I’m just starting to set up my first openHAB2. Since it doesn’t have support for authentication I thought I’d start with setting up listening addresses according to http://docs.openhab.org/installation/security.html It doesn’t say anything of which format to use for org.ops4j.pax.web.listening.addresses though, hope anyone here can enlighten me. Can I use multiple addresses? Can I use CIDR? What I would like to use is something like “127.0.0.1,192.168.0.0/16”.
You can (comma separated) but these IP Addresses are only for your host’s interfaces.
This parameter is for binding the web services (http & https) to a local interface (using hostname or IP). see: http://ops4j.github.io/pax/web/SNAPSHOT/Configuration.html
You can’t define allowed subnets etc (to act as a “firewall” rule)
To implement security of this type, you could use @Benjy 's tutorial on NGINX and allow only certain IP Subnets in your NGINX server configuration
Thanks, I’ll look into it.
I think the easiest would be simply putting a rule in my router only allowing specific ip spans. Thought I’d try using myopenhab.org though so I guess I’ll need to know from which IP their calls originate. Anyone here knows that?