This is a very basic setup using Apache Webserver and Reverse Proxy to enable basic authentication for your OpenHab 2 deployment.
1. Install Apache
sudo apt-get update
sudo apt-get install apache2 apache2-utils
2. Create the Password File
sudo htpasswd -c /etc/apache2/.htpasswd openhab
Enter the password for the user when prompted.
If you want to add more users, leave out the -c
argument (sudo htpasswd /etc/apache2/.htpasswd another_user
)
3. Configure the Apache default Virtual Host
sudo nano /etc/apache2/sites-enabled/000-default.conf
Replace all text in the file with the following:
<VirtualHost *:80>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
<Location />
AuthType Basic
AuthName "OpenHab2 Restricted"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
</VirtualHost>
Save and close the 000-default.conf file.
4. Enable the necessary apache mods
sudo a2enmod proxy proxy_http proxy_ajp rewrite deflate headers proxy_balancer proxy_connect proxy_html xml2enc
5. Restart Apache
sudo service apache2 restart
6. Confirm the Password Authentication
Try to access your OpenHab installation by using the default http port (http://<url_or_ip_of_OH2_host>
) instead of (http://<url_or_ip_of_OH2_host>:8080
).
You will be presented with a username and password prompt that looks like this:
For your mobile App (iOS and/or Android): Set the Username and the password in the application settings and remember to use http://<url_or_ip_of_OH2_host>
without the 8080 port.
7. Enable HTTPS for Apache
(Optional but highly reccomended!)
7.1 Install the crypto packages using apt-get
sudo apt-get install openssl ssl-cert
Package ssl-cert will automatically create a self-signed certificate using the hostname currently configured on your computer. The certificate will be stored in /etc/ssl/certs/
.
7.2 Enable mod_ssl in apache
sudo a2enmod ssl
7.3 Configure the HTTPS Virtual Host
Add the following text to your /etc/apache2/sites-enabled/000-default.conf
file, right after the HTTP section listed in step 3 above :
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
<Location />
AuthType Basic
AuthName "OpenHab2 Restricted"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
</VirtualHost>
7.4 Restart Apache and test the HTTPS connection
sudo service apache2 restart
Now, fire up a browser and go to https://<url_or_ip_of_OH2_host>
. It should establish a HTTPS connection to your apache web server which in turn will proxy the local OpenHab web interface (and of course, it should ask you for your username and password as defined in step 2 above.
From your mobile: Set the Username and the password in the application settings and remember to use https://<url_or_ip_of_OH2_host>
.
Best Regards,
Dimitris