Rewrite nginx config and fix header comments (#3)

* 🔨 📝 rewrite nginx and fix header comments

* 👕 fix linter warning

home-panel/rootfs/etc/cont-init.d/10-requirements.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/with-contenv bash
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
+# Community Hass.io Add-ons: Home Panel
 # This checks if all user configuration requirements are met
 # ==============================================================================
 # shellcheck disable=SC1091

home-panel/rootfs/etc/cont-init.d/20-config.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/with-contenv bash
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
+# Community Hass.io Add-ons: Home Panel
 # This copies the configs to their respective locations
 # ==============================================================================
 # shellcheck disable=SC1091

home-panel/rootfs/etc/cont-init.d/40-nginx.sh

@@ -1,38 +1,19 @@
 #!/usr/bin/with-contenv bash
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
-# This copies the nginx configs to their respective locations
+# Community Hass.io Add-ons: Home Panel
+# Configures NGINX for use with Home Panel
 # ==============================================================================
 # shellcheck disable=SC1091
 source /usr/lib/hassio-addons/base.sh
 
-certfile="/ssl/$(hass.config.get 'certfile')"
-keyfile="/ssl/$(hass.config.get 'keyfile')"
+declare certfile
+declare keyfile
 
+# Enable SSL
 if hass.config.true 'ssl'; then
-  hass.log.info "Copy enabled SSL nginx config"
-  echo "server {
-    listen 8234 ssl http2 default_server;
-    listen [::]:8234 ssl http2 default_server;
-    root /opt/panel;
-    index index.html;
-    server_name 172.0.0.1;
-    ssl_certificate ${certfile};
-    ssl_certificate_key ${keyfile};
-    location / {
-      try_files \$uri /index.html;
-    }
-  }" > /etc/nginx/conf.d/default.conf;
-else
-  hass.log.info "Copy disabled SSL nginx config"
-  echo "server {
-    listen 8234 default_server;
-    listen [::]:8234 default_server;
-    root /opt/panel;
-    index index.html;
-    server_name 172.0.0.1;
-    location / {
-      try_files \$uri /index.html;
-    }
-  }" > /etc/nginx/conf.d/default.conf;
+    certfile=$(hass.config.get 'certfile')
+    keyfile=$(hass.config.get 'keyfile')
+
+    sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/nginx-ssl.conf
+    sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/nginx-ssl.conf
 fi

home-panel/rootfs/etc/nginx/nginx-ssl.conf

@@ -0,0 +1,35 @@
+worker_processes  1;
+pid /var/run/nginx.pid;
+error_log /dev/stdout info;
+daemon off;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen 8234 default_server ssl;
+
+        server_name home-panel;
+        access_log /dev/stdout combined;
+
+        client_max_body_size 4G;
+        keepalive_timeout 5;
+
+        root /opt/panel;
+
+        ssl on;
+        ssl_certificate /ssl/%%certfile%%;
+        ssl_certificate_key /ssl/%%keyfile%%;
+        ssl_protocols TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
+        ssl_ecdh_curve secp384r1;
+        ssl_session_timeout  10m;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+    }
+}

home-panel/rootfs/etc/nginx/nginx.conf

@@ -0,0 +1,22 @@
+worker_processes  1;
+pid /var/run/nginx.pid;
+error_log /dev/stdout info;
+daemon off;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen 8234 default_server;
+
+        server_name home-panel;
+        access_log /dev/stdout combined;
+
+        client_max_body_size 4G;
+        keepalive_timeout 5;
+
+        root /opt/panel;
+    }
+}

home-panel/rootfs/etc/services.d/api/finish

@@ -1,6 +1,6 @@
 #!/usr/bin/execlineb -S0
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
+# Community Hass.io Add-ons: Home Panel
 # Take down the S6 supervision tree when Home Panel fails
 # ==============================================================================
 if -n { s6-test $# -ne 0 }

home-panel/rootfs/etc/services.d/api/run

@@ -1,6 +1,6 @@
 #!/usr/bin/with-contenv bash
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
+# Community Hass.io Add-ons: Home Panel
 # Starts server to serve the api
 # ==============================================================================
 # shellcheck disable=SC1091

home-panel/rootfs/etc/services.d/nginx/finish

@@ -1,7 +1,7 @@
 #!/usr/bin/execlineb -S0
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
-# Take down the S6 supervision tree when Home Panel fails
+# Community Hass.io Add-ons: Home Panel
+# Take down the S6 supervision tree when NGINX fails
 # ==============================================================================
 if -n { s6-test $# -ne 0 }
 if -n { s6-test ${1} -eq 256 }

home-panel/rootfs/etc/services.d/nginx/run

@@ -1,11 +1,16 @@
-#!/usr/bin/with-contenv bash
+#!/bin/bash
 # ==============================================================================
-# Timmo Hass.io Add-ons: Home Panel
-# Starts server to serve the webapp
+# Community Hass.io Add-ons: Home Panel
+# Runs the NGINX daemon
 # ==============================================================================
 # shellcheck disable=SC1091
 source /usr/lib/hassio-addons/base.sh
 
-hass.log.info "Run nginx server.."
+hass.log.info "Starting NGINX for Riot web..."
+if hass.config.true 'ssl'; then
+    options='/etc/nginx/nginx-ssl.conf'
+else
+    options='/etc/nginx/nginx.conf'
+fi
 
-nginx -g "daemon off;"
+exec nginx -c "$options"