Login problem with reverse proxy

Hello all,
I would be happy if someone could help me to solve my problem:
(Raspi 4B, openhabian-Image v3.3 release)

I am in the process of setting up external access (as described in the documentation via nginx).
So far, the setup has progressed to the point where the reverse proxy requires a login.
(next step would be “Making Exceptions for Specific IP addresses”).

The address I call up (on my local LAN) is “http://ourhouse.fritz.box”.
The proxy login works (picture 1). Now, however, I have a problem after I have told the reverse proxy my access data. Afterwards, however, another login mask appears (from openhab itself?) and this does not accept my openhab access data, but appears again and again (picture 2)
However, if I bypass the proxy with “http://ourhouse.fritz.box:8080”, I immediately get to the openhab page.

What is wrong here?

server {
    listen                                    80;
    server_name                               ourhouse.fritz.box;
#    server_name                               mydomain_or_myip;

    # Cross-Origin Resource Sharing
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow_Credentials' 'true' always;
    add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;

    add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;
    proxy_set_header Authorization          "";

    location / {
        proxy_pass                            http://localhost:8080/;
        proxy_set_header Host                 $http_host;
        proxy_set_header X-Real-IP            $remote_addr;
        proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto    $scheme;
        proxy_read_timeout                    3600;
        auth_basic                            "Username and Password Required";
        auth_basic_user_file                  /etc/nginx/.htpasswd;
#        satisfy  any;
#        allow;
#        allow;
#        deny     all;

This is the proxy login (is working)

This is the second login (not working)

Ah, I understood that the user with which I log in to the reverse proxy must be the same as in the Openhab system. But these are currently two different accounts for me. That is the reason for the problem. Log:

2022-07-24 12:58:03.364 [WARN ] [ore.io.rest.auth.internal.AuthFilter] - Unauthorized API request from [0:0:0:0:0:0:0:1]: User not found: <MY_USERNAME>
2022-07-24 12:58:03.389 [WARN ] [ore.io.rest.auth.internal.AuthFilter] - Unauthorized API request from User not found: <MY_USERNAME>

So now I want to create the user I use in the proxy in openhab via the karaf console. But the password contains special characters (for example " and \). But the command line interprets these special characters when I enter them and that’s why entering the complex password fails.

Can I temporarily suppress the immediate interpretation of the input in the karaf console ?

EDIT: I changed the password - so it does not contain critical characters anymore.
Everything is working in this step and I can go on :slightly_smiling_face: