🔨 Configure Adguard port/protocol dynamically on startup (#67)

hassio-addons · May 29, 2020 · edd538a · hastarin · May 31, 2020 · frenck
1 parent 56e8e28
commit edd538a
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 4 deletions.
diff --git a/adguard/DOCS.md b/adguard/DOCS.md
@@ -85,6 +85,14 @@ authentication on the AdGuard Home by setting it to `true`.
 **Note**: _We STRONGLY suggest, not to use this, even if this add-on is
 only exposed to your internal network. USE AT YOUR OWN RISK!_
 
+## Encryption Settings (Advanced Usage)
+
+Adguard allows the configuration of running DNS-over-HTTPS and DNS-over-
+TLS locally. If you configure these options please ensure to restart the
+addon afterwards.  Also to use DNS-over-HTTPS correctly please ensure to
+configure SSL on the addon as well as in Adguard itself.  Also consider
+that the addon and Adguard cannot use the same port for SSL.
+
 ## Changelog & Releases
 
 This repository keeps a change log using [GitHub's releases][releases]

diff --git a/adguard/rootfs/etc/cont-init.d/nginx.sh b/adguard/rootfs/etc/cont-init.d/nginx.sh
@@ -3,13 +3,23 @@
 # Home Assistant Community Add-on: AdGuard Home
 # Configures NGINX for use with the AdGuard Home server
 # ==============================================================================
+declare adguard_port=45158
+declare adguard_protocol=http
 declare admin_port
 declare certfile
 declare dns_host
 declare ingress_interface
 declare ingress_port
 declare keyfile
 
+if bashio::var.true "$(yq read /data/adguard/AdGuardHome.yaml tls.enabled)"; then
+    adguard_port=$(yq read /data/adguard/AdGuardHome.yaml tls.port_https)
+    adguard_protocol=https
+fi
+
+sed -i "s#%%port%%#${adguard_port}#g" /etc/nginx/includes/upstream.conf
+sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/ingress.conf
+
 admin_port=$(bashio::addon.port 80)
 if bashio::var.has_value "${admin_port}"; then
     bashio::config.require.ssl
@@ -27,6 +37,7 @@ if bashio::var.has_value "${admin_port}"; then
     fi
 
     sed -i "s/%%port%%/${admin_port}/g" /etc/nginx/servers/direct.conf
+    sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/direct.conf
 fi
 
 ingress_port=$(bashio::addon.ingress_port)

diff --git a/adguard/rootfs/etc/nginx/includes/upstream.conf b/adguard/rootfs/etc/nginx/includes/upstream.conf
@@ -1,3 +1,3 @@
 upstream backend {
-    server 127.0.0.1:45158;
+    server 127.0.0.1:%%port%%;
 }
diff --git a/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled b/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled
@@ -10,6 +10,11 @@ server {
 
     location / {
         access_by_lua_file /etc/nginx/lua/ha-auth.lua;
-        proxy_pass http://backend;
+        proxy_pass %%protocol%%://backend;
     }
+
+    location /dns-query {
+        proxy_pass %%protocol%%://backend;
+    }
+
 }
diff --git a/adguard/rootfs/etc/nginx/servers/direct.disabled b/adguard/rootfs/etc/nginx/servers/direct.disabled
@@ -6,6 +6,6 @@ server {
 
     location / {
         access_by_lua_file /etc/nginx/lua/ha-auth.lua;
-        proxy_pass http://backend;
+        proxy_pass %%protocol%%://backend;
     }
 }
diff --git a/adguard/rootfs/etc/nginx/servers/ingress.conf b/adguard/rootfs/etc/nginx/servers/ingress.conf
@@ -8,6 +8,6 @@ server {
         allow   172.30.32.2;
         deny    all;
 
-        proxy_pass http://backend;
+        proxy_pass %%protocol%%://backend;
     }
 }