Ankündigung

Einklappen
Keine Ankündigung bisher.

Amazon AWS meldet ERROR Client network socket disconnected

Einklappen
X
 
  • Filter
  • Zeit
  • Anzeigen
Alles löschen
neue Beiträge

    Amazon AWS meldet ERROR Client network socket disconnected

    Hallo zusammen,

    ich habe mir vor kurzem ein neues Raspberry zugelegt und versuche es zum laufen zu bringen.
    Soweit klappt alles.
    SmarthomeNG läuft
    Visu läuft
    KNX Steuerung läuft
    SQL läuft
    ...
    Aber beim einbinden der Alexa bekomme ich im AWS den Fehler:
    "errorMessage": "Client network socket disconnected before secure TLS connection was established",
    Ich bin seit Tagen dran. Jetzt bin ich Ratlos.

    Hat von euch einer eine Idee, oder einen Tip wie ich den Fehler eingrenzen kann.

    Ich danke euch im Voraus

    #2
    Nginx richtig eingerichtet? Zertifkat richtig erstellt? Pluginport von aussen zugreifbar?

    Kommentar


      #3
      Da suche ich die ganze Zeit nach dem Fehler. Kann ich das irgendwie einzeln testen?

      Kommentar


        #4
        Zitat von mitschel Beitrag anzeigen
        Da suche ich die ganze Zeit nach dem Fehler. Kann ich das irgendwie einzeln testen?
        Über SSLLabs das Zertifikat prüfen.
        Wenn das passt sollte ein A+ ergeben dann den nächsten Step nginx reverse proxy prüfen. Dafür bräuchten wir mal die Config.
        Meine Installation: VM Debian Stretch SH NG 1.6, SmartVISU 2.9, KNX, DMX, 1-wire, Cisco ASA 5512X IPS, VMware vSphere 6.7

        Kommentar


          #5
          Hallo Freunde,

          sorry, dass ich so lange für die Antwort gebraucht habe.
          Ich habe jetzt mal mein Raspberry komplett frisch aufgesetzt und auch bei Amazon alles neu angelegt.
          Jetzt bin ich schon ein paar Schritte weiter.
          SSLLabs meldet A+
          Ich konnte den Skill mit meinem Alexa Account verknüpfen. Allerdings werden keine Geräte erkannt.
          Ich habe dann mal in den CloudWatch Management Console nachgeschaut. Da kommt folgender Fehler.


          2020-03-05T20:43:28.625Z 10bef2e5-cb45-45e9-9fb7-7c3acc5054f7 ERROR Uncaught Exception
          { "errorType": "SyntaxError",
          "errorMessage": "Unexpected token < in JSON at position 0",
          "stack": [
          "SyntaxError: Unexpected token < in JSON at position 0",
          " at JSON.parse (<anonymous>)",
          " at IncomingMessage.<anonymous> (/var/task/index.js:36:30)",
          " at IncomingMessage.emit (events.js:228:7)",
          " at endReadableNT (_stream_readable.js:1185:12)",
          " at processTicksAndRejections (internal/process/task_queues.js:81:21)"
          ]
          }

          Stimmt da eventuell was in meiner index.js bei Lambda nicht? Oder muss ich den Fehler woanders suchen?

          Kommentar


            #6
            Hallo mitschel ,


            es sieht ganz nach einem Fehler in der Lambda-Funtion aus.
            Hast Du die Lambda-Funktion für Node 10.x konfiguriert, für mich sieht die Meldung auf den ersten Blick nach einer Python-Meldung aus ?
            Hast Du Enviroment-Variablen entsprechend Deiner Config gesetzt ?
            Die Lambda muss (das ist unverändert seit Beginn) so aussehen :
            Code:
            /*
            You need to specify the following environmental variables in the lambda function:
            - SMARTHOME_HOST
            foobar.dyndns.tld
            - SMARTHOME_PORT
            443 - endpoint must be https enabled!
            - SMARTHOME_PATH
            '/'
            - SMARTHOME_AUTH
            'user:password'
            */
            exports.handler = function(event, context, callback) {
            var mycontext = JSON.stringify(context)
            //var myDevice = context.System.device.deviceID
            
            console.log('requesting Device-ID :',mycontext)
            //event.DeviceID = myDevice
            var data = JSON.stringify(event)
            
            
            var options = {
            hostname: process.env.SMARTHOME_HOST,
            port: process.env.SMARTHOME_PORT,
            path: process.env.SMARTHOME_PATH,
            method: 'POST',
            auth: process.env.SMARTHOME_AUTH,
            headers: {
            'Content-Type': 'application/json',
            'Content-Length': Buffer.byteLength(data)
            }
            };
            
            var https = require('https');
            var req = https.request(options, (res) => {
            console.log(`HTTP ${res.statusCode}`);
            res.setEncoding('utf8');
            
            var responseData = '';
            res.on('data', (dataChunk) => {
            responseData += dataChunk
            });
            res.on('end', () => {
            console.log('raw response:', responseData)
            
            var response = JSON.parse(responseData);
            if (res.statusCode == 200) {
            console.info('OK', JSON.stringify(response))
            callback(null, response);
            } else {
            console.error('Failed', JSON.stringify(response))
            callback('DependentServiceUnavailableError');
            }
            });
            });
            req.on('error', (e) => {
            console.error('request failed', e);
            callback(e);
            });
            
            console.log('requesting', data)
            req.write(data);
            req.end();
            }
            Gruss Andre

            Kommentar


              #7
              Hallo André,

              ich habe jetzt mal auf Node 10.x umgestellt und auch einmal deinen Lambda Code getestet, aber leider kommt immernoch der selbe Fehler.

              Kommentar


                #8
                Zitat von mitschel Beitrag anzeigen

                ich habe jetzt mal auf Node 10.x umgestellt und auch einmal deinen Lambda Code getestet
                Hast Du auch die Variablen richtig gesetzt?
                Code:
                - SMARTHOME_HOST foobar.dyndns.tld
                - SMARTHOME_PORT 443 - endpoint must be https enabled!
                - SMARTHOME_PATH '/'
                - SMARTHOME_AUTH 'user:password'


                Gruß
                Michael
                Zuletzt geändert von yachti; 06.03.2020, 09:13. Grund: Code Tag eingefügt
                Meine Installation: VM Debian Stretch SH NG 1.6, SmartVISU 2.9, KNX, DMX, 1-wire, Cisco ASA 5512X IPS, VMware vSphere 6.7

                Kommentar


                  #9
                  Hallo yachti,

                  Ja, die habe ich auch gesetzt. Ich bin mir nur nicht sicher, ob ich bei SMARTHOME_PATH nur ein / oder ein /alexa/ setzen muss.

                  Kommentar


                    #10
                    Hallo mitschel,
                    bei mir ist nur / konfiguriert.
                    Du hast die Variablen auch unter Umgebungsvariablen im Dialog konfiguriert?
                    Die werden nicht im Funktionscode definiert!
                    Meine Installation: VM Debian Stretch SH NG 1.6, SmartVISU 2.9, KNX, DMX, 1-wire, Cisco ASA 5512X IPS, VMware vSphere 6.7

                    Kommentar


                      #11
                      Hab gerade mal geschaut bei mir läuft Node.js 12.x
                      Meine Installation: VM Debian Stretch SH NG 1.6, SmartVISU 2.9, KNX, DMX, 1-wire, Cisco ASA 5512X IPS, VMware vSphere 6.7

                      Kommentar


                        #12
                        Hallo mitschel,

                        Zitat von mitschel Beitrag anzeigen
                        Ja, die habe ich auch gesetzt. Ich bin mir nur nicht sicher, ob ich bei SMARTHOME_PATH nur ein / oder ein /alexa/ setzen muss.
                        Das hängt davon ab wie Du Deinen NGINX konfiguriert hast. Wenn der NGINX die Weiterleitung auf "/alexa" hat dann ist das der Pfad, wenn der NGINX alles auf Deine smarthomeNG-Maschine weiterleitet dann wäre "/" richtig.

                        Port muss korrekt sein sonst wäre Dein SSLLAB-Test nicht durchgegangen.

                        Dann bleibt noch die Frage ob Du die Zugangsdaten korrekt mittels htpasswd erstellt hast (siehe auch hier)
                        Verwendest Du das Image von OnkelAndy bzw. läuft Dein NGINX auf Deiner smarthomeNG-Maschine ?

                        Gruss Andre

                        Kommentar


                          #13
                          Hallo mitschel,

                          Ob die Zugangsdaten richtig gesetzt sind kannst Du selber überprüfen indem Du von extern auf die URL zugreifst.
                          https://foobar.dyndns.tld
                          Dann sollte eine Benutzer und Passwortabfrage kommen.

                          Gruß
                          Michael
                          Meine Installation: VM Debian Stretch SH NG 1.6, SmartVISU 2.9, KNX, DMX, 1-wire, Cisco ASA 5512X IPS, VMware vSphere 6.7

                          Kommentar


                            #14
                            Zitat von yachti Beitrag anzeigen
                            Hallo mitschel,

                            Ob die Zugangsdaten richtig gesetzt sind kannst Du selber überprüfen indem Du von extern auf die URL zugreifst.
                            https://foobar.dyndns.tld
                            Dann sollte eine Benutzer und Passwortabfrage kommen.

                            Gruß
                            Michael
                            Hallo Yachti.
                            also von außen komme ich drauf. Da bekomme ich die "Welcome to nginx" Seite, aber keine Passwortabfrage

                            Kommentar


                              #15
                              Hier mal die https.conf von nginx conf.d

                              server {
                              set $nw_port 8888;
                              set $backend_port 8383;
                              set $red_port 1880;
                              server_tokens off;

                              ## Blocken, wenn Zugriff aus einem nicht erlaubten Land erfolgt ##
                              if ($allowed_country = no) {
                              return 403;
                              }

                              # https://www.cyberciti.biz/tips/linux...-security.html
                              ## Block download agents ##
                              if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
                              return 403;
                              }

                              ## Block some robots ##
                              if ($http_user_agent ~* msnbot|scrapbot) {
                              return 403;
                              }

                              ## Deny certain Referers ##
                              if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|pok er|porn|sex|teen) )
                              {
                              return 403;
                              }

                              listen 443 ssl http2;
                              listen [::]:443 ssl http2;
                              server_name ***.spdns.de;
                              ##
                              # SSL
                              ##

                              ## Activate SSL, setze SERVER Zertifikat Informationen ##
                              # Generiert via Let's Encrypt!
                              ssl_certificate /etc/letsencrypt/live/***.spdns.de/fullchain.pem;
                              ssl_certificate_key /etc/letsencrypt/live/***.spdns.de/privkey.pem;
                              ssl_trusted_certificate /etc/letsencrypt/live/***.spdns.de/fullchain.pem;
                              ssl_session_cache builtin:1000 shared:SSL:60m;
                              ssl_prefer_server_ciphers on;
                              # unsichere SSL Ciphers deaktivieren!
                              ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512HE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
                              ssl_ecdh_curve secp384r1;
                              ssl_protocols TLSv1.2;
                              ssl_session_timeout 60m;
                              ssl_session_tickets on;
                              ssl_session_ticket_key /etc/nginx/nginx_ticketkey;
                              #ssl_buffer_size 16k; #for throughput, video applications
                              ssl_buffer_size 4k; #for quick first byte delivery

                              # Client Zertifikat spezifisch
                              ssl_client_certificate /etc/ssl/ca/certs/ca.crt;
                              ssl_crl /etc/ssl/ca/private/ca.crl;
                              ssl_verify_client optional;
                              ssl_dhparam /etc/ssl/ca/dh.pem;

                              # OCSP Stapling ---
                              # fetch OCSP records from URL in ssl_certificate and cache them
                              ssl_stapling on;
                              ssl_stapling_verify on;
                              resolver 8.8.8.8 8.8.4.4 valid=300s;
                              resolver_timeout 5s;

                              client_body_buffer_size 8K;
                              client_max_body_size 20m;
                              client_body_timeout 10s;
                              client_header_buffer_size 1k;
                              large_client_header_buffers 2 16k;
                              client_header_timeout 5s;

                              ##
                              # global
                              ##

                              root /var/www/html;

                              # Add index.php to the list if you are using PHP
                              index index.html index.htm index.php;

                              # Proxy Caching
                              # Skip^1 caching variable init
                              set $nocache 0;
                              # Bypass^2 caching variable init
                              set $purgecache 0;

                              # Bypass^2 cache on no-cache (et al.) browser request
                              if ($http_cache_control ~ "max-age=0")
                              { set $purgecache 1; }
                              if ($http_cache_control ~ "no-cache")
                              { set $purgecache 1; }
                              # Bypass^2 cache with custom header set on request
                              if ($http_x_cache_purge ~* "true")
                              { set $purgecache 1; }

                              location ~* favicon|apple-touch-icon|android-chrome-|mstile-|safari-pinned-tab.svg|browserconfig.xml|manifest.json|apple-icon|ms-icon|android-icon|mstile {
                              try_files $uri @favicons;
                              }

                              location @favicons {
                              rewrite ^/(.+)$ /favicons/$1 last;
                              }

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|xml)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              # Weiterleitung zu SmartHomeNG (Websocket Schnittstelle) mit Basic Auth
                              location = / {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: smartVISU2.9";
                              # auth_basic_user_file /etc/nginx/.smartvisu;
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              # Nur Websocket Verbindungen gegen "/" durchlassen!
                              if ($http_upgrade = websocket) {
                              proxy_pass http://websocket;
                              }

                              }

                              # Zugriff auf die smartVISU mit Basic Auth
                              location /smartVISU {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: smartVISU2.9";
                              # auth_basic_user_file /etc/nginx/.smartvisu;
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              #This is alternative to the lua script but doesn't work with Apple devices.
                              #if ($ssl_client_verify != SUCCESS) {
                              # return 403;
                              #}
                              proxy_pass http://sv/smartVISU;
                              }

                              # Zugriff auf die smartVISU 2.9 mit Basic Auth
                              location /smartVISU2.9 {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: smartVISU2.9";
                              # auth_basic_user_file /etc/nginx/.smartvisu;
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://sv/smartVISU2.9;
                              }

                              # Zugriff auf nodered
                              location /red/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: smartVISU2.9";
                              # auth_basic_user_file /etc/nginx/.smartvisu;
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://$server_addr:$red_port;
                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$red_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }
                              }

                              # Alexa Plugin Weiterleitung
                              location /alexa/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: Alexa";
                              # auth_basic_user_file /etc/nginx/.alexa;
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://alexa;
                              }

                              # Backend Plugin Weiterleitung
                              location /gstatic/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              #auth_basic "Restricted Area: Smarthome NG Backend";
                              #auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$backend_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              proxy_pass http://$server_addr:$backend_port;
                              }

                              location /visu_websocket/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              #auth_basic "Restricted Area: Smarthome NG Backend";
                              #auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'

                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$backend_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              proxy_pass http://$server_addr:$backend_port;
                              }

                              location /api/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              #auth_basic "Restricted Area: Smarthome NG Backend";
                              #auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'

                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$backend_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              proxy_pass http://$server_addr:$backend_port;
                              }

                              location /admin/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              #auth_basic "Restricted Area: Smarthome NG Backend";
                              #auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'

                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$backend_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              proxy_pass http://$server_addr:$backend_port;
                              }

                              location /backend/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              #auth_basic "Restricted Area: Smarthome NG Backend";
                              #auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'

                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://$server_addr:$backend_port;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }

                              proxy_pass http://$server_addr:$backend_port;
                              }

                              # Network Plugin Weiterleitung
                              location /shnet/ {
                              include /etc/nginx/headers.conf;
                              satisfy any;
                              # auth_basic "Restricted Area: Smarthome NG Network";
                              # auth_basic_user_file /etc/nginx/.shng;
                              proxy_set_header Authorization "Basic c21hcnRob21lCg==";
                              # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
                              allow 127.0.0.1;
                              allow 192.168.0.0/16;
                              allow 10.0.0.0/16;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              rewrite ^/shnet/(.*) /$1 break;
                              proxy_pass http://$server_addr:$nw_port;

                              }

                              # Weiterleitung zu Grafana
                              location /grafana/ {
                              satisfy any;
                              allow 127.0.0.1;
                              allow 10.0.0.0/8;
                              allow 192.168.0.0/16;
                              # auth_basic "Restricted Area: Monit";
                              # auth_basic_user_file /etc/nginx/.monit;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://grafanahost/;
                              include /etc/nginx/headers.conf;
                              location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                              rewrite ^/grafana/(.*) /$1 break;
                              include /etc/nginx/headers.conf;
                              expires 7d;
                              add_header Cache-Control "public, no-transform";
                              proxy_pass http://grafanahost;
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;
                              }
                              }

                              # Weiterleitung zu Monit
                              location /monit/ {
                              satisfy any;
                              allow 127.0.0.1;
                              allow 10.0.0.0/8;
                              allow 192.168.0.0/16;
                              # auth_basic "Restricted Area: Monit";
                              # auth_basic_user_file /etc/nginx/.monit;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              rewrite ^/monit/(.*) /$1 break;
                              proxy_pass http://monithost;
                              include /etc/nginx/headers.conf;

                              location ~* favicon.ico {
                              alias /var/www/html/favicon/monit/favicon.ico;
                              }
                              }

                              # Weiterleitung zu Monitgraph
                              location /monitgraph/ {
                              satisfy any;
                              allow 127.0.0.1;
                              allow 10.0.0.0/8;
                              allow 192.168.0.0/16;
                              # auth_basic "Restricted Area: Monitgraph";
                              # auth_basic_user_file /etc/nginx/.monit;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://mainhost/monitgraph/;
                              include /etc/nginx/headers.conf;
                              }

                              # Weiterleitung zu phpmydmin
                              location /phpmyadmin/ {
                              satisfy any;
                              allow 127.0.0.1;
                              allow 10.0.0.0/8;
                              allow 192.168.0.0/16;
                              # auth_basic "Restricted Area: PHP MyAdmin";
                              # auth_basic_user_file /etc/nginx/.monit;
                              allow ::1;
                              deny all;

                              # This script tests the SSL certificate and enables Websocket access with Apple devices.
                              # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
                              access_by_lua_file /etc/nginx/scripts/hass_access.lua;

                              proxy_pass http://mainhost/phpmyadmin/;
                              include /etc/nginx/headers.conf;
                              }
                              }

                              Kommentar

                              Lädt...
                              X