MyOpenHAB security questions

Hi everyone,

today I configurated my openhab instance via I am experiencing issues as not updating and no items shown. But I guess that directs to the current known problems as described in previous posts.

So I would like to use the time to ask a question that concerns me. When I switched from fhem to openhab first thing I did was installing a reverse proxy to make sure my system is secure. Mostly because my alarm solution is based on openhab and my main door can also be opened remotely. Everything ok so far. Now I would like to use some alexa skills for witch I certainly need the service. As I was reading the binding doc I thought I could define witch items I would like to expose. But finally I found out the expose list in the openhabcloud.cfg is no longer required. So basically everything is exposed that has the expression in the items file?

How do you guys manage this issue. Do you use the hue-emulation?

Just give me your thoughts.


Only items with lighting, switchable, and one or two other tags are exposed. Not ever item in your files.

I am familiar with the exposed list, but unsure if it still functions.

Hoping this helps.

Well, I do get from the login to my openhab instance via link and access paperUI etc.

It does still function and it is required for IFTTT functionality. I should also note that this is the main reason we keep needing to upgrade the servers because far too many users expose all their Items needlessly.

I actually don’t know the answer to that. I know that Google and Alexa can only interact with those Items with the proper tag (lighting, switchable, etc). But I don’t know if they can see all your Items. You might need to look at the code for the skill to find out.

Yes, that is because also serves as a reverse proxy for your openHAB instance’s REST API and webserver. But the code that provides Alexa and Google integration is more constrained than that and are limited in what they can see and do. How limited I do not know. I suspect that the OH Cloud server only exposes those Items that have one of the relevant tags. That’s how I would do it and I trust the devs to be reasonable on this.

Well thank you for your answer. So I guess I don’t really need my reverse proxy. But I’ll keep that up and running while I have it.

Do you know if my current problems are related to the problems? I did just edit my openhabloud.cfg and put my items to the exposed list. After saving I get these entries in my log:

2019-07-29 17:26:23.841 [INFO ] [io.openhabcloud.internal.CloudClient] - Shutting down openHAB Cloud service connection
2019-07-29 17:26:23.882 [INFO ] [io.openhabcloud.internal.CloudClient] - Disconnected from the openHAB Cloud service (UUID = XXXXXXXXXXXXXX, base URL = http://localhost:8080)
2019-07-29 17:26:24.250 [INFO ] [io.openhabcloud.internal.CloudClient] - Connected to the openHAB Cloud service (UUID = XXXXXXXXXXXXXX, base URL = http://localhost:8080)

So far so good. But if i check, the EventLog here says nothing but this:

I would expect a similar log here. And of course my items are still missing.

Usually it will report ONLINE/OFFLINE events when your openHAB instance connects/disconnects from the server. These are in fact the only events I’ve ever seen in that list, but I don’t use IFTTT so I’ve not exposed any Items. Remember, does not hang off of your OH Event Bus. All it does is reverse proxy your REST API and web server. The connections to Alexa and Google Assistant themselves use this proxied REST API.

The only thing I see amiss here is the timestamp. I know that is experiencing some problems right now (I think I saw a thread saying as such) so maybe the 17:26 connection hasn’t been registered. Does it show Online at the top of the page right now?

Only Items that you have exposed in Cloud Connector add-on’s config will appear, and even then only once they have received an event. If you do not plan on using IFTTT, you should not expose any Items that way and that tab should remain blank. If you have exposed some Items, postUpdate or sendCommand to them so they receive an event and then they should appear.

I don’t know if Item events appear in the events tab. It’s been years since I’ve exposed any Items in that way.

Ok, good to know. I did shut down OH a few hours ago. Then at least that event should occur. And says online. But thats what it said when my OH definately was down. So I am a little confused. I am just wondering if I did something wrong or it is related to the issues.