@Kai pointed out in https://github.com/eclipse/smarthome/issues/4364 that the problem is not in the software, but in the reverse proxy configuration.
Problem
In the reverse proxy, the SSL connection is terminated, and the request is forwarded to the openhab server via HTTP. However, the fact that the original request was issued via HTTPS is not forwarded.
Consequence: In the openhab server, upon event subscription in org.eclipse.smarthome.io.rest.sitemap.internal.SitemapResource, the injected javax.ws.rs.core.UriInfo assumes the HTTP protocol. Therefore openhab returns an HTTP url for the eventsource.
Solution
Following Kai’s pointer to Nginx with https as reverse proxy for openhab2, I made the reverse proxy tell openhab the protocol of the original request, namely HTTPS:
ProxyPass "/" "http://openhabianpi:8080/"
ProxyPassReverse "/" "http://openhabianpi:8080/"
RequestHeader set X-Forwarded-Proto "https" # <--- make openhab aware of HTTPS
Question
Why does openhab generate complete urls in org.eclipse.smarthome.io.rest.sitemap.internal.SitemapResource rather than only paths? Using paths the web application can assemble the correct event source url. Therefore proxy configuration would be simplified.
Regards and “Grüße aus Frankfurt”.