Nginx as reverse proxy for OH2 at non-root location

I followed the tutorial here: http://docs.openhab.org/installation/security.html Everything worked as described: Nginx was doing the reverse proxy thing. But when I tried to replace “location / {” with “location /openhab {” and then access OH2 as https://my domain/openhab, all I am getting is that “openhab is not found”. I tried adding slashes at the end of openhab to no avail. I think the “not found” message is coming from Jetty, not Nginx.

Does anyone know how to rewrite the Nginx reverse proxy example from the above tutorial for the case of a non-root location? This is principal for me, as I’m also running my regular web site on the same PC, so I want the “OH2 behind Nginx reverse proxy” to co-exist with my regular web site.

Thank you!

It can’t be done as far as I can tell. The problem is nginx will translate the incoming URL but it doesn’t replace the URLs embedded in the HTML, or even worse, generated by JavaScript. So you request something from HTTPS://blah.com/openhab and all the URLs in the HTML are HTTPS://blah/

If you need it to coexist with some other web app you will need to proxy openhab on a port other than 443.

This can be done in nginx, but only if it was compiled with the http_sub_module flag enabled. http://nginx.org/en/docs/http/ngx_http_sub_module.html

If recompiling it isn’t an option, then your only real option is to use a subdomain instead.

Also only if the URLs in the page are not dynamically generated with JavaScript, some of which are in oh’s uis I believe.

I was having the same question/issue. I can not get paper ui running, but at least for basic ui my config is:

  • Hostname: openhab (yes, this shall change somewhere in future
  • Subdirectory: /openhab
    location /openhab/ {
        proxy_pass                            http://localhost:8080/;
        proxy_set_header Host                 $http_host;
        proxy_set_header X-Real-IP            $remote_addr;
        proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto    $scheme;

#       change the normal "start" redirect directly to the basic ui;
        proxy_redirect http://openhab/start/index /openhab/basicui/app;

        sub_filter_types application/javascript text/html text/css text/xml text/css text/javascript application/json text/plain;
        sub_filter_once off;
        sub_filter '/rest/' '/openhab/rest/';
        sub_filter '"/icon/' '"/openhab/icon/';
        sub_filter '"/basicui/' '"/openhab/basicui/';

## Password Protection
        auth_basic                              "Username and Password Required";
        auth_basic_user_file                    /etc/nginx/.htpasswd;
    }

improvements welcome :slight_smile:

(yes, it is bad and ugly)

2 Likes

@kohlsalem, did you ever get it fully working?

Thank you,
Boby

No. Not with subdirectories.

A virtual host would do it, but I would have to run an own DNS server, which I would want to avoid…

But basic UI works, so it’s kind-of-ok…

Might be too late on that… but for the record … we got this working in subdirectory with the same code as of @kohlsalem, only added the host header, as of:

location /openhab/ {

    proxy_pass                            http://localhost:8080/;
    proxy_set_header Host                 $host/openhab;
    proxy_set_header X-Real-IP            $remote_addr;
    proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto    $scheme;

    #  change the normal "start" redirect directly to the basic ui;
    proxy_redirect http://openhab/start/index /openhab/basicui/app;

    sub_filter_types application/javascript text/xml text/css text/javascript application/json text/plain;
    sub_filter_once off;
    sub_filter '/rest/' '/openhab/rest/';
    sub_filter '"/icon/' '"/openhab/icon/';
    sub_filter '"/basicui/' '"/openhab/basicui/';

    ## Password Protection
    auth_basic                              "Username and Password Required";
    auth_basic_user_file                    /etc/nginx/.htpasswd;
}

Detail for this line:

    proxy_set_header Host                 $host/openhab;

Hope it helps others!

1 Like

Thanks for your update - I use VPN now (much safer and less configuration effort)

Upon loading the PaperUI, I get a lot of these 404 errors: grafik No items/things are shown on the UI. This does not happen when accessing the address from its local name. Any idea how to fix this?