From a7f714e307822319569b236b7ab5f3e21d1b1aa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 09:45:52 +0200 Subject: [PATCH 1/9] add IgnoreCertificateRevocationErrors to MqttClientOptions --- Zigbee2MqttAssistant/Services/MqttConnectionService.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/Zigbee2MqttAssistant/Services/MqttConnectionService.cs b/Zigbee2MqttAssistant/Services/MqttConnectionService.cs index 2fc193c..99d2de5 100644 --- a/Zigbee2MqttAssistant/Services/MqttConnectionService.cs +++ b/Zigbee2MqttAssistant/Services/MqttConnectionService.cs @@ -105,6 +105,7 @@ private async Task Connect() { x.UseTls = settings.MqttSecure != TlsMode.False; x.AllowUntrustedCertificates = settings.MqttSecure == TlsMode.Insecure; + x.IgnoreCertificateRevocationErrors = true; }) .WithCredentials(settings.MqttUsername, settings.MqttPassword) .Build(); From 4d20e38707658e193bdbca6fca0eaa785035718a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 17:31:33 +0200 Subject: [PATCH 2/9] update nuget packages --- Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj b/Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj index c64c726..e6fa5a0 100644 --- a/Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj +++ b/Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj @@ -8,7 +8,7 @@ - + all runtime; build; native; contentfiles; analyzers; buildtransitive @@ -18,7 +18,7 @@ - + From 068abbb50da20af4a53003837e60e35746956f3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 17:31:46 +0200 Subject: [PATCH 3/9] update docker file --- Dockerfile | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 41e5f55..8392531 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,49 @@ +# ----------- Build stage (ASP .NET Core) ----------- # This file should be run after compiling the solution with the following command: # msbuild /r /p:Configuration=Release /p:OutputPath=app /t:Publish +FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS dotnet-build-env +WORKDIR /src +ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 +ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1 + +# restore +COPY ["Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj", "Zigbee2MqttAssistant/"] +RUN dotnet restore "Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj" + +# copy src +COPY . . + +# build +WORKDIR "/src/Zigbee2MqttAssistant" +RUN dotnet build "Zigbee2MqttAssistant.csproj" -c Release -o /app/build + +# publish +RUN dotnet publish "Zigbee2MqttAssistant.csproj" -c Release -o /app/publish + + +# ----------- Runtime stage ----------- # You should run this file with the following parameters: # docker build . --build-arg DOTNETTAG= --build-arg OSTAG= -t # where: # is the tag of the dotnet aspnet runtime image # is the tag of the runtime for hass.io (amd64, armv7, aarch64...) +FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 +EXPOSE 80 + +ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 +ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1 ARG DOTNETTAG ARG OSTAG -FROM mcr.microsoft.com/dotnet/core/aspnet:$DOTNETTAG -EXPOSE 80 - # Metadata for information about this software LABEL description="Zigbee2MqttAssistant - A GUI for Zigbee2Mqtt" author="carl.debilly@gmail.com" "project.url"="https://github.com/yllibed/Zigbee2MqttAssistant" # Additionnal metadata for HASS.IO LABEL io.hass.version="172" io.hass.type="addon" io.hass.arch=$OSTAG +# copy file to runtime image WORKDIR /app -COPY Zigbee2MqttAssistant/apppublish . +COPY --from=dotnet-build-env /app/publish . ENTRYPOINT ["dotnet", "Zigbee2MqttAssistant.dll"] From 7d2f783b48f56479e5b1ec2b55076748c50401d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 18:55:25 +0200 Subject: [PATCH 4/9] use https instead of http --- Zigbee2MqttAssistant/Services/AllowJoinTimerService.cs | 4 ++++ Zigbee2MqttAssistant/Startup.cs | 9 ++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Zigbee2MqttAssistant/Services/AllowJoinTimerService.cs b/Zigbee2MqttAssistant/Services/AllowJoinTimerService.cs index 0e2d887..54d5007 100644 --- a/Zigbee2MqttAssistant/Services/AllowJoinTimerService.cs +++ b/Zigbee2MqttAssistant/Services/AllowJoinTimerService.cs @@ -32,6 +32,8 @@ public async Task StartAsync(CancellationToken ct) { _stateService.StateChanged += OnStateChanged; } + + await Task.CompletedTask; } private void OnStateChanged(object sender, Bridge e) @@ -75,6 +77,8 @@ public async Task StopAsync(CancellationToken ct) // Terminate any ongoing timer _disposable.Disposable = null; + + await Task.CompletedTask; } public void Dispose() => _disposable.Dispose(); diff --git a/Zigbee2MqttAssistant/Startup.cs b/Zigbee2MqttAssistant/Startup.cs index 09ff8f0..266de58 100644 --- a/Zigbee2MqttAssistant/Startup.cs +++ b/Zigbee2MqttAssistant/Startup.cs @@ -35,6 +35,12 @@ public void ConfigureServices(IServiceCollection services) c.ReturnHttpNotAcceptable = true; }); + services.AddHttpsRedirection(options => + { + options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect; + options.HttpsPort = 443; + }); + services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); @@ -65,11 +71,12 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseExceptionHandler("/Home/Error"); } + app.UseHttpsRedirection(); + app.UseStaticFiles(); app.UseRouting(); - app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( From 3866e5972efd01cc563ea6c0c1a5cab249c8cbf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 19:23:13 +0200 Subject: [PATCH 5/9] fix expose port in dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8392531..dace302 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN dotnet publish "Zigbee2MqttAssistant.csproj" -c Release -o /app/publish # is the tag of the dotnet aspnet runtime image # is the tag of the runtime for hass.io (amd64, armv7, aarch64...) FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 -EXPOSE 80 +EXPOSE 443 ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1 From 2e1ecf42e96870c1a410ac351d550bf0f92b86e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Sun, 19 Jul 2020 19:40:53 +0200 Subject: [PATCH 6/9] add create certs directory to dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index dace302..538eb6f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,5 +45,6 @@ LABEL io.hass.version="172" io.hass.type="addon" io.hass.arch=$OSTAG # copy file to runtime image WORKDIR /app +RUN mkdir -p /app/certs COPY --from=dotnet-build-env /app/publish . ENTRYPOINT ["dotnet", "Zigbee2MqttAssistant.dll"] From d6d8d802de95ae3897fbcf922c027ad172f0d22e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Mon, 20 Jul 2020 09:15:34 +0200 Subject: [PATCH 7/9] add docker-compose and .env file --- .env | 12 +++++++ Dockerfile | 4 +-- .../Properties/launchSettings.json | 6 ++-- docker-compose.yml | 31 +++++++++++++++++++ 4 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 .env create mode 100644 docker-compose.yml diff --git a/.env b/.env new file mode 100644 index 0000000..5e2395a --- /dev/null +++ b/.env @@ -0,0 +1,12 @@ +# to generate a self-signed certificate replace 'XX' and server addresses and IPs in the following commands: +# openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.txt -out cert.txt -days 3650 -nodes -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=server.example.com" -addext subjectAltName=DNS:server.example.com,IP:192.168.0.1 +# openssl pkcs12 -export -out certificate.pfx -inkey key.txt -in cert.txt +# the entry 'cert_password' below has to be replaced by the password you just entered when creating the PFX cert file. +# copy the pfx file to the directory /tmp/certs/ or change the path of 'volumes' in docker-compose.yml + +MQTTSERVER=server.example.net +MQTTPORT=8883 +MQTTSECURE=Insecure +MQTTUSERNAME=username +MQTTPASSWORD=password +PFX_PASSWORD=cert_password diff --git a/Dockerfile b/Dockerfile index 538eb6f..ab6f605 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # ----------- Build stage (ASP .NET Core) ----------- # This file should be run after compiling the solution with the following command: # msbuild /r /p:Configuration=Release /p:OutputPath=app /t:Publish -FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS dotnet-build-env +FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine AS dotnet-build-env WORKDIR /src ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 @@ -28,7 +28,7 @@ RUN dotnet publish "Zigbee2MqttAssistant.csproj" -c Release -o /app/publish # where: # is the tag of the dotnet aspnet runtime image # is the tag of the runtime for hass.io (amd64, armv7, aarch64...) -FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 +FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine EXPOSE 443 ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 diff --git a/Zigbee2MqttAssistant/Properties/launchSettings.json b/Zigbee2MqttAssistant/Properties/launchSettings.json index 18aa036..b73dea5 100644 --- a/Zigbee2MqttAssistant/Properties/launchSettings.json +++ b/Zigbee2MqttAssistant/Properties/launchSettings.json @@ -19,9 +19,9 @@ "commandName": "Project", "launchBrowser": true, "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" + "ASPNETCORE_ENVIRONMENT": "Production" }, - "applicationUrl": "https://localhost:5001;http://localhost:5000" + "applicationUrl": "https://localhost:443" }, "Docker": { "commandName": "Docker", @@ -35,4 +35,4 @@ "useSSL": false } } -} +} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..d9c078b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3.7' + +services: + + zigbee2mqttAssistant: + image: moerchel/zigbee2mqtt_assistant + container_name: zigbee2mqttAssistant + environment: + - Z2MA_SETTINGS__MQTTSERVER=${MQTTSERVER} + - Z2MA_SETTINGS__MQTTPORT=${MQTTPORT} + - Z2MA_SETTINGS__MQTTSECURE=${MQTTSECURE} + - Z2MA_SETTINGS__MQTTUSERNAME=${MQTTUSERNAME} + - Z2MA_SETTINGS__MQTTPASSWORD=${MQTTPASSWORD} + - TZ=Europe/Berlin + - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_Kestrel__Certificates__Default__Password=${PFX_PASSWORD} + - ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certs/certificate.pfx + - Logging__Console__LogLevel__Default=Warning + networks: + - zigbeenet + ports: + - 4433:443 + volumes: + - /tmp/certs:/app/certs:ro + restart: unless-stopped + + +networks: + zigbeenet: + name: zigbeenet + driver: bridge From 47ee0dedb65ddb16bd20d95641932ec54ade2c69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Tue, 21 Jul 2020 09:41:28 +0200 Subject: [PATCH 8/9] add config settings for HTTPSPORT and HTTPSREDIRECT --- Zigbee2MqttAssistant/Properties/launchSettings.json | 6 +++--- Zigbee2MqttAssistant/Startup.cs | 7 +++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Zigbee2MqttAssistant/Properties/launchSettings.json b/Zigbee2MqttAssistant/Properties/launchSettings.json index b73dea5..18aa036 100644 --- a/Zigbee2MqttAssistant/Properties/launchSettings.json +++ b/Zigbee2MqttAssistant/Properties/launchSettings.json @@ -19,9 +19,9 @@ "commandName": "Project", "launchBrowser": true, "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Production" + "ASPNETCORE_ENVIRONMENT": "Development" }, - "applicationUrl": "https://localhost:443" + "applicationUrl": "https://localhost:5001;http://localhost:5000" }, "Docker": { "commandName": "Docker", @@ -35,4 +35,4 @@ "useSSL": false } } -} \ No newline at end of file +} diff --git a/Zigbee2MqttAssistant/Startup.cs b/Zigbee2MqttAssistant/Startup.cs index 266de58..691d2c6 100644 --- a/Zigbee2MqttAssistant/Startup.cs +++ b/Zigbee2MqttAssistant/Startup.cs @@ -38,7 +38,7 @@ public void ConfigureServices(IServiceCollection services) services.AddHttpsRedirection(options => { options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect; - options.HttpsPort = 443; + options.HttpsPort = Configuration.GetValue("SETTINGS:HTTPSPORT", 443); }); services.AddSingleton(); @@ -71,7 +71,10 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseExceptionHandler("/Home/Error"); } - app.UseHttpsRedirection(); + if (Configuration.GetValue("SETTINGS:HTTPSREDIRECT", false)) + { + app.UseHttpsRedirection(); + } app.UseStaticFiles(); From 3e69ec824a4616a37fd9d54f5f4cacae42155688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20M=C3=B6rchel?= Date: Tue, 21 Jul 2020 11:06:45 +0200 Subject: [PATCH 9/9] restore original dockerfile --- .env | 12 ------------ Dockerfile | 35 +++++------------------------------ docker-compose.yml | 31 ------------------------------- 3 files changed, 5 insertions(+), 73 deletions(-) delete mode 100644 .env delete mode 100644 docker-compose.yml diff --git a/.env b/.env deleted file mode 100644 index 5e2395a..0000000 --- a/.env +++ /dev/null @@ -1,12 +0,0 @@ -# to generate a self-signed certificate replace 'XX' and server addresses and IPs in the following commands: -# openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.txt -out cert.txt -days 3650 -nodes -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=server.example.com" -addext subjectAltName=DNS:server.example.com,IP:192.168.0.1 -# openssl pkcs12 -export -out certificate.pfx -inkey key.txt -in cert.txt -# the entry 'cert_password' below has to be replaced by the password you just entered when creating the PFX cert file. -# copy the pfx file to the directory /tmp/certs/ or change the path of 'volumes' in docker-compose.yml - -MQTTSERVER=server.example.net -MQTTPORT=8883 -MQTTSECURE=Insecure -MQTTUSERNAME=username -MQTTPASSWORD=password -PFX_PASSWORD=cert_password diff --git a/Dockerfile b/Dockerfile index ab6f605..f79f686 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,50 +1,25 @@ -# ----------- Build stage (ASP .NET Core) ----------- + # This file should be run after compiling the solution with the following command: # msbuild /r /p:Configuration=Release /p:OutputPath=app /t:Publish -FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine AS dotnet-build-env -WORKDIR /src -ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 -ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1 - -# restore -COPY ["Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj", "Zigbee2MqttAssistant/"] -RUN dotnet restore "Zigbee2MqttAssistant/Zigbee2MqttAssistant.csproj" - -# copy src -COPY . . - -# build -WORKDIR "/src/Zigbee2MqttAssistant" -RUN dotnet build "Zigbee2MqttAssistant.csproj" -c Release -o /app/build - -# publish -RUN dotnet publish "Zigbee2MqttAssistant.csproj" -c Release -o /app/publish - - -# ----------- Runtime stage ----------- # You should run this file with the following parameters: # docker build . --build-arg DOTNETTAG= --build-arg OSTAG= -t # where: # is the tag of the dotnet aspnet runtime image # is the tag of the runtime for hass.io (amd64, armv7, aarch64...) -FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine -EXPOSE 443 - -ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 -ENV DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1 ARG DOTNETTAG ARG OSTAG +FROM mcr.microsoft.com/dotnet/core/aspnet:$DOTNETTAG +EXPOSE 80 + # Metadata for information about this software LABEL description="Zigbee2MqttAssistant - A GUI for Zigbee2Mqtt" author="carl.debilly@gmail.com" "project.url"="https://github.com/yllibed/Zigbee2MqttAssistant" # Additionnal metadata for HASS.IO LABEL io.hass.version="172" io.hass.type="addon" io.hass.arch=$OSTAG -# copy file to runtime image WORKDIR /app -RUN mkdir -p /app/certs -COPY --from=dotnet-build-env /app/publish . +COPY Zigbee2MqttAssistant/apppublish . ENTRYPOINT ["dotnet", "Zigbee2MqttAssistant.dll"] diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index d9c078b..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: '3.7' - -services: - - zigbee2mqttAssistant: - image: moerchel/zigbee2mqtt_assistant - container_name: zigbee2mqttAssistant - environment: - - Z2MA_SETTINGS__MQTTSERVER=${MQTTSERVER} - - Z2MA_SETTINGS__MQTTPORT=${MQTTPORT} - - Z2MA_SETTINGS__MQTTSECURE=${MQTTSECURE} - - Z2MA_SETTINGS__MQTTUSERNAME=${MQTTUSERNAME} - - Z2MA_SETTINGS__MQTTPASSWORD=${MQTTPASSWORD} - - TZ=Europe/Berlin - - ASPNETCORE_URLS=https://+:443 - - ASPNETCORE_Kestrel__Certificates__Default__Password=${PFX_PASSWORD} - - ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certs/certificate.pfx - - Logging__Console__LogLevel__Default=Warning - networks: - - zigbeenet - ports: - - 4433:443 - volumes: - - /tmp/certs:/app/certs:ro - restart: unless-stopped - - -networks: - zigbeenet: - name: zigbeenet - driver: bridge