Please add the following line to /etc/default/openhab2 (expecting you to be on a linux apt setup):
EXTRA_JAVA_OPTS="-Dorg.apache.felix.http.host=127.0.0.1"
Untested Update: doesn’t seem to work. @Kai I’ve probably chosen the wrong option?
1 Like
The VERY wrong option - we are running Jetty through Pax-Web, not Felix HTTP service 
So better go and search somewhere here: https://ops4j1.jira.com/wiki/display/paxweb/Configuration
org.ops4j.pax.web.listening.addresses seems to be the setting, which would have to go into etc/org.ops4j.pax.web.cfg.
1 Like
I’ve never bothered with these parts of openHAB and don’t want to 
My suggestion was a between-the-doors hunch based on this: https://www.google.de/search?q=org.osgi.service.http.port
Thanks for your help. We should provide this option (inside setenv and) as a variable just like the HTTP(S) Ports.
FTR: I have successfully tested this setting. Using 127.0.0.1 made openHAB only answer on the loopback interface.
So I have to create the file?
sudo nano /etc/org.ops4j.pax.web.cfg
to create a new file?
org.ops4j.pax.web.listening.addresses=127.0.0.1
as single line in that file?
See here also:
No, the file that you need to modify is already located at: $OPENHAB_USERDATA/etc/org.ops4j.pax.web.cfg
(/var/lib/openhab2/etc/org.ops4j.pax.web.cfg)
edit the default value (from 0.0.0.0 to 127.0.0.1) to allow only localhost to access the OH2 web services.
#
# Listening addresses. This should match host in the sslconnector/name attribute in jetty.xml
#
org.ops4j.pax.web.listening.addresses = 0.0.0.0
2 Likes
On debian-based setups this file can be found in
/var/lib/openhabs/etc/org.ops4j.pax.web.cfg
2 Likes
You should be able to put in a comma separated list of allowed addresses.
https://ops4j1.jira.com/wiki/plugins/servlet/mobile?contentId=12059275#content/view/12059275
Correct. Comma separated IP Addresses can be configured in the org.ops4j.pax.web.listening.addresses parameter
btw, I tried to add a subnet (172.16.13.0/24) and I get an error:
2017-01-18 11:25:49.230 [ERROR] [.service.internal.HttpServiceStarted] - Could not start the servlet context for context path []
java.net.SocketException: Unresolved address
So, this is only for local IPs of the host running OH2.
If I’m using 127.0.0.1 it works.
But comma-separated lists don’t work…
I tried it with (oh-server is 192.168.5.4):
127.0.0.1,192.168.5.0
127.0.0.1,192.168.5.0/24
127.0.0.1,192.168.5.*
127.0.0.1,192.168.5.2
I have connected two networks by vpn. My openhab should only be available in the 5er-subnet…
You can’t specify IP Subnets there. This parameter is for binding the web services (http & https) to local interface(s) (using hostname or IP)
Only local host IPs
In your case, it would be:
127.0.0.1, 192.168.5.4
(or the default 0.0.0.0 to do the same… bind to both local IPs :))
Now It works kind of:
Port 8080 is only available over 127.0.0.1
Port 80 via nginx is open to my subnet
Everything works - except Hueemulation and Echo.
Maybe theres a hardcoded 8080 in the hueemulation?!?
1 Like
Be careful: This setting affects HTTP on port 8080, but not HTTPS on port 8443!
One should bind OpenHAB to 127.0.0.1 and disable HTTPS support in OpenHAB when using a reverse proxy.
If HTTPS is needed, it should be activated in the reverse proxy configuration.
org.osgi.service.http.secure.enabled = false
org.ops4j.pax.web.listening.addresses = 127.0.0.1
1 Like
Does this still work in 2.3? I have it set to localhost,10.88.64.4 but now with 2.3 I am seeing:
2018-05-12 11:57:07.517 [WARN ] [g.eclipse.smarthome.core.net.NetUtil] - Found multiple local interfaces - ignoring 10.88.64.4
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at http://50.246.121.172:8080
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at https://50.246.121.172:8443
That is my public IP, however netstat shows:
[root@lisa smarthome]# netstat -nl |grep 8080
tcp 0 0 10.88.64.4:8080 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTENtry to set in /etc/openhab2/services/runtime.cfg
org.eclipse.smarthome.network:primaryAddress = 10.88.64.4/24
org.eclipse.smarthome.network:broadcastAddress = 10.88.64.255
org.eclipse.smarthome.core.net.NetUtil:primaryAddress = 10.88.64.0/24
to see if this helps
Setting the listening interfaces worked for me for all OH 2.X versions. When I do the same on OH3 it does not seem to bind to any interface at all. Has anyone got this working with OH3 already?
I need a solution too. I want to run an external service that needs port 1900 for UPnP, so I gave my Raspberry Pi two IP addresses. OpenHAB 3 keeps blocking that port on both addresses though, and the solutions in this thread have not helped. Is there any way at all to tell OH3 to only bind to a specific IP address? The only solution right now seems to be to start OH after the other service.
If you are taking about the web front-end it is definitely possible. It was a configuration error on my end. See: Binding OH3 to selected interface(s)
However when I read your post I think you’re not talking about the web server!?
Correct. I don’t even really care if the webserver binds to both addresses because I don’t need port 8080 for anything else. I just need OH to stop grabbing port 1900 on one of both addresses. I don’t even know what part of OH does this because I have neither Hue Emulation nor the UPnP Binding installed.