Binding only to specific network interface

Please add the following line to /etc/default/openhab2 (expecting you to be on a linux apt setup):


Untested Update: doesn’t seem to work. @Kai I’ve probably chosen the wrong option?

1 Like

The VERY wrong option - we are running Jetty through Pax-Web, not Felix HTTP service :slight_smile:
So better go and search somewhere here:

org.ops4j.pax.web.listening.addresses seems to be the setting, which would have to go into etc/org.ops4j.pax.web.cfg.

1 Like

I’ve never bothered with these parts of openHAB and don’t want to :relieved: My suggestion was a between-the-doors hunch based on this:
Thanks for your help. We should provide this option (inside setenv and) as a variable just like the HTTP(S) Ports.

@Kwave @mashborn please test

FTR: I have successfully tested this setting. Using made openHAB only answer on the loopback interface.

So I have to create the file?

sudo nano /etc/org.ops4j.pax.web.cfg
to create a new file?

as single line in that file?

See here also:

No, the file that you need to modify is already located at: $OPENHAB_USERDATA/etc/org.ops4j.pax.web.cfg

edit the default value (from to to allow only localhost to access the OH2 web services.

# Listening addresses. This should match host in the sslconnector/name attribute in jetty.xml
org.ops4j.pax.web.listening.addresses =


On debian-based setups this file can be found in


You should be able to put in a comma separated list of allowed addresses.

Correct. Comma separated IP Addresses can be configured in the org.ops4j.pax.web.listening.addresses parameter

btw, I tried to add a subnet ( and I get an error:

2017-01-18 11:25:49.230 [ERROR] [.service.internal.HttpServiceStarted] - Could not start the servlet context for context path [] Unresolved address

So, this is only for local IPs of the host running OH2.

If I’m using it works.

But comma-separated lists don’t work…

I tried it with (oh-server is,,,192.168.5.*,

I have connected two networks by vpn. My openhab should only be available in the 5er-subnet…

You can’t specify IP Subnets there. This parameter is for binding the web services (http & https) to local interface(s) (using hostname or IP)

Only local host IPs

In your case, it would be:,

(or the default to do the same… bind to both local IPs :))

Now It works kind of:
Port 8080 is only available over
Port 80 via nginx is open to my subnet
Everything works - except Hueemulation and Echo.

Maybe theres a hardcoded 8080 in the hueemulation?!?

1 Like

Be careful: This setting affects HTTP on port 8080, but not HTTPS on port 8443!

One should bind OpenHAB to and disable HTTPS support in OpenHAB when using a reverse proxy.

If HTTPS is needed, it should be activated in the reverse proxy configuration. = false
org.ops4j.pax.web.listening.addresses =
1 Like

Does this still work in 2.3? I have it set to localhost, but now with 2.3 I am seeing:

2018-05-12 11:57:07.517 [WARN ] [] - Found multiple local interfaces - ignoring
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at
2018-05-12 11:57:07.541 [INFO ] [.dashboard.internal.DashboardService] - Started Dashboard at

That is my public IP, however netstat shows:

[root@lisa smarthome]# netstat -nl |grep 8080
tcp        0      0*               LISTEN     
tcp        0      0*               LISTEN

try to set in /etc/openhab2/services/runtime.cfg = = =

to see if this helps

Setting the listening interfaces worked for me for all OH 2.X versions. When I do the same on OH3 it does not seem to bind to any interface at all. Has anyone got this working with OH3 already?

I need a solution too. I want to run an external service that needs port 1900 for UPnP, so I gave my Raspberry Pi two IP addresses. OpenHAB 3 keeps blocking that port on both addresses though, and the solutions in this thread have not helped. Is there any way at all to tell OH3 to only bind to a specific IP address? The only solution right now seems to be to start OH after the other service.

If you are taking about the web front-end it is definitely possible. It was a configuration error on my end. See: Binding OH3 to selected interface(s)

However when I read your post I think you’re not talking about the web server!?

Correct. I don’t even really care if the webserver binds to both addresses because I don’t need port 8080 for anything else. I just need OH to stop grabbing port 1900 on one of both addresses. I don’t even know what part of OH does this because I have neither Hue Emulation nor the UPnP Binding installed.