Skip to content

Instantly share code, notes, and snippets.

@nginx-gists

nginx-gists/api.conf

Last active November 11, 2022 00:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nginx-gists/d169a4fedc6d4cd1d9e3ecc54d6519b9 to your computer and use it in GitHub Desktop.
Save nginx-gists/d169a4fedc6d4cd1d9e3ecc54d6519b9 to your computer and use it in GitHub Desktop.
Download ZIP
Over-the-Air Updates to IoT Devices with NGINX
Raw
api.conf
log_format api_main '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" "$http_user_agent"';
server {
access_log /var/log/nginx/api_access.log api_main;
listen 443;
server_name <domain-url>;
location /ota {
return 200 '{"type":"esp32-fota-http", "version": 100, "host": "<domain-url>", "port": 80, "bin": "/esp32-fota-http-100.bin"}';
}
proxy_intercept_errors on;
default_type application/json;
# TLS config
ssl_certificate ~/fullchain.pem;
ssl_certificate_key ~/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!DSS;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
proxy_cookie_domain ~(?P([-0-9a-z]+\.)?[-0-9a-z]+\.[a-z]+)$ "$secure_domain; secure";
}
# vim: syntax=nginx
Raw
api_njs.conf
log_format api_main '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" "$http_user_agent"';
js_import ota.js;
server {
access_log /var/log/nginx/api_access.log api_main;
listen 443;
server_name <domain-url>;
location /ota {
js_content ota.ota;
}
proxy_intercept_errors on;
default_type application/json;
# TLS config
ssl_certificate ~/fullchain.pem;
ssl_certificate_key ~/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!DSS;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
proxy_cookie_domain ~(?P([-0-9a-z]+\.)?[-0-9a-z]+\.[a-z]+)$ "$secure_domain\; secure";
}
# vim: syntax=nginx
Raw
esp32FOTA_config
#include <esp32fota.h>
#include <WiFi.h>
const char *ssid = "";
const char *password = "";
esp32FOTA esp32FOTA("esp32-fota-http", 1);
void setup()
{
esp32FOTA.checkURL = "https://<domain-url>/ota";
Serial.begin(115200);
setup_wifi();
}
void setup_wifi()
{
delay(10);
Serial.print("Connecting to ");
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED)
{
delay(500);
Serial.print(".");
}
}
void loop()
{
bool updatedNeeded = esp32FOTA.execHTTPcheck();
if (updatedNeeded)
{
esp32FOTA.execOTA();
}
delay(2000);
}
Raw
nginx.conf
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;
http {
include /etc/nginx/conf.d/api*.conf;
}
Raw
ota.js
var fs = require('fs');
function ota(r) {
var otaFolder = '</path/to/firmware>';
var base = 100;
var fName = 'esp32-fota-http-';
var jsonOut = {};
while (base++){
try{
var file = fs.readFileSync(otaFolder+fName+base+'.bin');
} catch (err) {
base--;
break;
}
}
jsonOut['type'] = 'esp32-fota-http';
jsonOut['version'] = base;
jsonOut['host'] = '<domain-url>';
jsonOut['port'] = 80;
jsonOut['bin'] = '/'+fName+base+'.bin';
r.return(200, JSON.stringify(jsonOut));
}
export default { ota }
@nginx-gists
Copy link
Author

For a discussion of these files, see Over-the-Air Updates to IoT Devices with NGINX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment