Hiding a sitemap from non-system-admin users? OH 1.x

globramma · January 18, 2017, 9:18pm

Benjy:

Hi @globramma, from what I can see, the bottom location block is working as you’ve told it to. … . You still need to use proxy_pass.
            proxy_pass                            http://localhost:8080/;
…

Your suggestion is helpful but needs one small change:

   proxy_pass                            http://localhost:8080/;

does not work:

user@MyOpenHAB:/etc/nginx/sites-enabled$ sudo nginx -t

nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or
inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/sites-
enabled/default:91

Instead, this works fine:

    proxy_pass                            http://localhost:8080;

(without the trailing slash).

I was helped to this understanding by a post on Serverfault: “Nginx regex location doesn’t work with proxy pass.”.

In summary, here is a complete and functional pair of nginx location definitions that accomplish my original intention. Thanks for your assistance.

####  2017-01-16 CUSTOMIZATION for OPENHAB
##    Reverse-proxy configuration to filter requests sent to OpenHAB.
###   First Location definition transparently proxies all requests from OH clients (web or mobile app)
###   Second Location definition filters requests for a specific sitemap, & applies access control rules.
###  

# The nginx proxy server listens on port 7090. (Set to whatever available port you wish.)

server {
	listen             7090;
	server_name         mydomain_or_myip;
	
	## "location /" matches all requests

	location / {
	
	## the proxy_pass line should be the port your OpenHAB server listens on. (Default is 8080.)	
	## If nginx & OpenHAB are on different physical or virtual servers, replace "localhost"
	## with the FQDN, such as:  myserver.mydomain.com

     	proxy_pass                            http://localhost:8080/;
		proxy_buffering                       off;
		proxy_set_header Host                 $http_host;
		proxy_set_header X-Real-IP            $remote_addr;
		proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto    $scheme;
	}


	location  ~   /rest/sitemaps/myPrivateSitemap*.*   {

		## This tells nginx how to handle requests that match the "location" regular-expression 

		allow 192.168.1.143;
	   	deny all; 

			    proxy_pass                            http://localhost:8080;
            	proxy_buffering                       off;
            	proxy_set_header Host                 $http_host;
            	proxy_set_header X-Real-IP            $remote_addr;
            	proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
            	proxy_set_header X-Forwarded-Proto    $scheme;
	}
}