Fix deCONZ/Phoscon Ingress access when using FQDN (home-assistant#2325)

* fix-deconz-phoscon-access Change the way the Phoscon JS is altered by Nginx to make ingress access work with domain name. * Update config.yaml Version bump to 6.11.2 * Update CHANGELOG.md * Fix changelog spelling mistake
arcotek-ltd · Apr 28, 2022 · 3d7bc63 · 3d7bc63
1 parent 2b2eb8f
commit 3d7bc63
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/deconz/CHANGELOG.md b/deconz/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 6.12.1
+
+- Fix Phoscon App gateway discovery with FQDN over Ingress
+- Improve Phoscon App subnet probing block when using Ingress
+
 ## 6.12.0
 
 - Bump deCONZ to 2.14.1

diff --git a/deconz/config.yaml b/deconz/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 6.12.0
+version: 6.12.1
 slug: deconz
 name: deCONZ
 description: >-

diff --git a/deconz/rootfs/etc/nginx/nginx.conf b/deconz/rootfs/etc/nginx/nginx.conf
@@ -73,19 +73,17 @@ http {
             sub_filter_once off;
             sub_filter_types *;
 
+            # Tell Phoscon app where the gateway is and stop scan of other hosts.
+            sub_filter ',-1!==document.location.hash.indexOf("nocache")' ',app.probeWorker.postMessage({add:[document.location.host+\'%%ingress_entry%%\']}),app.probeWorker.postMessage({scan:!0}),true';
+
             # Disable Discovery from Dresden
-            sub_filter 'phoscon.de/discover' 'phoscon.de/discover_disable';
-            sub_filter 'dresden-light.appspot.com/discover' 'dresden-light.appspot.com/discover_disable';
             sub_filter 'queryDresdenDiscovery(url){' 'queryDresdenDiscovery(url){ return Promise.resolve([]);';
 
-            # Do not probe our subnets from Ingress
-            sub_filter 'probeSubnet(ip) {' 'probeSubnet(ip) { throw new Error(\'avail\');';
-
-            # Prevent unauthenticated requests to go to Home Assistant, triggering IP bans
-            sub_filter '/api/config?_=\' + Date.now()' '%%ingress_entry%%/api/config?_=\' + Date.now()';
+            # Block attempt to probe subnets
+            sub_filter '} else if (state === STATE_CHECKSUBNETS) {\n        if' '} else if (state === STATE_CHECKSUBNETS) { if (true) {needCheckSubnets = false;state = STATE_IDLE;queueStateAction(E_TIMEOUT, 1000);} else if';
 
-            # Stop guessing URL's
-            sub_filter 'if (err === \'avail\')' 'if (err === \'avail\' && false)';
+            # Block attempt at loading gateway api by adding port
+            sub_filter 'if (ip.indexOf(\':\') === -1) // no port was specified' 'if (false)';
 
             # Correctly handle redirect to login
             sub_filter 'window.location.href = \'/pwa/login.html\';' 'window.location.href = \'%%ingress_entry%%/pwa/login.html\';';
@@ -97,4 +95,4 @@ http {
             sub_filter '<link rel="manifest" href="/pwa/manifest.json">' '';
         }
     }
-}
+}