Apache2 Sitemap protection

theo416 · August 19, 2018, 10:54am

Hello,

I want to protect the Sitemaps in my Openhab2 project with different passwords!

In apache you need to create a “Virtual Host”
An Example: You want to protect “http://IP_OPENHAB:8080” you need to create a virtual host named for example “http://IP_OPENHAB:80” in the conf File “<VirtualHost *:80>”.

But for example i have the sitemaps “User1”, “User2” and “User3”.
I want that the Virtual Host and the ProxyPass/ProxyPassReverse is the same URL.

For example “User1” is allowed to access the Openhab start page with PaperUI, … and the sitemap “User1”
“User2” is allowed to access only the sitemap “User2” and “User3” is allowed to access the sitemap “User3”.

Can anyone help me with my problem?

Thanks

illnesse · August 19, 2018, 12:23pm

not gonna work that way but there’s something similar in the works:

splatch · August 19, 2018, 1:46pm

It is in the works. At some day Openhab will support security out of the box.

Question in topic is difficult to solve with apache mod proxy as both users will still be able to list all items, things and so on. It is not easily doable with semi static nature of http server configuration.

theo416 · August 19, 2018, 2:57pm

Okay thats bad.

I have a other solution:

Apache conf - File:

<VirtualHost *:80>
  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/
  <Location />
    AuthType Basic
    AuthName "OpenHab2"
    AuthUserFile /etc/apache2/Passwoerter/.htpasswd_Startseite
    Require valid-user
  </Location>
</VirtualHost>



<VirtualHost *:1000>
  ProxyPass / http://127.0.0.1:8080/basicui/app?sitemap=User1
  ProxyPassReverse / http://127.0.0.1:8080/basicui/app?sitemap=User1

  <Location />
    AuthType Basic
    AuthName "OpenHab2 Sitemap User1"
    AuthUserFile /etc/apache2/Passwoerter/.htpasswd_Sitemap_User1
    Require valid-user
  </Location>
</VirtualHost>



<VirtualHost *:1001>
  ProxyPass / http://127.0.0.1:8080/basicui/app?sitemap=User2
  ProxyPassReverse / http://127.0.0.1:8080/basicui/app?sitemap=User2

  <Location />
    AuthType Basic
    AuthName "OpenHab2 Sitemap User2"
    AuthUserFile /etc/apache2/Passwoerter/.htpasswd_Sitemap_User2
    Require valid-user
  </Location>
</VirtualHost>

And in the ports.conf I added:

Listen 80
Listen 1000
Listen 1001

The authentication works but then the sitemap is not loading because the “?”.
I’ve replaced “?” with HEX-Code “%3F” but it didn’t worked!

What do I have to exchange the question mark for?

gitMiguel · August 19, 2018, 6:57pm

I don’t have a solution but have read thistopic?

Looks like ProxyPass alone isn’t enough and you need some rewrite rules.

theo416 · August 19, 2018, 7:04pm

Oh okay thats for this Link!

I will read it tomorrow and tell you again!

theo416 · August 20, 2018, 1:26pm

I’ve readed the Tutorial and think I stay at the Basic Authentication on port 80 with apache2 and wait for an openhab version that has the authentication for sitemaps out of the box!

But thank you for all your informations!