I have a remote OH2 site behind a FIOS router. I can port-forward 8080 and 22 and successfully get http and ssh respectively to the running app, but when I try the REST interface from the UI grid it “freezes” with the header only — never returns the list of top-level REST categories.
cmdline netstat on the ssh’ed instances doesn’t show anything obviously different, but I could be missing something.
Have you looked into the OpenHAB cloud connection? You would be able to send the REST commands to a openHAB cloud and it would sync the change into the system behind the FIOS router; and best of all no port forwarding is necessary.
Please don’t port forward OH directly to the internet. It has absolutely no protection and honestly would not take much to completely pwn your system through OH.
There is no encryption when you port forward 8080, no authentication and authorization for either 8080 or 8443, and there is no way to just expose the REST API. And even if you could limit it to just the REST API, there is almost nothing you can’t do though the REST API.
For remote access I recommend the following in order of preference.
So if you already have the ability to SSH, why not tunnel through the ssh connection? Even limiting the amount of time it is exposed to the internet providers exceptionally limited if not no protection. Zmap can scan the entire IP v4 address space from a single computer in under an hour. Once detected an attack can be launched and completed in microseconds.
I just don’t see any advantage to exposing OH to the internet under these circumstances and especially since you already have a secure way to access the machine through ssh. Just open a tunnel and you can access OH’s 8080 port through the tunnel and avoid the risk?
Tunnels can be set up through putty, the command line and many other ways and there are tons of tutorials on the internet. You can even set up an ssh timer on your Android phone using juicessh (I don’t know about iPhones). I wrote a tutorial on that here somewhere awhile back.