "ssl": true,
     "certfile": "fullchain.pem",
     "keyfile": "privkey.pem",
@@ -42,16 +39,13 @@
     ]
   },
   "schema": {
-    "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)",
+    "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?",
     "ssl": "bool",
     "certfile": "str",
     "keyfile": "str",
     "default_theme": "str",
     "themes": [
       "str"
     ]
-  },
-  "environment": {
-    "LOG_FORMAT": "{LEVEL}: {MESSAGE}"
   }
 }
diff --git a/thelounge/rootfs/etc/cont-init.d/10-requirements.sh b/thelounge/rootfs/etc/cont-init.d/10-requirements.sh
diff --git a/thelounge/rootfs/etc/cont-init.d/15-nginx.sh b/thelounge/rootfs/etc/cont-init.d/15-nginx.sh
diff --git a/thelounge/rootfs/etc/cont-init.d/nginx.sh b/thelounge/rootfs/etc/cont-init.d/nginx.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: The Lounge
+# Configures NGINX for use with thelounge
+# ==============================================================================
+declare port
+declare certfile
+declare ingress_interface
+declare ingress_port
+declare keyfile
+
+port=$(bashio::addon.port 80)
+if bashio::var.has_value "${port}"; then
+    bashio::config.require.ssl
+
+    if bashio::config.true 'ssl'; then
+        certfile=$(bashio::config 'certfile')
+        keyfile=$(bashio::config 'keyfile')
+
+        mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
+        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
+        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
+
+    else
+        mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
+    fi
+fi
+
+ingress_port=$(bashio::addon.ingress_port)
+ingress_interface=$(bashio::addon.ip_address)
+sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
+sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
diff --git a/thelounge/rootfs/etc/cont-init.d/20-setup.sh → ...ounge/rootfs/etc/cont-init.d/thelounge.sh b/thelounge/rootfs/etc/cont-init.d/20-setup.sh → ...ounge/rootfs/etc/cont-init.d/thelounge.sh
diff --git a/thelounge/rootfs/etc/nginx/includes/mime.types b/thelounge/rootfs/etc/nginx/includes/mime.types
@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
diff --git a/thelounge/rootfs/etc/nginx/includes/proxy_params.conf b/thelounge/rootfs/etc/nginx/includes/proxy_params.conf
@@ -0,0 +1,15 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "gzip";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;
diff --git a/thelounge/rootfs/etc/nginx/includes/resolver.conf b/thelounge/rootfs/etc/nginx/includes/resolver.conf
@@ -0,0 +1 @@
+resolver 127.0.0.11;
diff --git a/thelounge/rootfs/etc/nginx/includes/server_params.conf b/thelounge/rootfs/etc/nginx/includes/server_params.conf
@@ -0,0 +1,6 @@
+root            /dev/null;
+server_name     $hostname;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
diff --git a/thelounge/rootfs/etc/nginx/includes/ssl_params.conf b/thelounge/rootfs/etc/nginx/includes/ssl_params.conf
@@ -0,0 +1,9 @@
+ssl_protocols TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
+ssl_ecdh_curve secp384r1;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
diff --git a/thelounge/rootfs/etc/nginx/includes/upstream.conf b/thelounge/rootfs/etc/nginx/includes/upstream.conf
@@ -0,0 +1,3 @@
+upstream backend {
+    server 127.0.0.1:15100;
+}
diff --git a/thelounge/rootfs/etc/nginx/nginx-ssl.conf b/thelounge/rootfs/etc/nginx/nginx-ssl.conf