Binding only to specific network interface

Tags: #<Tag:0x00007f6173b55ed8>


how to configure OH2 to bind only to a specific network interface? I want the openhab webinterface to only be available on


1 Like

Hello @Kwave,
that’s imho not supported at the moment. You can change the serving port or block the port via firewall if that is an option. Certainly we should look into a solution. I’ll investigate. Ping me in a few days

Please add the following line to /etc/default/openhab2 (expecting you to be on a linux apt setup):


Untested Update: doesn’t seem to work. @Kai I’ve probably chosen the wrong option?

1 Like

The VERY wrong option - we are running Jetty through Pax-Web, not Felix HTTP service :slight_smile:
So better go and search somewhere here:

org.ops4j.pax.web.listening.addresses seems to be the setting, which would have to go into etc/org.ops4j.pax.web.cfg.

1 Like

I’ve never bothered with these parts of openHAB and don’t want to :relieved: My suggestion was a between-the-doors hunch based on this:
Thanks for your help. We should provide this option (inside setenv and) as a variable just like the HTTP(S) Ports.

@Kwave @mashborn please test

FTR: I have successfully tested this setting. Using made openHAB only answer on the loopback interface.

So I have to create the file?

sudo nano /etc/org.ops4j.pax.web.cfg
to create a new file?

as single line in that file?

See here also:

No, the file that you need to modify is already located at: $OPENHAB_USERDATA/etc/org.ops4j.pax.web.cfg

edit the default value (from to to allow only localhost to access the OH2 web services.

# Listening addresses. This should match host in the sslconnector/name attribute in jetty.xml
org.ops4j.pax.web.listening.addresses =


On debian-based setups this file can be found in


You should be able to put in a comma separated list of allowed addresses.

Correct. Comma separated IP Addresses can be configured in the org.ops4j.pax.web.listening.addresses parameter

btw, I tried to add a subnet ( and I get an error:

2017-01-18 11:25:49.230 [ERROR] [.service.internal.HttpServiceStarted] - Could not start the servlet context for context path [] Unresolved address

So, this is only for local IPs of the host running OH2.

If I’m using it works.

But comma-separated lists don’t work…

I tried it with (oh-server is,,,192.168.5.*,

I have connected two networks by vpn. My openhab should only be available in the 5er-subnet…

You can’t specify IP Subnets there. This parameter is for binding the web services (http & https) to local interface(s) (using hostname or IP)

Only local host IPs

In your case, it would be:,

(or the default to do the same… bind to both local IPs :))

Now It works kind of:
Port 8080 is only available over
Port 80 via nginx is open to my subnet
Everything works - except Hueemulation and Echo.

Maybe theres a hardcoded 8080 in the hueemulation?!?

1 Like

Be careful: This setting affects HTTP on port 8080, but not HTTPS on port 8443!

One should bind OpenHAB to and disable HTTPS support in OpenHAB when using a reverse proxy.

If HTTPS is needed, it should be activated in the reverse proxy configuration. = false
org.ops4j.pax.web.listening.addresses =
1 Like

Does this still work in 2.3? I have it set to localhost, but now with 2.3 I am seeing:

2018-05-12 11:57:07.517 [WARN ] [] - Found multiple local interfaces - ignoring
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at

That is my public IP, however netstat shows:

[root@lisa smarthome]# netstat -nl |grep 8080
tcp        0      0*               LISTEN     
tcp        0      0*               LISTEN

try to set in /etc/openhab2/services/runtime.cfg = = =

to see if this helps