Any way to get access remotely to OH2 without using myopenhab.org?

Another thank for you, Peter
Now I just wonder a question, hope you can answer: for example I am owning a domain: https://www.abc.com
Then in the configuration of the file /etc/nginx/sites-enabled/default:

server {
	listen                          80;
	server_name                     mydomain_or_myip;

	location / {
		proxy_pass                            http://localhost:8080/;
		proxy_set_header Host                 $http_host;
		proxy_set_header X-Real-IP            $remote_addr;
		proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto    $scheme;
	}
}

I have to replace mydomain_or_myip by something like

server_name                     https://www.abc.com;

Is that right?
Sorry this question is noob, I know, very sorry if it bothers you

I think that is basically correct. I followed the nginx tutorial: http://docs.openhab.org/installation/security.html#nginx-reverse-proxy

This is what I have in mine that works:

server {
listen 80;
server_name abc.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.x.y;

    ssl_certificate                 /etc/ssl/openhab.crt;
    ssl_certificate_key             /etc/ssl/openhab.key;
    add_header                      Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.

    location / {
            proxy_pass                              http://localhost:8080/;
            proxy_set_header Host                   $http_host;
            proxy_set_header X-Real-IP              $remote_addr;
            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto      $scheme;
            satisfy                                 any;
            deny                                    all;
            auth_basic                              "Username and Password Required";
            auth_basic_user_file                    /etc/nginx/.htpasswd;
    }

}

2 Likes

I am also very much a noob in this field, but mine also works and looks very similar to what Moxified posted. Except that I do not have a domain name. I do have a static IP though, and that is what I put as a “server_name”. Just the IP, no http://, https:// or anything, just the ip, like this:

server_name xxx.xxx.xxx.xxx

Best regards, Peter

Afaik that is correct. :slight_smile:

If you have a Fritzbox, you can securely access your net work through a VPN… what I am doing… works.

Remotely access it from what?

Just a computer, also a tablet? What router do you have?

The best solution depends on your needs and hardware.

Very insecure !!!

but without installing any reverse proxy, you could also just open port 80 on your router and map it to 8080 on your openHAB server.

I know you prefaced it but this seriously should not even be considered an option.

VPN is another viable option but kinda clunky if you need quick access. I don’t think anybody mentioned that.

1 Like

I use a VPN. This solution works well for me because I sometimes want SSH access to the Pi to change configurations or look at log files. It also allows me to access other devices on my LAN (network cameras, etc.). The quick access is not an issue for me since it’s usually faster to activate my VPN on my phone than to wait for myopenhab to respond. It’s also more reliable.

Hi,
I also use a VPN on demand connection, i.e. if I open openHAB app on my i-phone, the VPN connection is automatically build-up. Consequently I have no open ports in my router.
I tried to describe it here:


Cheers

@Extrabannies Woah really good reference, thanks
But after reading your post, it seems that fritzbox router is a must to proceed so-called VPN-on-demand service right?
Has anyone ever tried setting up VPN on raspberry pi to get access remotely to OH2? Please show me how
Thanks <3

Hi,
No, in principle it does work with any VPN connection.
Just use the file provide under the heading “Clientkonfiguration auf dem iPhone”, adopt the parameters acc. to your VPN set-up, send via e-mail to yourself and implement it on your i-phone.
Cheers

This is correct, I’ve just completed the setup. See Cloud setup. Also talks about what you need to do to send notifications through your own cloud. I also need to add details about editing, Mail.js (not 100%sure on the name, but, that’s close), to take mail out of development mode.

I use the Cloud Connector to access my OH2 outside from local network. It works great using the openHAB IPhone app.
Links:
Openhab Info: https://github.com/openhab/openhab1-addons/wiki/openHAB-Cloud-Connector
IOS APP: https://itunes.apple.com/dk/app/openhab/id492054521
Android APP: https://play.google.com/store/apps/details?id=org.openhab.habdroid
Regards
Jens Ole

I install OpenVPN on my NAS and OpenVPN client on my smartphone. After that I’m able to connect to my internal OH2 installation via the VPN tunnel. Very easy to configure and it works perfect.

It is secure because only via VPN I can access OH2.

You should just be able to put your outside IP address in the config in the OpenHAB app as remote ip and open your port 8080 on your router and that’s it …Should work …works for me …

Is MQTT would be not an option?

You can get account on any free cloud MQTT Broker (like cloudMQTT for example). Then you use OpenHAB MQTT Binding to make Openhab connect to this broker and exchange topics. You can use SSL/TLS security. And finally some MQTT client on your Android/iOS device will connect to the same broker. This is not a Web-based solution though, but extremely fast and you don’t need to open any ports on your system

can use webhooks to connect to IFTTT

Continuing the discussion from Any way to get access remotely to OH2 without using myopenhab.org?:

There are many methods to do this - the difference is security, easiness of the configuration and cost of the solution.

Following I am typing some methods with some analyses

1. Port Forwarding (with Dynamic DNS and SSL encryption)

This requires router configuration (to forward your routers public port to OH2 private port), however this requires you to have fixed ip address. In case your ip address is not fixed (in most cases) you need to use Dynamic DNS services to be able to use domains instead ip address (there are available free services i.e. https://www.noip.com/free ). Here we still have security question open. To solve security question i.e. setup ssl certificate we can use Let’s Encrypt service ( https://letsencrypt.org/ ) to get free certificate, however we should configure OH2 server to use the certificate or we should setup reverse proxy (in most cases nginx or apache) and configure proxy to use certificate.

Conclusion – Hard to setup if we want to have secure connection (can be done for free)

2. VPN

For this scenario we should use VPN services. We should connect our OH2 server to VPN then in other side we should connect our client to VPN (i.e. mobile device) that will allow us to access to OH2 by local IP address. We can set up our own VPN server (i.e. https://openvpn.net/ ) however this requires knowledge to do it right.

Conclusion – Easy, Paid, Secure, Bad User Experience (connecting to VPN every time you need to connect to OH2)

3. Tunneling

For this scenario we can use free tunneling services (i.e. https://tunnelin.com/ ). The process is very straight forward i.e. Register a User, Connect your device to service (by running one line command on device), use Web interface to open/close secure tunnels to the device.

Conclusion – Free, Secure, Easy

3 Likes

Hello,

I recently set up an IPSec VPN to access OH from my Android, mainly due to recurring issues with myopenhab.

The VPN tunnel works fine and is fast. But the Android App always tries to connect to myopenhab.og when I’m not connected to a Wifi. Is there a way to force the app to use the “internal” IP even with 4G?

Greetings…