Expose only basicui to the internet

I’d like to access my home openHAB instance via the internet from my smartphone.

[Securing Communication and Access | openHAB] shows how to set up a reverse proxy.

This exposes the the whole openHAB instance to the internet. I’d like to have ony basicui accessible from the internet.

This would need a common path prefix that would be proxied. But if I look at the traffic of basicui, there is no common prefix.


One would need something like


Has anybody worked on something like this?

Or is VPN the better option?


VPN is definitely the better option, or use myopenHAB and the official apps…

1 Like

have a look here.

Keep in mind that BasicUI has to be able to access the generic openHAB REST API and since BasicUI runs in the browser it means the REST API needs to be exposed as well. There isn’t a /basicui/rest because BasicUI doesn’t have it’s own REST API endpoint.

In this case it’s pretty much all or nothing.

As mentioned, VPN or myopenhab.org will be better options, though even with myopenhab.org. Having recently set up Tailscale I highly recommend it and I think openHABian has an option to set that up.

/basicui/rest could be another facade to the Java code behind /rest

And with the /basicui prefix access could be controlled by the Apache/Nginx before it, and basic auth with SSL could be enforced (or oauth2 if bigger guns are needed)

Anyway, guess most easy and secure access is an SSH tunnel, e.g. with ConnectBot.

This also works with openHAB app.