✨ Adds Hassio Ingress support

README.md

@@ -59,18 +59,9 @@ Example add-on configuration:
 ```json
 {
   "log_level": "info",
-  "username": "admin",
-  "password": "",
   "ssl": false,
   "certfile": "fullchain.pem",
   "keyfile": "privkey.pem",
-  "filters": [
-    { "keyword": "ERROR", "style": "color: red; font-weight: bold;" },
-    { "keyword": "WARN", "style": "color: yellow;" },
-    { "keyword": "INFO", "style": "color: limegreen;" },
-    { "keyword": "DEBUG", "style": "color: cyan;" },
-    { "keyword": "TRACE", "style": "color: blue;" }
-  ]
 }
 ```
 
@@ -94,23 +85,14 @@ more severe level, e.g., `debug` also shows `info` messages. By default,
 the `log_level` is set to `info`, which is the recommended setting unless
 you are troubleshooting.
 
-### Option: `username`
-
-Username for authenticating with Log Viewer web interface.
-
-**Note**: _This option support secrets, e.g., `!secret viewer_username`._
-
-### Option: `password`
-
-Password for authenticating with Log Viewer web interface.
-
-**Note**: _This option support secrets, e.g., `!secret viewer_password`._
-
 ### Option: `ssl`
 
 Enables/Disables SSL on the Log Viewer. Set it `true` to enable it,
 `false` otherwise.
 
+**Note**: _The SSL settings only apply to direct access and has no effect
+on the Hass.io Ingress service._
+
 ### Option: `certfile`
 
 The certificate file to use for SSL.
@@ -123,25 +105,6 @@ The private key file to use for SSL.
 
 **Note**: _The file MUST be stored in `/ssl/`, which is default for Hass.io._
 
-### Option: `filters`
-
-A list of filters to be used when displaying the log. Each filter must be in
-the format of `{ "keyword": "KEYWORD", "style": "CSS_STYLING" }`
-
-If **`KEYWORD`** is found in a line, that entire log line is styled using
-**`CSS_STYLING`**.
-
-**Note**: _Filters are processed in the order in which they are listed. Each
-line is limited to just one filter._
-
-### Option: `i_like_to_be_pwned`
-
-Adding this option to the add-on configuration allows to you bypass the
-HaveIBeenPwned password requirement by setting it to `true`.
-
-**Note**: _We STRONGLY suggest picking a stronger/safer password instead of
-using this option! USE AT YOUR OWN RISK!_
-
 ### Option: `leave_front_door_open`
 
 Adding this option to the add-on configuration allows you to disable
@@ -151,23 +114,6 @@ username and password empty.
 **Note**: _We STRONGLY suggest, not to use this, even if this add-on is
 only exposed to your internal network. USE AT YOUR OWN RISK!_
 
-## Embedding into Home Assistant
-
-It is possible to embed the log viewer interface directly into
-Home Assistant, allowing you to access it through the Home Assistant frontend.
-
-Home Assistant provides the `panel_iframe` component, for these purposes.
-
-Example configuration:
-
-```yaml
-panel_iframe:
-  logviewer:
-    title: Log Viewer
-    icon: mdi:bug-check
-    url: http://addres.to.your.hass.io:4277
-```
-
 ## Changelog & Releases
 
 This repository keeps a change log using [GitHub's releases][releases]

log-viewer/Dockerfile

@@ -8,6 +8,9 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Install requirements for add-on
 RUN \
     apk add --no-cache \
+        lua-resty-http=0.12-r1 \
+        nginx-mod-http-lua=1.14.2-r0 \
+        nginx=1.14.2-r0 \
         nodejs=10.14.2-r0 \
         npm=10.14.2-r0 \
     \
@@ -16,11 +19,12 @@ RUN \
     \
     && npm set unsafe-perm true \
     \
-    && VERSION="1ca06235bac64e8afb98fe833ca23d7266fd98e1" \
+    && VERSION="c5b60e75dab012bb5fb01096898c643fafe09bb5" \
     && npm -g i \
-        "git+https://github.com/dale3h/ws-log.git#${VERSION}" \
+        "git+https://github.com/frenck/ws-log.git#${VERSION}" \
     \
-    && apk del --no-cache --purge .build-dependencies
+    && apk del --no-cache --purge .build-dependencies \
+    && rm -f -r /etc/nginx
 
 # Copy root file system
 COPY rootfs /

log-viewer/config.json

@@ -4,53 +4,44 @@
   "slug": "logviewer",
   "description": "Browser-based log utility for Hass.io",
   "url": "https://github.com/hassio-addons/addon-log-viewer",
+  "webui": "[PROTO:ssl]://[HOST]:[PORT:80]",
   "startup": "application",
+  "ingress": true,
+  "ingress_port": 1337,
+  "homeassistant": "0.91.2",
   "arch": [
     "aarch64",
     "amd64",
     "armhf",
     "armv7",
     "i386"
   ],
-  "webui": "[PROTO:ssl]://[HOST]:[PORT:4277]",
   "homeassistant_api": true,
   "hassio_api": true,
   "hassio_role": "default",
+  "auth_api": true,
   "boot": "auto",
-  "host_network": false,
   "ports": {
-    "4277/tcp": 4277
+    "80/tcp": null
+  },
+  "ports_description": {
+    "80/tcp": "Web interface (Not required for Hass.io Ingress)"
   },
   "map": [
     "config",
     "share",
     "ssl"
   ],
   "options": {
-    "username": "",
-    "password": "",
     "ssl": true,
     "certfile": "fullchain.pem",
-    "keyfile": "privkey.pem",
-    "filters": [
-      { "keyword": "ERROR", "style": "color: red; font-weight: bold;" },
-      { "keyword": "WARN", "style": "color: yellow;" },
-      { "keyword": "INFO", "style": "color: limegreen;" },
-      { "keyword": "DEBUG", "style": "color: cyan;" },
-      { "keyword": "TRACE", "style": "color: blue;" }
-    ]
+    "keyfile": "privkey.pem"
   },
   "schema": {
     "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?",
-    "username": "str",
-    "password": "str",
     "ssl": "bool",
     "certfile": "str",
     "keyfile": "str",
-    "filters": [
-      { "keyword": "str", "style": "str" }
-    ],
-    "i_like_to_be_pwned": "bool?",
     "leave_front_door_open": "bool?"
   }
 }

log-viewer/rootfs/etc/cont-init.d/nginx.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: Log Viewer
+# Configures NGINX
+# ==============================================================================
+declare port
+declare certfile
+declare ingress_interface
+declare ingress_port
+declare keyfile
+
+port=$(bashio::addon.port 80)
+if bashio::var.has_value "${port}"; then
+    bashio::config.require.ssl
+
+    if bashio::config.true 'ssl'; then
+        certfile=$(bashio::config 'certfile')
+        keyfile=$(bashio::config 'keyfile')
+
+        mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
+        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
+        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
+
+    else
+        mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
+    fi
+fi
+
+ingress_port=$(bashio::addon.ingress_port)
+ingress_interface=$(bashio::addon.ip_address)
+sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
+sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf

log-viewer/rootfs/etc/nginx/includes/mime.types

@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}

log-viewer/rootfs/etc/nginx/includes/proxy_params.conf

@@ -0,0 +1,15 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;

log-viewer/rootfs/etc/nginx/includes/resolver.conf

@@ -0,0 +1 @@
+resolver 172.30.32.2;

log-viewer/rootfs/etc/nginx/includes/server_params.conf

@@ -0,0 +1,6 @@
+root            /dev/null;
+server_name     $hostname;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;

log-viewer/rootfs/etc/nginx/includes/ssl_params.conf

@@ -0,0 +1,9 @@
+ssl_protocols TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
+ssl_ecdh_curve secp384r1;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;

log-viewer/rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream backend {
+    server 127.0.0.1:4277;
+}