From 73748e9e200f6ea9250d023efe54ebdb4f714fa7 Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Wed, 18 Jan 2023 17:23:35 +0100 Subject: [PATCH 1/5] Upgrades add-on base image to 6.2.0 (#4310) --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 8243f85f29..66b708f522 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,7 +6,7 @@ ARG BASEIMGTYPE=docker # https://github.com/hassio-addons/addon-debian-base/releases -FROM ghcr.io/hassio-addons/debian-base:6.1.3 AS base-hassio +FROM ghcr.io/hassio-addons/debian-base:6.2.0 AS base-hassio # https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye FROM debian:bullseye-20221024-slim AS base-docker From a2925b1d37fbcb59cf918bc508dbf9cba682950c Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Wed, 18 Jan 2023 18:22:35 +0100 Subject: [PATCH 2/5] Migrate old-style S6 scripts to s6-rc.d (#4311) --- .../etc/cont-init.d/10-requirements.sh | 41 ------------ .../etc/cont-init.d/20-nginx.sh | 34 ---------- .../etc/cont-init.d/30-dirs.sh | 9 --- .../s6-rc.d/esphome/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/esphome/finish | 26 ++++++++ .../s6-rc.d}/esphome/run | 20 +++--- .../etc/s6-overlay/s6-rc.d/esphome/type | 1 + .../s6-rc.d/init-nginx/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/init-nginx/run | 63 +++++++++++++++++++ .../etc/s6-overlay/s6-rc.d/init-nginx/type | 1 + .../etc/s6-overlay/s6-rc.d/init-nginx/up | 1 + .../s6-rc.d/nginx/dependencies.d/esphome | 0 .../s6-rc.d/nginx/dependencies.d/init-nginx | 0 .../etc/s6-overlay/s6-rc.d/nginx/finish | 25 ++++++++ .../s6-rc.d}/nginx/run | 5 +- .../etc/s6-overlay/s6-rc.d/nginx/type | 1 + .../s6-rc.d/user/contents.d/esphome | 0 .../s6-rc.d/user/contents.d/init-nginx | 0 .../s6-overlay/s6-rc.d/user/contents.d/nginx | 0 .../etc/services.d/esphome/finish | 15 ----- .../etc/services.d/nginx/finish | 15 ----- 21 files changed, 132 insertions(+), 125 deletions(-) delete mode 100755 docker/ha-addon-rootfs/etc/cont-init.d/10-requirements.sh delete mode 100755 docker/ha-addon-rootfs/etc/cont-init.d/20-nginx.sh delete mode 100755 docker/ha-addon-rootfs/etc/cont-init.d/30-dirs.sh create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/dependencies.d/base create mode 100755 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish rename docker/ha-addon-rootfs/etc/{services.d => s6-overlay/s6-rc.d}/esphome/run (91%) create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/type create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base create mode 100755 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx create mode 100755 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish rename docker/ha-addon-rootfs/etc/{services.d => s6-overlay/s6-rc.d}/nginx/run (73%) create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/esphome create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx delete mode 100755 docker/ha-addon-rootfs/etc/services.d/esphome/finish delete mode 100755 docker/ha-addon-rootfs/etc/services.d/nginx/finish diff --git a/docker/ha-addon-rootfs/etc/cont-init.d/10-requirements.sh b/docker/ha-addon-rootfs/etc/cont-init.d/10-requirements.sh deleted file mode 100755 index 544787d568..0000000000 --- a/docker/ha-addon-rootfs/etc/cont-init.d/10-requirements.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/with-contenv bashio -# ============================================================================== -# Community Hass.io Add-ons: ESPHome -# This files check if all user configuration requirements are met -# ============================================================================== - -# Check SSL requirements, if enabled -if bashio::config.true 'ssl'; then - if ! bashio::config.has_value 'certfile'; then - bashio::log.fatal 'SSL is enabled, but no certfile was specified.' - bashio::exit.nok - fi - - if ! bashio::config.has_value 'keyfile'; then - bashio::log.fatal 'SSL is enabled, but no keyfile was specified' - bashio::exit.nok - fi - - - certfile="/ssl/$(bashio::config 'certfile')" - keyfile="/ssl/$(bashio::config 'keyfile')" - - if ! bashio::fs.file_exists "${certfile}"; then - if ! bashio::fs.file_exists "${keyfile}"; then - # Both files are missing, let's print a friendlier error message - bashio::log.fatal 'You enabled encrypted connections using the "ssl": true option.' - bashio::log.fatal "However, the SSL files '${certfile}' and '${keyfile}'" - bashio::log.fatal "were not found. If you're using Hass.io on your local network and don't want" - bashio::log.fatal 'to encrypt connections to the ESPHome dashboard, you can manually disable' - bashio::log.fatal 'SSL by setting "ssl" to false."' - bashio::exit.nok - fi - bashio::log.fatal "The configured certfile '${certfile}' was not found." - bashio::exit.nok - fi - - if ! bashio::fs.file_exists "/ssl/$(bashio::config 'keyfile')"; then - bashio::log.fatal "The configured keyfile '${keyfile}' was not found." - bashio::exit.nok - fi -fi diff --git a/docker/ha-addon-rootfs/etc/cont-init.d/20-nginx.sh b/docker/ha-addon-rootfs/etc/cont-init.d/20-nginx.sh deleted file mode 100755 index 107a25c47a..0000000000 --- a/docker/ha-addon-rootfs/etc/cont-init.d/20-nginx.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/with-contenv bashio -# ============================================================================== -# Community Hass.io Add-ons: ESPHome -# Configures NGINX for use with ESPHome -# ============================================================================== - -declare certfile -declare keyfile -declare direct_port -declare ingress_interface -declare ingress_port - -mkdir -p /var/log/nginx - -direct_port=$(bashio::addon.port 6052) -if bashio::var.has_value "${direct_port}"; then - if bashio::config.true 'ssl'; then - certfile=$(bashio::config 'certfile') - keyfile=$(bashio::config 'keyfile') - - mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf - sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf - sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf - else - mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf - fi - - sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf -fi - -ingress_port=$(bashio::addon.ingress_port) -ingress_interface=$(bashio::addon.ip_address) -sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf -sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf diff --git a/docker/ha-addon-rootfs/etc/cont-init.d/30-dirs.sh b/docker/ha-addon-rootfs/etc/cont-init.d/30-dirs.sh deleted file mode 100755 index 1073a2fa45..0000000000 --- a/docker/ha-addon-rootfs/etc/cont-init.d/30-dirs.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/with-contenv bashio -# ============================================================================== -# Community Hass.io Add-ons: ESPHome -# This files creates all directories used by esphome -# ============================================================================== - -pio_cache_base=/data/cache/platformio - -mkdir -p "${pio_cache_base}" diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/dependencies.d/base b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/dependencies.d/base new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish new file mode 100755 index 0000000000..6e0f8fe23a --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish @@ -0,0 +1,26 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: ESPHome +# Take down the S6 supervision tree when ESPHome dashboard fails +# ============================================================================== +declare exit_code +readonly exit_code_container=$( /run/s6-linux-init-container-results/exitcode + fi + [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/docker/ha-addon-rootfs/etc/services.d/esphome/run b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run similarity index 91% rename from docker/ha-addon-rootfs/etc/services.d/esphome/run rename to docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run index 747c64728e..277f26ea49 100755 --- a/docker/ha-addon-rootfs/etc/services.d/esphome/run +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run @@ -1,10 +1,19 @@ -#!/usr/bin/with-contenv bashio +#!/command/with-contenv bashio +# shellcheck shell=bash # ============================================================================== # Community Hass.io Add-ons: ESPHome # Runs the ESPHome dashboard # ============================================================================== +readonly pio_cache_base=/data/cache/platformio export ESPHOME_IS_HA_ADDON=true +export PLATFORMIO_GLOBALLIB_DIR=/piolibs + +# we can't set core_dir, because the settings file is stored in `core_dir/appstate.json` +# setting `core_dir` would therefore prevent pio from accessing +export PLATFORMIO_PLATFORMS_DIR="${pio_cache_base}/platforms" +export PLATFORMIO_PACKAGES_DIR="${pio_cache_base}/packages" +export PLATFORMIO_CACHE_DIR="${pio_cache_base}/cache" if bashio::config.true 'leave_front_door_open'; then export DISABLE_HA_AUTHENTICATION=true @@ -30,14 +39,7 @@ else fi fi -pio_cache_base=/data/cache/platformio -# we can't set core_dir, because the settings file is stored in `core_dir/appstate.json` -# setting `core_dir` would therefore prevent pio from accessing -export PLATFORMIO_PLATFORMS_DIR="${pio_cache_base}/platforms" -export PLATFORMIO_PACKAGES_DIR="${pio_cache_base}/packages" -export PLATFORMIO_CACHE_DIR="${pio_cache_base}/cache" - -export PLATFORMIO_GLOBALLIB_DIR=/piolibs +mkdir -p "${pio_cache_base}" bashio::log.info "Starting ESPHome dashboard..." exec esphome dashboard /config/esphome --socket /var/run/esphome.sock --ha-addon diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/type b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/type new file mode 100644 index 0000000000..5883cff0cd --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/type @@ -0,0 +1 @@ +longrun diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run new file mode 100755 index 0000000000..52a211b99f --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -0,0 +1,63 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Community Hass.io Add-ons: ESPHome +# Configures NGINX for use with ESPHome +# ============================================================================== +declare certfile +declare direct_port +declare ingress_interface +declare ingress_port +declare keyfile + +mkdir -p /var/log/nginx + +direct_port=$(bashio::addon.port 6052) +if bashio::var.has_value "${direct_port}"; then + # Check SSL requirements, if enabled + if bashio::config.true 'ssl'; then + if ! bashio::config.has_value 'certfile'; then + bashio::log.fatal 'SSL is enabled, but no certfile was specified.' + bashio::exit.nok + fi + + if ! bashio::config.has_value 'keyfile'; then + bashio::log.fatal 'SSL is enabled, but no keyfile was specified' + bashio::exit.nok + fi + + certfile="/ssl/$(bashio::config 'certfile')" + keyfile="/ssl/$(bashio::config 'keyfile')" + + if ! bashio::fs.file_exists "/ssl/${certfile}"; then + if ! bashio::fs.file_exists "/ssl/${keyfile}"; then + # Both files are missing, let's print a friendlier error message + bashio::log.fatal 'You enabled encrypted connections using the "ssl": true option.' + bashio::log.fatal "However, the SSL files '${certfile}' and '${keyfile}'" + bashio::log.fatal "were not found. If you're using Hass.io on your local network and don't want" + bashio::log.fatal 'to encrypt connections to the ESPHome dashboard, you can manually disable' + bashio::log.fatal 'SSL by setting "ssl" to false."' + bashio::exit.nok + fi + bashio::log.fatal "The configured certfile '/ssl/${certfile}' was not found." + bashio::exit.nok + fi + + if ! bashio::fs.file_exists "/ssl/${keyfile}"; then + bashio::log.fatal "The configured keyfile '/ssl/${keyfile}' was not found." + bashio::exit.nok + fi + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf + sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf + else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf + fi + + sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf +fi + +ingress_port=$(bashio::addon.ingress_port) +ingress_interface=$(bashio::addon.ip_address) +sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf +sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type new file mode 100644 index 0000000000..bdd22a1850 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type @@ -0,0 +1 @@ +oneshot diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up new file mode 100644 index 0000000000..b3b5b494b5 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx/run diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish new file mode 100755 index 0000000000..bbd6d8fecf --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish @@ -0,0 +1,25 @@ +#!/command/with-contenv bashio +# ============================================================================== +# Community Hass.io Add-ons: ESPHome +# Take down the S6 supervision tree when NGINX fails +# ============================================================================== +declare exit_code +readonly exit_code_container=$( /run/s6-linux-init-container-results/exitcode + fi + [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/docker/ha-addon-rootfs/etc/services.d/nginx/run b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run similarity index 73% rename from docker/ha-addon-rootfs/etc/services.d/nginx/run rename to docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run index 8582167b96..e96991cdd1 100755 --- a/docker/ha-addon-rootfs/etc/services.d/nginx/run +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -1,10 +1,11 @@ -#!/usr/bin/with-contenv bashio +#!/command/with-contenv bashio +# shellcheck shell=bash # ============================================================================== # Community Hass.io Add-ons: ESPHome # Runs the NGINX proxy # ============================================================================== -bashio::log.info "Waiting for dashboard to come up..." +bashio::log.info "Waiting for ESPHome dashboard to come up..." while [[ ! -S /var/run/esphome.sock ]]; do sleep 0.5 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type new file mode 100644 index 0000000000..5883cff0cd --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type @@ -0,0 +1 @@ +longrun diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/esphome b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/esphome new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/services.d/esphome/finish b/docker/ha-addon-rootfs/etc/services.d/esphome/finish deleted file mode 100755 index fed449ce61..0000000000 --- a/docker/ha-addon-rootfs/etc/services.d/esphome/finish +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/execlineb -S0 -# ============================================================================== -# Community Hass.io Add-ons: ESPHome -# Take down the S6 supervision tree when ESPHome fails -# ============================================================================== - -declare APP_EXIT_CODE=${1} - -if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then - bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}" - echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode - exec /run/s6/basedir/bin/halt -fi - -bashio::log.info "Service restart after closing" diff --git a/docker/ha-addon-rootfs/etc/services.d/nginx/finish b/docker/ha-addon-rootfs/etc/services.d/nginx/finish deleted file mode 100755 index 8030841ec8..0000000000 --- a/docker/ha-addon-rootfs/etc/services.d/nginx/finish +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/execlineb -S0 -# ============================================================================== -# Community Hass.io Add-ons: ESPHome -# Take down the S6 supervision tree when NGINX fails -# ============================================================================== - -declare APP_EXIT_CODE=${1} - -if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then - bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}" - echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode - exec /run/s6/basedir/bin/halt -fi - -bashio::log.info "Service restart after closing" From 3c5de77ae9994820c463f74f2344c6bd32713831 Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Wed, 18 Jan 2023 19:54:27 +0100 Subject: [PATCH 3/5] Refactor NGINX configuration of Home Assistant Add-on (#4312) --- .../etc/nginx/includes/proxy_params.conf | 12 ++-- .../etc/nginx/includes/server_params.conf | 6 +- .../etc/nginx/includes/ssl_params.conf | 7 +- .../etc/nginx/includes/upstream.conf | 3 + docker/ha-addon-rootfs/etc/nginx/nginx.conf | 25 +++---- .../etc/nginx/servers/.gitkeep | 1 + .../etc/nginx/servers/direct.disabled | 12 ---- .../direct.gtpl} | 20 ++++-- .../ingress.conf => templates/ingress.gtpl} | 4 +- .../etc/s6-overlay/s6-rc.d/init-nginx/run | 70 +++++-------------- 10 files changed, 60 insertions(+), 100 deletions(-) create mode 100644 docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf create mode 100644 docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep delete mode 100644 docker/ha-addon-rootfs/etc/nginx/servers/direct.disabled rename docker/ha-addon-rootfs/etc/nginx/{servers/direct-ssl.disabled => templates/direct.gtpl} (61%) rename docker/ha-addon-rootfs/etc/nginx/{servers/ingress.conf => templates/ingress.gtpl} (76%) diff --git a/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf b/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf index c00b4800e8..a1ebb5079a 100644 --- a/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf +++ b/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf @@ -1,9 +1,9 @@ -proxy_http_version 1.1; -proxy_ignore_client_abort off; -proxy_read_timeout 86400s; -proxy_redirect off; -proxy_send_timeout 86400s; -proxy_max_temp_file_size 0; +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; proxy_set_header Accept-Encoding ""; proxy_set_header Connection $connection_upgrade; diff --git a/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf b/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf index 479dfa10f6..debdf83a8c 100644 --- a/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf +++ b/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf @@ -1,5 +1,7 @@ -root /dev/null; -server_name $hostname; +root /dev/null; +server_name $hostname; + +client_max_body_size 512m; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; diff --git a/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf b/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf index 6f15005998..e6789cbb9b 100644 --- a/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf +++ b/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf @@ -1,7 +1,6 @@ -ssl_protocols TLSv1.2; -ssl_prefer_server_ciphers on; -ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; -ssl_ecdh_curve secp384r1; +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; diff --git a/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf b/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 0000000000..8e782bdc88 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream esphome { + server unix:/var/run/esphome.sock; +} diff --git a/docker/ha-addon-rootfs/etc/nginx/nginx.conf b/docker/ha-addon-rootfs/etc/nginx/nginx.conf index 8ebf572816..497427596d 100644 --- a/docker/ha-addon-rootfs/etc/nginx/nginx.conf +++ b/docker/ha-addon-rootfs/etc/nginx/nginx.conf @@ -2,7 +2,6 @@ daemon off; user root; pid /var/run/nginx.pid; worker_processes 1; -# Hass.io addon log error_log /proc/1/fd/1 error; events { worker_connections 1024; @@ -10,24 +9,22 @@ events { http { include /etc/nginx/includes/mime.types; - access_log stdout; - default_type application/octet-stream; - gzip on; - keepalive_timeout 65; - sendfile on; - server_tokens off; + + access_log off; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + + tcp_nodelay on; + tcp_nopush on; map $http_upgrade $connection_upgrade { default upgrade; '' close; } - # Use Hass.io supervisor as resolver - resolver 172.30.32.2; - - upstream esphome { - server unix:/var/run/esphome.sock; - } - + include /etc/nginx/includes/upstream.conf; include /etc/nginx/servers/*.conf; } diff --git a/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep b/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep new file mode 100644 index 0000000000..85ad51be5f --- /dev/null +++ b/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep @@ -0,0 +1 @@ +Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley) diff --git a/docker/ha-addon-rootfs/etc/nginx/servers/direct.disabled b/docker/ha-addon-rootfs/etc/nginx/servers/direct.disabled deleted file mode 100644 index 80300fc6aa..0000000000 --- a/docker/ha-addon-rootfs/etc/nginx/servers/direct.disabled +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen %%port%% default_server; - - include /etc/nginx/includes/server_params.conf; - include /etc/nginx/includes/proxy_params.conf; - # Clear Hass.io Ingress header - proxy_set_header X-HA-Ingress ""; - - location / { - proxy_pass http://esphome; - } -} diff --git a/docker/ha-addon-rootfs/etc/nginx/servers/direct-ssl.disabled b/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl similarity index 61% rename from docker/ha-addon-rootfs/etc/nginx/servers/direct-ssl.disabled rename to docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl index 4ebc435dbb..4fb0ca3f90 100644 --- a/docker/ha-addon-rootfs/etc/nginx/servers/direct-ssl.disabled +++ b/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl @@ -1,20 +1,26 @@ server { - listen %%port%% default_server ssl http2; + {{ if not .ssl }} + listen 6052 default_server; + {{ else }} + listen 6052 default_server ssl http2; + {{ end }} include /etc/nginx/includes/server_params.conf; include /etc/nginx/includes/proxy_params.conf; + + {{ if .ssl }} include /etc/nginx/includes/ssl_params.conf; - ssl on; - ssl_certificate /ssl/%%certfile%%; - ssl_certificate_key /ssl/%%keyfile%%; - - # Clear Hass.io Ingress header - proxy_set_header X-HA-Ingress ""; + ssl_certificate /ssl/{{ .certfile }}; + ssl_certificate_key /ssl/{{ .keyfile }}; # Redirect http requests to https on the same port. # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/ error_page 497 https://$http_host$request_uri; + {{ end }} + + # Clear Home Assistant Ingress header + proxy_set_header X-HA-Ingress ""; location / { proxy_pass http://esphome; diff --git a/docker/ha-addon-rootfs/etc/nginx/servers/ingress.conf b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl similarity index 76% rename from docker/ha-addon-rootfs/etc/nginx/servers/ingress.conf rename to docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl index 9d0d2d3e66..91bd40d537 100644 --- a/docker/ha-addon-rootfs/etc/nginx/servers/ingress.conf +++ b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl @@ -1,13 +1,13 @@ server { - listen %%interface%%:%%port%% default_server; + listen {{ .interface }}:{{ .port }} default_server; include /etc/nginx/includes/server_params.conf; include /etc/nginx/includes/proxy_params.conf; + # Set Home Assistant Ingress header proxy_set_header X-HA-Ingress "YES"; location / { - # Only allow from Hass.io supervisor allow 172.30.32.2; deny all; diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run index 52a211b99f..2725f56670 100755 --- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -4,60 +4,24 @@ # Community Hass.io Add-ons: ESPHome # Configures NGINX for use with ESPHome # ============================================================================== -declare certfile -declare direct_port -declare ingress_interface -declare ingress_port -declare keyfile - mkdir -p /var/log/nginx -direct_port=$(bashio::addon.port 6052) -if bashio::var.has_value "${direct_port}"; then - # Check SSL requirements, if enabled - if bashio::config.true 'ssl'; then - if ! bashio::config.has_value 'certfile'; then - bashio::log.fatal 'SSL is enabled, but no certfile was specified.' - bashio::exit.nok - fi +# Generate Ingress configuration +bashio::var.json \ + interface "$(bashio::addon.ip_address)" \ + port "^$(bashio::addon.ingress_port)" \ + | tempio \ + -template /etc/nginx/templates/ingress.gtpl \ + -out /etc/nginx/servers/ingress.conf - if ! bashio::config.has_value 'keyfile'; then - bashio::log.fatal 'SSL is enabled, but no keyfile was specified' - bashio::exit.nok - fi - - certfile="/ssl/$(bashio::config 'certfile')" - keyfile="/ssl/$(bashio::config 'keyfile')" - - if ! bashio::fs.file_exists "/ssl/${certfile}"; then - if ! bashio::fs.file_exists "/ssl/${keyfile}"; then - # Both files are missing, let's print a friendlier error message - bashio::log.fatal 'You enabled encrypted connections using the "ssl": true option.' - bashio::log.fatal "However, the SSL files '${certfile}' and '${keyfile}'" - bashio::log.fatal "were not found. If you're using Hass.io on your local network and don't want" - bashio::log.fatal 'to encrypt connections to the ESPHome dashboard, you can manually disable' - bashio::log.fatal 'SSL by setting "ssl" to false."' - bashio::exit.nok - fi - bashio::log.fatal "The configured certfile '/ssl/${certfile}' was not found." - bashio::exit.nok - fi - - if ! bashio::fs.file_exists "/ssl/${keyfile}"; then - bashio::log.fatal "The configured keyfile '/ssl/${keyfile}' was not found." - bashio::exit.nok - fi - mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf - sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf - sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf - else - mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf - fi - - sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf +# Generate direct access configuration, if enabled. +if bashio::var.has_value "$(bashio::addon.port 6052)"; then + bashio::config.require.ssl + bashio::var.json \ + certfile "$(bashio::config 'certfile')" \ + keyfile "$(bashio::config 'keyfile')" \ + ssl "^$(bashio::config 'ssl')" \ + | tempio \ + -template /etc/nginx/templates/direct.gtpl \ + -out /etc/nginx/servers/direct.conf fi - -ingress_port=$(bashio::addon.ingress_port) -ingress_interface=$(bashio::addon.ip_address) -sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf -sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf From 4ac96ccea264c81078758d153faa1008dc3e13db Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Thu, 26 Jan 2023 17:48:04 +0100 Subject: [PATCH 4/5] Add Home Assistant integration discovery (#4328) --- .../etc/nginx/templates/ingress.gtpl | 2 ++ .../s6-rc.d/discovery/dependencies.d/esphome | 0 .../s6-rc.d/discovery/dependencies.d/nginx | 0 .../etc/s6-overlay/s6-rc.d/discovery/run | 32 +++++++++++++++++++ .../etc/s6-overlay/s6-rc.d/discovery/type | 1 + .../etc/s6-overlay/s6-rc.d/discovery/up | 1 + .../s6-rc.d/user/contents.d/discovery | 0 7 files changed, 36 insertions(+) create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/esphome create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx create mode 100755 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/type create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/up create mode 100644 docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/discovery diff --git a/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl index 91bd40d537..105ddde710 100644 --- a/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl +++ b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl @@ -1,4 +1,5 @@ server { + listen 127.0.0.1:{{ .port }} default_server; listen {{ .interface }}:{{ .port }} default_server; include /etc/nginx/includes/server_params.conf; @@ -9,6 +10,7 @@ server { location / { allow 172.30.32.2; + allow 127.0.0.1; deny all; proxy_pass http://esphome; diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/esphome b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/esphome new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run new file mode 100755 index 0000000000..111157d301 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run @@ -0,0 +1,32 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Add-on: ESPHome +# Sends discovery information to Home Assistant. +# ============================================================================== +declare config +declare port + +# We only disable it when disabled explicitly +if bashio::config.false 'home_assistant_dashboard_integration'; +then + bashio::log.info "Home Assistant discovery is disabled for this add-on." + bashio::exit.ok +fi + +port=$(bashio::addon.ingress_port) + +# Wait for NGINX to become available +bashio::net.wait_for "${port}" "127.0.0.1" 300 + +config=$(\ + bashio::var.json \ + host "127.0.0.1" \ + port "^${port}" \ +) + +if bashio::discovery "esphome" "${config}" > /dev/null; then + bashio::log.info "Successfully send discovery information to Home Assistant." +else + bashio::log.error "Discovery message to Home Assistant failed!" +fi diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/type b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/type new file mode 100644 index 0000000000..bdd22a1850 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/type @@ -0,0 +1 @@ +oneshot diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/up b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/up new file mode 100644 index 0000000000..c51c2ba820 --- /dev/null +++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/discovery/run diff --git a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/discovery b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/discovery new file mode 100644 index 0000000000..e69de29bb2 From 8bcddef39da70d0bf79fc85fe4151e959954f16d Mon Sep 17 00:00:00 2001 From: Jesse Hills <3060199+jesserockz@users.noreply.github.com> Date: Fri, 27 Jan 2023 09:44:41 +1300 Subject: [PATCH 5/5] Bump version to 2022.12.8 --- esphome/const.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/esphome/const.py b/esphome/const.py index 12e7045a49..163ddc75b2 100644 --- a/esphome/const.py +++ b/esphome/const.py @@ -1,6 +1,6 @@ """Constants used by esphome.""" -__version__ = "2022.12.7" +__version__ = "2022.12.8" ALLOWED_NAME_CHARS = "abcdefghijklmnopqrstuvwxyz0123456789-_"