From edcb63b7e6b777d6df21667e70f397d8b64c37ac Mon Sep 17 00:00:00 2001
From: renaud gaudin <reg@rskg.org>
Date: Wed, 13 Dec 2023 16:20:37 +0000
Subject: [PATCH] Fixed #26: Added NO_HOME_SERVICES to hide Kiwix-serve
 homepage

Now accepts a `NO_HOME_SERVICES` environ that list services which `/` endpoint
is redirected to the main FQDN
---
 reverse-proxy/README.md        | 3 ++-
 reverse-proxy/gen-caddyfile.py | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy/README.md b/reverse-proxy/README.md
index c9ce820..3081c42 100644
--- a/reverse-proxy/README.md
+++ b/reverse-proxy/README.md
@@ -10,7 +10,8 @@ Configuration is done solely via environment variables
 | -------------------- | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `FQDN`               | `generic.hotspot`  | Hostname to serve at                                                                                                                                            |
 | `SERVICES`           |                    | `,`-separated list of services to configure. Either `name` (service-name) or `name:target:port` for special ones. Ex `kiwix,edupi,api.edupi:edupi:8080`         |
-| `PROTECTED_SERVICES` |                    | `,`-separated list of services to password-protect<sup>1</sup>. `name:username:password` format (clear text password). Ex `kiwix,admin,passW0rd`   | 
+| `PROTECTED_SERVICES` |                    | `,`-separated list of services to password-protect<sup>1</sup>. `name:username:password` format (clear text password). Ex `kiwix,admin,passW0rd`                |
+| `NO_HOME_SERVICES`   |                    | `,`-separated list of services to redirect their `/` to the hotspot-home. Used to disable kiwix-serve home.                                                     | 
 | `FILES_MAPPING`      |                    | `,`-separated list of `{subdomain}:{subfolder}` mapping for files-related services (using a single files service). Ex `nomad:nomadeducation,download-zims:zims` |
 | `DEBUG`              |                    | Set any value to enable Caddy debug output                                                                                                                      |
 
diff --git a/reverse-proxy/gen-caddyfile.py b/reverse-proxy/gen-caddyfile.py
index 698f34a..0b379f3 100755
--- a/reverse-proxy/gen-caddyfile.py
+++ b/reverse-proxy/gen-caddyfile.py
@@ -46,6 +46,7 @@ class Service:
     username: str | None = None
     password: str | None = None
     password_e: str | None = None
+    disable_home: bool | None = False
 
     @classmethod
     def from_line(cls, text: str):
@@ -80,6 +81,9 @@ def should_protect(self) -> bool:
     svc_name = svc.split(":", 1)[0]
     if svc_name in services:
         services[svc_name].protect_from(svc)
+for svc_name in os.getenv("NO_HOME_SERVICES", "").split(","):
+    if svc_name in services:
+        services[svc_name].disable_home = True
 
 files_map: dict[str, str] = {
     entry.split(":", 1)[0]: entry.split(":", 1)[1]
@@ -136,6 +140,9 @@ def should_protect(self) -> bool:
         {{service.username}} {{service.password_e}}
     }
     {% endif %}
+    {% if service.disable_home %}
+    redir / {scheme}://{$FQDN} permanent
+    {% endif %}
     reverse_proxy {{service.target}}:{{service.port}}
     handle_errors {
         respond "HTTP {http.error.status_code} Error ({http.error.message})"