Is there a way to bind the openhab2 api on localhost only and/or to restrictions to access the api?
Hi @B0rner, yes. you can find this information in the docs:
Authentication and Access Control for binding to localhost only.
Running openHAB Behind a Reverse Proxy to control external access.
Hope this helps.
1 Like
Benjy,
thank you for linking the docs.
But it looks like, that it’s only possible, to bind only the whole openhab2 instance to localhost, not the API only, which could be a problem in my case, because I like to access openhab2 webpage from any webbrowser connected to the LAN. Only the API should be bind on localhost.
It looks like, the only way is to bind openhab2 completely to localhost in order to use an NGINX reverse proxy with authentication for accessing the penhab2 webpage, which looks complicated.
Or… to say my goal in other words: I’m looking for a way, to make the sitemap / visualisation available for anybody, but restrict access for changing configuration (using api, habmin, paperui,…) to only one host and/or only one valid user.
Openhab controls my house and nothing or no one else should do it.
Isn’t there any discussion about implementing an access control to openhab2? I think, this is an very important think to implement an “easy to use” authentication/security mechanism.
For now, using a reverse proxy should at least secure the household. This is how I do it: uou can’t access the site externally without a password, but once on the home network anyone can access the API.
There’s many discussions on GitHub in both openHAB and Eclipse SmartHome about implementing a Security API. Unfortunately, this has proven extremely difficult to do, and there have not been many people willing to give it a go. There are current discussions and about doing it though, so I remain hopeful!