Refactor NGINX/PHP-FPM configuration (#115)

* Refactor NGINX/PHP-FPM configuration

* Use default ingress port

grocy/config.json

@@ -6,11 +6,8 @@
   "url": "https://github.com/hassio-addons/addon-grocy",
   "webui": "[PROTO:ssl]://[HOST]:[PORT:80]",
   "ingress": true,
-  "ingress_port": 1337,
   "panel_icon": "mdi:cart",
-  "startup": "system",
   "arch": ["aarch64", "amd64", "armhf", "armv7", "i386"],
-  "hassio_api": true,
   "map": ["ssl"],
   "ports": {
     "80/tcp": null

grocy/rootfs/etc/cont-init.d/nginx.sh

@@ -3,34 +3,22 @@
 # Home Assistant Community Add-on: Grocy
 # Configures NGINX for use with Grocy
 # ==============================================================================
-declare certfile
-declare dns_host
-declare ingress_entry
-declare ingress_interface
-declare keyfile
-declare port
 
-port=$(bashio::addon.port 80)
-if bashio::var.has_value "${port}"; then
+# Generate Ingress PHP-FPM configuration
+bashio::var.json \
+    interface "$(bashio::addon.ip_address)" \
+    | tempio \
+        -template /etc/nginx/templates/ingress.gtpl \
+        -out /etc/nginx/servers/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 80)"; then
     bashio::config.require.ssl
-
-    if bashio::config.true 'ssl'; then
-        certfile=$(bashio::config 'certfile')
-        keyfile=$(bashio::config 'keyfile')
-
-        mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
-        sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf
-        sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf
-    else
-        mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
-    fi
+    bashio::var.json \
+        certfile "$(bashio::config 'certfile')" \
+        keyfile "$(bashio::config 'keyfile')" \
+        ssl "^$(bashio::config 'ssl')" \
+        | tempio \
+            -template /etc/nginx/templates/direct.gtpl \
+            -out /etc/nginx/servers/direct.conf
 fi
-
-ingress_interface=$(bashio::addon.ip_address)
-sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
-
-ingress_entry=$(bashio::addon.ingress_entry)
-sed -i "s#%%ingress_entry%%#${ingress_entry}#g" /etc/php7/php-fpm.d/ingress.conf
-
-dns_host=$(bashio::dns.host)
-sed -i "s/%%dns_host%%/${dns_host}/g" /etc/nginx/includes/resolver.conf

grocy/rootfs/etc/cont-init.d/php-fpm.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Home Assistant Community Add-on: Grocy
+# Configures PHP-FPM for use with Grocy
+# ==============================================================================
+
+# Generate Ingress configuration
+bashio::var.json \
+    name "ingress" \
+    port "^9002" \
+    base "$(bashio::addon.ingress_entry)" \
+    | tempio \
+        -template /etc/php7/templates/php-fpm.gtpl \
+        -out /etc/php7/php-fpm.d/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 80)"; then
+    bashio::var.json \
+        name "www" \
+        port "^9001" \
+        | tempio \
+            -template /etc/php7/templates/php-fpm.gtpl \
+            -out /etc/php7/php-fpm.d/www.conf
+fi

grocy/rootfs/etc/nginx/includes/resolver.conf

@@ -1 +0,0 @@
-resolver %%dns_host%%;

grocy/rootfs/etc/nginx/nginx.conf

@@ -16,13 +16,6 @@ pcre_jit on;
 # Write error log to the add-on log.
 error_log /proc/1/fd/1 error;
 
-# Load allowed environment vars
-env SUPERVISOR_TOKEN;
-env DISABLE_HA_AUTHENTICATION;
-
-# Load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
 # Max num of simultaneous connections by a worker process.
 events {
     worker_connections 512;
@@ -50,7 +43,5 @@ http {
         ''      close;
     }
 
-    include /etc/nginx/includes/resolver.conf;
-
     include /etc/nginx/servers/*.conf;
 }

grocy/rootfs/etc/nginx/servers/.gitkeep

@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)

grocy/rootfs/etc/nginx/servers/direct.disabled

@@ -1,14 +0,0 @@
-server {
-    listen 80 default_server;
-
-    include /etc/nginx/includes/server_params.conf;
-
-    location ~ .php$ {
-        fastcgi_pass 127.0.0.1:9001;
-        fastcgi_read_timeout 900;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_index index.php;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        include /etc/nginx/includes/fastcgi_params.conf;
-    }
-}

grocy/rootfs/etc/nginx/templates/direct.gtpl

@@ -1,13 +1,19 @@
 server {
+    {{ if not .ssl }}
+    listen 80 default_server;
+    {{ else }}
     listen 80 default_server ssl http2;
-
-    include /etc/nginx/includes/ssl_params.conf;
-
-    ssl_certificate /ssl/%%certfile%%;
-    ssl_certificate_key /ssl/%%keyfile%%;
+    {{ end }}
 
     include /etc/nginx/includes/server_params.conf;
 
+    {{ if .ssl }}
+    include /etc/nginx/includes/ssl_params.conf;
+
+    ssl_certificate /ssl/{{ .certfile }};
+    ssl_certificate_key /ssl/{{ .keyfile }};
+    {{ end }}
+
     location ~ .php$ {
         fastcgi_pass 127.0.0.1:9001;
         fastcgi_read_timeout 900;

grocy/rootfs/etc/nginx/templates/ingress.gtpl

@@ -1,5 +1,5 @@
 server {
-    listen %%interface%%:1337 default_server;
+    listen {{ .interface }}:8099 default_server;
 
     include /etc/nginx/includes/server_params.conf;
 

grocy/rootfs/etc/php7/php-fpm.d/.gitkeep

@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)

grocy/rootfs/etc/php7/php-fpm.d/www.conf

@@ -1,11 +0,0 @@
-[www]
-user = nginx
-group = nginx
-listen = 127.0.0.1:9001
-pm = dynamic
-pm.max_children = 10
-pm.start_servers = 3
-pm.min_spare_servers = 2
-pm.max_spare_servers = 5
-pm.max_requests = 1024
-clear_env = no

grocy/rootfs/etc/php7/templates/php-fpm.gtpl

@@ -1,7 +1,7 @@
-[ingress]
+[{{ .name }}]
 user = nginx
 group = nginx
-listen = 127.0.0.1:9002
+listen = 127.0.0.1:{{ .port }}
 pm = dynamic
 pm.max_children = 10
 pm.start_servers = 3
@@ -9,4 +9,6 @@ pm.min_spare_servers = 2
 pm.max_spare_servers = 5
 pm.max_requests = 1024
 clear_env = no
-env[GROCY_BASE_URL] = '%%ingress_entry%%'
+{{ if .base }}
+env[GROCY_BASE_URL] = '{{ .base }}'
+{{ end }}