Ankündigung

Einklappen

ETS5 Sammelbestellung Vollversion

Infos unter: Link
Mehr anzeigen
Weniger anzeigen

Timeout Fehler bei Upstream über NGINX

Einklappen
X
 
  • Filter
  • Zeit
  • Anzeigen
Alles löschen
neue Beiträge

    Timeout Fehler bei Upstream über NGINX

    Hallo zusammen,

    nachdem ich das Komplett- Image 1.7.1 aufgespielt habe läuft nun wieder alles bis auf die Anzeige der Wetterdaten von Yr.no.
    Hierzu kommt der folgender Fehler im Nginx Error.log. Meinem Verständnis nach, werden die Anfragen der Wetterdaten vom Raspi zum Internet blockiert.
    Konfiguration:
    Smarthome und NGINX laufen auf einen Raspi3.
    Smartvisu, Webservice und Alexa laufen ansonsten normal.
    Die Pakete des WakeonLAN Plugins kommen aktuell auch nicht an aber ich weiß nicht ob das damit zusammenhängt.

    Viele Grüße
    Christian

    Code:
    2020/10/29 07:02:53 [error] 23113#23113: *29 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: xxxxx.yyy.com, request: "GET /smartvisu/lib/weather/service/yr.no.php?location=Germany%2FBaden-W%C3%BCrtemberg%2FOffenburg%2F&cache_duration_minu tes=15 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock", host: "xxxxx.yyy.com", referrer: "https://xxxxx.yyy.com/smartvisu/index.php"
    2020/10/29 07:02:53 [error] 23113#23113: *31 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: xxxxx.yyy.com, request: "GET /smartvisu/lib/weather/service/yr.no.php?location=Germany%2FBaden-W%C3%BCrtemberg%2FOffenburg%2F&cache_duration_minu tes=180 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock", host: "xxxxx.yyy.com", referrer: "https://xxxxx.yyy.com/smartvisu/index.php"
    2020/10/29 07:08:18 [error] 23112#23112: *69 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.178.79, server: xxxxx.yyy.com, request: "GET /smartvisu/lib/weather/service/yr.no.php?location=Germany%2FBayern%2FW%C3%BCrzbur g&cache_duration_minutes=15 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock", host: "192.168.178.50", referrer: "http://192.168.178.50/smartvisu/index.php"
    2020/10/29 07:08:18 [error] 23112#23112: *68 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.178.79, server: xxxxx.yyy.com, request: "GET /smartvisu/lib/weather/service/yr.no.php?location=Germany%2FBayern%2FW%C3%BCrzbur g&cache_duration_minutes=180 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock", host: "192.168.178.50", referrer: "http://192.168.178.50/smartvisu/index.php"


    Hier meine NGINX Konfigs ...
    Default

    Code:
    ##
    # You should look at the following URL's in order to grasp a solid understanding
    # of Nginx configuration files in order to fully unleash the power of Nginx.
    # https://www.nginx.com/resources/wiki/start/
    # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
    # https://wiki.debian.org/Nginx/DirectoryStructure
    #
    # In most cases, administrators will remove this file from sites-enabled/ and
    # leave it as reference inside of sites-available where it will continue to be
    # updated by the nginx packaging team.
    #
    # This file will automatically load configuration files provided by other
    # applications, such as Drupal or Wordpress. These applications will be made
    # available underneath a path with that package name, such as /drupal8.
    #
    # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
    ##
    
    # Default server configuration
    #
    
    upstream websocket {
    server 127.0.0.1:2424;
    }
    
    upstream mainhost {
    server 127.0.0.1;
    keepalive 20;
    }
    
    upstream sv {
    server 127.0.0.1;
    keepalive 20;
    }
    
    upstream alexa {
    server 127.0.0.1:9000;
    }
    
    upstream shng {
    server 127.0.0.1:8383;
    }
    
    upstream nodered {
    server 127.0.0.1:1880;
    }
    
    upstream shnet {
    server 127.0.0.1:8888;
    }
    
    upstream monithost {
    server 127.0.0.1:2812;
    }
    
    upstream grafanahost {
    server 127.0.0.1:3000;
    }
    server {
    
    listen 80 default_server;
    listen [::]:80 default_server;
    include /etc/nginx/snippets/letsencrypt.conf;
    root /var/www/html;
    
    # Auf HTTPS umleiten
    if ($http_x_forwarded_proto = "http") {
    return 301 https://$server_name$request_uri;
    }
    
    ## Blocken, wenn Zugriff aus einem nicht erlaubten Land erfolgt ##
    if ($allowed_country = no) {
    return 403;
    }
    
    # https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
    ## Block download agents ##
    if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
    return 403;
    }
    
    ## Block some robots ##
    if ($http_user_agent ~* msnbot|scrapbot) {
    return 403;
    }
    
    ## Deny certain Referers ##
    if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|pok er|porn|sex|teen) )
    {
    return 403;
    }
    
    access_log /var/log/nginx/access.log specialLog;
    error_log /var/log/nginx/error.log;
    
    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html index.php;
    
    server_name xxxxx.yyy.com;
    
    # Skip^1 caching variable init
    set $nocache 0;
    # Bypass^2 caching variable init
    set $purgecache 0;
    
    # Bypass^2 cache on no-cache (et al.) browser request
    #if ($http_cache_control ~ "max-age=0")
    # { set $purgecache 1; }
    #if ($http_cache_control ~ "no-cache")
    # { set $purgecache 1; }
    # Bypass^2 cache with custom header set on request
    #if ($http_x_cache_purge ~* "true")
    # { set $purgecache 1; }
    
    location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
    if ($http_upgrade = websocket) {
    proxy_pass http://websocket;
    }
    }
    
    # pass PHP scripts to FastCGI server
    
    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    #fastcgi_read_timeout 2400;
    }
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    }
    
    location ~* favicon|apple-touch-icon|android-chrome-|mstile-|safari-pinned-tab.svg|browserconfig.xml|manifest.json|apple-icon|ms-icon|android-icon|mstile {
    try_files $uri @favicons;
    }
    
    location @favicons {
    rewrite ^/(.+)$ /favicons/$1 last;
    }
    
    location /visu_websocket/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: Smarthome NG Backend";
    auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_ignore_client_abort on;
    proxy_pass http://$host:8383;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$host:8383;
    }
    
    }
    
    location /api/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: Smarthome NG Backend";
    auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_ignore_client_abort on;
    proxy_pass http://$host:8383;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$host:8383;
    }
    
    }
    
    location /admin/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_pass http://$host:8383;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$host:8383;
    }
    
    }
    
    location /backend/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_pass http://$host:8383;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$host:8383;
    }
    
    }
    
    location /gstatic/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    proxy_pass http://$host:8383;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$host:8383;
    }
    
    }
    
    # Network Plugin Weiterleitung
    location /shnet/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: Smarthome NG Network";
    auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_pass http://shnet;
    rewrite ^/shnet/(.*) /$1 break;
    }
    
    # Nodered Weiterleitung
    location /nodered/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Network";
    #auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    proxy_pass http://nodered;
    #rewrite ^/nodered/(.*) /$1 break;
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://nodered;
    }
    }
    
    # Weiterleitung zu Grafana
    location /grafana/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    # auth_basic "Restricted Area: Monit";
    # auth_basic_user_file /etc/nginx/.monit;
    allow ::1;
    deny all;
    
    proxy_pass http://grafanahost/;
    include /etc/nginx/headers.conf;
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    rewrite ^/grafana/(.*) /$1 break;
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://grafanahost;
    }
    }
    
    # Weiterleitung zu Monit
    location /monit/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    allow ::1;
    #auth_basic "Restricted Area: Monit";
    #auth_basic_user_file /etc/nginx/.monit;
    deny all;
    
    proxy_ignore_client_abort on;
    rewrite ^/monit/(.*) /$1 break;
    proxy_pass http://monithost;
    include /etc/nginx/headers.conf;
    
    location ~* favicon.ico {
    alias /var/www/html/favicon/monit/favicon.ico;
    }
    }
    
    location /phpmyadmin {
    root /usr/share/;
    index index.php index.html index.htm;
    
    location ~ ^/phpmyadmin/(.+\.php)$ {
    alias /usr/share/phpmyadmin/$1;
    
    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $request_filename;
    
    # From fastcgi_params
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_param REQUEST_METHOD $request_method;
    fastcgi_param CONTENT_TYPE $content_type;
    fastcgi_param CONTENT_LENGTH $content_length;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    fastcgi_param REQUEST_URI $request_uri;
    fastcgi_param DOCUMENT_URI $document_uri;
    fastcgi_param DOCUMENT_ROOT /usr/share/phpmyadmin; # <-- Changed
    fastcgi_param SERVER_PROTOCOL $server_protocol;
    fastcgi_param GATEWAY_INTERFACE CGI/1.1;
    fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
    fastcgi_param REMOTE_ADDR $remote_addr;
    fastcgi_param REMOTE_PORT $remote_port;
    fastcgi_param SERVER_ADDR $server_addr;
    fastcgi_param SERVER_PORT $server_port;
    fastcgi_param SERVER_NAME $server_name;
    fastcgi_param REDIRECT_STATUS 200;
    
    fastcgi_intercept_errors on;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
    fastcgi_connect_timeout 900;
    fastcgi_send_timeout 900;
    fastcgi_read_timeout 900;
    }
    
    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
    root /usr/share/;
    }
    }
    
    # Dealing with the uppercased letters
    location /phpMyAdmin {
    rewrite ^/* /phpmyadmin last;
    }
    
    
    
    }
    https.conf

    Code:
    server {
    set $nw_port 8888;
    set $backend_port 8383;
    set $red_port 1880;
    server_tokens off;
    
    ## Blocken, wenn Zugriff aus einem nicht erlaubten Land erfolgt ##
    if ($allowed_country = no) {
    return 403;
    }
    
    # https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
    ## Block download agents ##
    if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
    return 403;
    }
    
    ## Block some robots ##
    if ($http_user_agent ~* msnbot|scrapbot) {
    return 403;
    }
    
    ## Deny certain Referers ##
    if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|pok er|porn|sex|teen) )
    {
    return 403;
    }
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xxxxx.yyy.com;
    ##
    # SSL
    ##
    
    ## Activate SSL, setze SERVER Zertifikat Informationen ##
    # Generiert via Let's Encrypt!
    ssl_certificate /etc/letsencrypt/live/xxxxx.yyy.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxx.yyy.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/xxxxx.yyy.com/fullchain.pem;
    ssl_session_cache builtin:1000 shared:SSL:60m;
    ssl_prefer_server_ciphers on;
    # unsichere SSL Ciphers deaktivieren!
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:Dhttps://knx-user-forum.de/core/image...EAAAICRAEAOw==​HE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:Dhttps://knx-user-forum.de/core/image...EAAAICRAEAOw==​HE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_ecdh_curve secp384r1;
    ssl_protocols TLSv1.2;
    ssl_session_timeout 60m;
    ssl_session_tickets on;
    ssl_session_ticket_key /etc/nginx/nginx_ticketkey;
    #ssl_buffer_size 16k; #for throughput, video applications
    ssl_buffer_size 4k; #for quick first byte delivery
    
    # Client Zertifikat spezifisch
    ssl_client_certificate /etc/ssl/ca/certs/ca.crt;
    ssl_crl /etc/ssl/ca/private/ca.crl;
    ssl_verify_client optional;
    ssl_dhparam /etc/ssl/ca/dh.pem;
    
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    
    client_body_buffer_size 8K;
    client_max_body_size 20m;
    client_body_timeout 10s;
    client_header_buffer_size 1k;
    large_client_header_buffers 2 16k;
    client_header_timeout 15s;
    
    ##
    # global
    ##
    
    root /var/www/html;
    
    # Add index.php to the list if you are using PHP
    index index.html index.htm index.php;
    
    # Proxy Caching
    # Skip^1 caching variable init
    set $nocache 0;
    # Bypass^2 caching variable init
    set $purgecache 0;
    
    # Bypass^2 cache on no-cache (et al.) browser request
    if ($http_cache_control ~ "max-age=0")
    { set $purgecache 1; }
    if ($http_cache_control ~ "no-cache")
    { set $purgecache 1; }
    # Bypass^2 cache with custom header set on request
    if ($http_x_cache_purge ~* "true")
    { set $purgecache 1; }
    
    location ~* favicon|apple-touch-icon|android-chrome-|mstile-|safari-pinned-tab.svg|browserconfig.xml|manifest.json|apple-icon|ms-icon|android-icon|mstile {
    try_files $uri @favicons;
    }
    
    location @favicons {
    rewrite ^/(.+)$ /favicons/$1 last;
    }
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|xml)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    # Weiterleitung zu SmartHomeNG (Websocket Schnittstelle) mit Basic Auth
    location = / {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/.smartvisu;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    # Nur Websocket Verbindungen gegen "/" durchlassen!
    if ($http_upgrade = websocket) {
    proxy_pass http://websocket;
    }
    
    }
    
    # Zugriff auf die smartVISU mit Basic Auth
    location /smartvisu {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: smartVISU2.9";
    #auth_basic_user_file /etc/nginx/.smartvisu;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    #This is alternative to the lua script but doesn't work with Apple devices.
    #if ($ssl_client_verify != SUCCESS) {
    # return 403;
    #}
    proxy_pass http://sv/smartvisu;
    }
    
    # Zugriff auf die smartVISU 2.8 mit Basic Auth
    location /smartvisu2.8 {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: smartVISU2.8";
    #auth_basic_user_file /etc/nginx/.smartvisu;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://sv/smartvisu2.8;
    }
    
    # Zugriff auf WebService
    location /ws/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: SmarthomeNG";
    auth_basic_user_file /etc/nginx/.shng;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://$server_addr:8383;
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$red_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    }
    
    # Alexa Plugin Weiterleitung
    location /alexa/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: Alexa";
    auth_basic_user_file /etc/nginx/.alexa;
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://alexa;
    }
    
    # Backend Plugin Weiterleitung
    location /gstatic/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$backend_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    proxy_pass http://$server_addr:$backend_port;
    }
    
    location /visu_websocket/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    #proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$backend_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    proxy_pass http://$server_addr:$backend_port;
    }
    
    location /api/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$backend_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    proxy_pass http://$server_addr:$backend_port;
    }
    
    location /admin/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$backend_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    proxy_pass http://$server_addr:$backend_port;
    }
    
    location /backend/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Backend";
    #auth_basic_user_file /etc/nginx/.shng;
    proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://$server_addr:$backend_port;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    
    proxy_pass http://$server_addr:$backend_port;
    }
    
    # Network Plugin Weiterleitung
    location /shnet/ {
    include /etc/nginx/headers.conf;
    satisfy any;
    #auth_basic "Restricted Area: Smarthome NG Network";
    #auth_basic_user_file /etc/nginx/.shng;
    proxy_set_header Authorization "Basic c21hcnRob21lCg==";
    # Create your base64 Passwort on the commandline: openssl enc -base64 <<< '<PASSWORD>'
    allow 127.0.0.1;
    allow 192.168.0.0/16;
    allow 10.0.0.0/16;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    rewrite ^/shnet/(.*) /$1 break;
    proxy_pass http://$server_addr:$nw_port;
    
    }
    
    # Weiterleitung zu Grafana
    location /grafana/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    # auth_basic "Restricted Area: Monit";
    # auth_basic_user_file /etc/nginx/.monit;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://grafanahost/;
    include /etc/nginx/headers.conf;
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    rewrite ^/grafana/(.*) /$1 break;
    include /etc/nginx/headers.conf;
    expires 7d;
    add_header Cache-Control "public, no-transform";
    proxy_pass http://grafanahost;
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    }
    }
    
    # Weiterleitung zu Monit
    location /monit/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    # auth_basic "Restricted Area: Monit";
    # auth_basic_user_file /etc/nginx/.monit;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    rewrite ^/monit/(.*) /$1 break;
    proxy_pass http://monithost;
    include /etc/nginx/headers.conf;
    
    location ~* favicon.ico {
    alias /var/www/html/favicon/monit/favicon.ico;
    }
    }
    
    # Weiterleitung zu Monitgraph
    location /monitgraph/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    # auth_basic "Restricted Area: Monitgraph";
    # auth_basic_user_file /etc/nginx/.monit;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://mainhost/monitgraph/;
    include /etc/nginx/headers.conf;
    }
    
    # Weiterleitung zu phpmydmin
    location /phpmyadmin/ {
    satisfy any;
    allow 127.0.0.1;
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    # auth_basic "Restricted Area: PHP MyAdmin";
    # auth_basic_user_file /etc/nginx/.monit;
    allow ::1;
    deny all;
    
    # This script tests the SSL certificate and enables Websocket access with Apple devices.
    # If you want to limit your access to devices with certificates (recommended!), don't remove this line!
    access_by_lua_file /etc/nginx/scripts/hass_access.lua;
    
    proxy_pass http://mainhost/phpmyadmin/;
    include /etc/nginx/headers.conf;
    }
    }
    nginx.conf

    Code:
    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;
    include /etc/nginx/modules-enabled/*.conf;
    
    events {
    worker_connections 768;
    # multi_accept on;
    }
    
    http {
    log_format specialLog '[$time_local] $remote_addr forwarded for $http_x_real_ip - '
    'Request: "$request" - Status: $status - Bytes sent: $body_bytes_sent '
    'Referrer: "$http_referer" - User Agent: "$http_user_agent"';
    
    ##
    # Basic Settings
    ##
    map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
    }
    
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    include /etc/nginx/proxy_params;
    include /etc/nginx/fastcgi_params;
    ##
    # SSL Settings
    ##
    
    ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    
    ##
    # Logging Settings
    ##
    
    access_log /var/log/nginx/access.log specialLog buffer=64K;
    error_log /var/log/nginx/error.log;
    
    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";
    gunzip on;
    gzip_static on;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_types application/javascript application/json application/vnd.ms-fontobject application/x-font-ttf image/svg+xml text/css text/plain text/xml;
    gzip_vary on;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    
    ##
    # GeoIP Settings
    # Nur Länder aus erlaubten IP Bereichen dürfen den ReverseProxy
    # passieren!
    # https://www.howtoforge.de/anleitung/nginx-besucher-mit-dem-geoip-modul-nach-landern-blocken-debianubuntu/
    ##
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
    default yes;
    BY no;
    BR no;
    KP no;
    KR no;
    RS no;
    RO no;
    RU no;
    CN no;
    CD no;
    NE no;
    GH no;
    IQ no;
    IR no;
    SY no;
    UA no;
    HK no;
    JP no;
    SC no;
    }
    ##
    # Virtual Host Configs
    ##
    
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    
    ##
    # Harden nginx against DDOS
    ##
    
    client_header_timeout 10;
    client_body_timeout 10;
    }

    #2
    Hast du's mal mit einem anderen Wetterdienst zB openweathermap probiert? Timeout-Ursache kann alles sein...

    Kommentar


      #3
      Hi,

      hab mir einem API Key für openweathermap besorgt aber ich kann es in der Smartvisu nicht auswählen ?
      Muss da irgendwo noch was ergänzt werden ?
      Oder anderer Anbieter?

      Gruß2020-10-30 11_44_18-Volz [smartVISU].png

      Kommentar


        #4
        Update auf die neueste SmartVisu sollte das Problem beheben

        Kommentar


          #5
          Zitat von Onkelandy Beitrag anzeigen
          Update auf die neueste SmartVisu sollte das Problem beheben
          Das Problem des fehlenden openweathermap Services wird durch Update auf die v2.9.2 definitiv behoben.

          Wegen yr.no kannst Du prüfen, ob Dein Raspi sich überhaupt mit der Seite verbindet, indem Du den Service direkt im Browser aufrufst:
          Code:
          http://Dei.neR.asp.iIP/smartVISU/lib/weather/service/yr.no.php?debug=1
          Vorher solltest Du als Badener in Deiner config noch Württemberg richtig schreiben . Und ich habe "Tyskland" anstelle "Germany" angegeben. Damit funzt es. Was bei "Germany" kam, weiß ich nicht mehr.

          Der Output ist - wenn die Verbindung klappt - ein Verhau an xml-Daten (bitte hier nicht posten!!), beginnend mit
          /************************************************** *****************************
          h ttp://www.yr.no/place/Tyskland%2FBaden-W%C3%BCrttemberg%2FGerlingen/forecast.xml xml response
          --------------------------------------------------------------------------------
          Im Ordner ./temp muss dann auch eine xml-Datei liegen, die mit "yr.no" beginnt. Schreibrechte auf ./temp müssen vorhanden sein, sonst hättest Du noch andere Probleme. Das kannst Du aber mit dem Templatechecker prüfen, oder indem Du im Browser die lib/base/check_temp.php aufrufst.

          Weiter unten in dem Verhau kommen ein paar Warnungen ("undefined index ..."), die Du ignorieren kannst.

          Gruß
          Wolfram
          Zuletzt geändert von wvhn; 30.10.2020, 13:52. Grund: kann mir mal jemand sagen, wie man im Code die Darstellung einer URL als Link verhindern kann?

          Kommentar


            #6
            Hallo Wolfram,

            da hast du wohl recht, das sollte man von einem Badner voraussetzen können.😏

            Der debug Aufruf endet in einem 504 Gateway Time-out in smartvisu/temp befindet sich auch nichts von yr.no

            hab jetzt Visu 2.9.2 und kann openweathermap anwählen aber da scheint auch nichts durchzugehen ...

            Viele Grüße
            Christian

            Kommentar


              #7
              Damit erhärtet sich Dein Verdacht, dass nginx die Anfrage nicht nach außen durchlässt. Da kann ich Dir nicht weiter helfen.

              Ich dachte erst, dass das Skript ja im Browser läuft, aber PHP wird auf dem Server ausgeführt. Deshalb müsstest Du wohl nachsehen, ob PHP eigene Freigaben im nginx benötigt und diese einrichten.

              Die Anfrage bei yr.no ist ein einfacher Download mit der PHP-Funktion "file_get_contents()". Um zu prüfen, on Dein Router das nicht blockiert, kannst Du die Seite auch direkt aufrufen:
              Code:
              http://www.yr.no/place/Tyskland/Baden-W%C3%BCrttemberg/Offenburg/forecast.xml
              Gruß
              Wolfram

              Kommentar

              Lädt...
              X