Closed aph3rson closed 1 year ago
I have added this as an option for the php_nginx containers.. can you update/test and let me know if its working as expected?
bump
I just fixed an (unrelated) issue with my HA deployment. I'll give this a shot this evening.
Alright, just tried this out. I used Portainer to connect to the container for the php-nginx API, and tried to call routes like I'd see in image.php:
root@48159ca7-php-nginx: /srv/www # curl -X GET -H "Authorization: Bearer ${SUPERVISOR_TOKEN}" -H "Content-Type: application/json" http://supervisor/api/states/sensor.rest980
403: Forbidden
root@48159ca7-php-nginx: /srv/www # curl -X GET -H "Authorization: Bearer ${SUPERVISOR_TOKEN}" -H "Content-Type: application/json" http://supervisor/core/api/states/sensor.rest980
401: Unauthorized
I see this in the supervisor logs:
22-02-10 18:32:36 WARNING (MainThread) [supervisor.api.middleware.security] 48159ca7_php-nginx missing API permission for /api/states/sensor.rest980
22-02-10 18:32:36 ERROR (MainThread) [supervisor.api.middleware.security] Invalid token for access /api/states/sensor.rest980
22-02-10 18:32:40 WARNING (MainThread) [supervisor.api.proxy] Not permitted API access: 48159ca7_php-nginx
Therefore, it's not clear if:
Taking a peek at another addon that appears to use this, here's their config.json
, and [here]'s where they call the API from within their addon code.
Any ideas?
Sorry for the delay.... given mapping is broken.. and not coming back anytime soon it seems, im going to close this
Communication with the core API for both the
php-nginx
addons requires that the user generate their own long-lived access key.However, HA will vend a token to the container if the addon is configured to receive access tokens directly. These tokens are exposed in the
SUPERVISOR_TOKEN
envvar, and allows using thehttp://supervisor/core/api/
API endpoint. More information here.This should be as simple as setting
homeassistant_api: true
in theconfig.json
for both files. From there, bothimage.php
files need: