Any way to get access remotely to OH2 without using myopenhab.org?

Nguy_n_Phuc_Anh_D_ng · April 16, 2017, 5:33am

Hello friends,
I’ve played with OH2 for 2 months and it is fanstatic…Great framework for home automation
But since using myopenhab.org is way tooo slow. I want to use another way to get access to OH2 which is located on my raspberry pi 3
I intend to buy a domain (with a little bit of charge but that’s OK) and I will access to OH2 (outside from local network) but I do not know whether it is possible or not
If it is possible, will you please suggest me some way to do it?
Big thanks for all of the replies!!!

philKrylc · April 16, 2017, 7:28am

Hi,

sure - there are several solutions. Let me point out two of them:

You can setup your own instance of “myopenhab” on your own server and use it to access your OH instance remotely. But as far as I’ve red this is a quite complex solution.
You can install nginx (or apache) and configure it as a reverse proxy. If you use dynamic DNS (DynDNS) you can access your OH instance with the same domain.

These are just two ways. Let’s see what others recommend.

Nguy_n_Phuc_Anh_D_ng · April 16, 2017, 7:34am

Oh woah thanks for your quick reply
Just please give me some more options, It would be a great helllpppp!!!

PeterJ · April 16, 2017, 7:36am

Hi, there is a page in the openHAB documentation dedicated to your question, check

http://docs.openhab.org/installation/security.html#options-for-secure-remote-access

The second option Phil mentioned, via a reverse proxy, is described in detail on that page, I followed it myself and it works very nicely. Another potentially interesting option is using VPN, this is not described and I do not have experience with it. The docs howver mention it as “the most secure option”, so probably worth investigating.

Nguy_n_Phuc_Anh_D_ng · April 16, 2017, 7:48am

Another thank for you, Peter
Now I just wonder a question, hope you can answer: for example I am owning a domain: https://www.abc.com
Then in the configuration of the file /etc/nginx/sites-enabled/default:

server {
	listen                          80;
	server_name                     mydomain_or_myip;

	location / {
		proxy_pass                            http://localhost:8080/;
		proxy_set_header Host                 $http_host;
		proxy_set_header X-Real-IP            $remote_addr;
		proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto    $scheme;
	}
}

I have to replace mydomain_or_myip by something like

server_name                     https://www.abc.com;

Is that right?
Sorry this question is noob, I know, very sorry if it bothers you

Moxified · April 16, 2017, 10:31am

I think that is basically correct. I followed the nginx tutorial: http://docs.openhab.org/installation/security.html#nginx-reverse-proxy

This is what I have in mine that works:

server {
listen 80;
server_name abc.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.x.y;

    ssl_certificate                 /etc/ssl/openhab.crt;
    ssl_certificate_key             /etc/ssl/openhab.key;
    add_header                      Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.

    location / {
            proxy_pass                              http://localhost:8080/;
            proxy_set_header Host                   $http_host;
            proxy_set_header X-Real-IP              $remote_addr;
            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto      $scheme;
            satisfy                                 any;
            deny                                    all;
            auth_basic                              "Username and Password Required";
            auth_basic_user_file                    /etc/nginx/.htpasswd;
    }

}

PeterJ · April 16, 2017, 10:46am

I am also very much a noob in this field, but mine also works and looks very similar to what Moxified posted. Except that I do not have a domain name. I do have a static IP though, and that is what I put as a “server_name”. Just the IP, no http://, https:// or anything, just the ip, like this:

server_name xxx.xxx.xxx.xxx

Best regards, Peter

philKrylc · April 16, 2017, 12:27pm

Afaik that is correct.

Max_G · April 16, 2017, 12:44pm

If you have a Fritzbox, you can securely access your net work through a VPN… what I am doing… works.

Paul-in-CH · April 16, 2017, 1:41pm

Remotely access it from what?

Just a computer, also a tablet? What router do you have?

The best solution depends on your needs and hardware.

rtvb · April 16, 2017, 3:15pm

Very insecure !!!

but without installing any reverse proxy, you could also just open port 80 on your router and map it to 8080 on your openHAB server.

Moxified · April 17, 2017, 1:59am

I know you prefaced it but this seriously should not even be considered an option.

VPN is another viable option but kinda clunky if you need quick access. I don’t think anybody mentioned that.

steve1 · April 17, 2017, 10:15am

I use a VPN. This solution works well for me because I sometimes want SSH access to the Pi to change configurations or look at log files. It also allows me to access other devices on my LAN (network cameras, etc.). The quick access is not an issue for me since it’s usually faster to activate my VPN on my phone than to wait for myopenhab to respond. It’s also more reliable.

Extrabannies · April 17, 2017, 10:27am

Hi,
I also use a VPN on demand connection, i.e. if I open openHAB app on my i-phone, the VPN connection is automatically build-up. Consequently I have no open ports in my router.
I tried to describe it here:

Cheers

Nguy_n_Phuc_Anh_D_ng · April 17, 2017, 1:25pm

@Extrabannies Woah really good reference, thanks
But after reading your post, it seems that fritzbox router is a must to proceed so-called VPN-on-demand service right?
Has anyone ever tried setting up VPN on raspberry pi to get access remotely to OH2? Please show me how
Thanks <3

Extrabannies · April 17, 2017, 2:17pm

Hi,
No, in principle it does work with any VPN connection.
Just use the file provide under the heading “Clientkonfiguration auf dem iPhone”, adopt the parameters acc. to your VPN set-up, send via e-mail to yourself and implement it on your i-phone.
Cheers

Joe_Lawrence · April 17, 2017, 5:33pm

This is correct, I’ve just completed the setup. See Cloud setup. Also talks about what you need to do to send notifications through your own cloud. I also need to add details about editing, Mail.js (not 100%sure on the name, but, that’s close), to take mail out of development mode.

JOL2912 · April 20, 2017, 10:20am

I use the Cloud Connector to access my OH2 outside from local network. It works great using the openHAB IPhone app.
Links:
Openhab Info: https://github.com/openhab/openhab1-addons/wiki/openHAB-Cloud-Connector
IOS APP: https://itunes.apple.com/dk/app/openhab/id492054521
Android APP: https://play.google.com/store/apps/details?id=org.openhab.habdroid
Regards
Jens Ole

HomeAutomation · April 20, 2017, 1:56pm

I install OpenVPN on my NAS and OpenVPN client on my smartphone. After that I’m able to connect to my internal OH2 installation via the VPN tunnel. Very easy to configure and it works perfect.

It is secure because only via VPN I can access OH2.

jade7272 · May 1, 2017, 6:09pm

You should just be able to put your outside IP address in the config in the OpenHAB app as remote ip and open your port 8080 on your router and that’s it …Should work …works for me …