Grafana (https - selfsigned) in WebFrame seems not supported in openhab APP

  • Platform information:

    • Hardware:Rasperry 4 4GB RAM
    • OS: Rasperry Pi OS 64bit
    • openHAB version: 3.3 M2 (Docker)
    • grafana 8.5.0 (Docker)
  • Issue of the topic:

I modified the grafana server connection from HTTP to HTTPS with an selfsigned certificate.
Everything is working well on my PC and mobile browsers.
But as soon as I use the OPENHAB Android App and navigate to openHAB 3 UI the problem appear.
The page, where the graphs are embedded, show the following message:

Derzeit unterstützt diese App keine selbstsignierten SSL-Zertifikate für Webview Widgets.

translated:

Currently, this app does not support self-signed SSL certificates for Webview widgets.

The context is clear, but I have two questions:

  1. Are Let’s Encrypt certificates are supported?
  2. Is the support of selfsigned certificates is planned in the final OH 3.3 release?

Thanks for your feedback!

Yes, they should be trusted.

This has to be implemented in the app. It’s an open issue, but currently nobody is working on it: Problem accessing Webview with untrusted SSL certificate · Issue #948 · openhab/openhab-android · GitHub

You could also import your CA into your phone.

The issue is not OH (so unrelated to the 3.3 release), but a limitation of the WebView: it only supports certificates it knows the root CA for. If your Android version is recent enough, a Let’s Encrypt cert should work. Another option would be using the same cert for your Grafana and OH installations and letting the app use HTTPS to connect to the OH server. That way, the app knows the cert and will accept it for WebViews as well. It may be possible to make the app remember WebView specific self signed certs as well, but that is low on the prio list since it’s complicated and rarely used.

Thanks for your feedback.
I tried different scenarios but did not succeed.
Finally I modified everything back to HTTP, at least for now.
But now I can see my grafana graphs via openhab Andorid app (connected via local URL).
Only issue is connecting via remote URL (myopenhab.org), the graphs are not loading.
No error message is raised, it just stay empty.
Is this also know by others?

Thanks!

One idea I have in my mind is to use the openhab key and certificate for grafana docker.
But I can’t find the necessary files in the OH docker.
Do you think this could work?

You could run both openHAB and Grafana under the same reverse proxy, e.g. https://<host>/ for openHAB and https://<host>/grafana for Grafana.

This is what I’m now trying to setup. Installing nginx docker and configure it with let’s encrypt.

Finally I set up nginx docker as reverse proxy.
Now I’m able to retrieve the grafana graphs in openhab app as well as via driect dyndns URL.
One additinal change was necessayr, I had to modify the URLs of the graphs in my UI pages to my dyndns domain name.
But so far it is working with my self signed certificates (grafana) via the single https port.

1 Like