My understanding from Googling this issue is that basic auth in NGINX checks the UN/PW for each request. This is apparently very resource intensive. I believe it was never a noticeable problem with the app just using sitemaps. I’m guessing the new main UI is request heavy? It is virtually unusable through NGINX basic auth. Sometimes is just unacceptably slow. Other times it will never finish rendering. CPU load pegs the whole time it is loading.
Without going through NGINX Basic Auth, none of this happens. You can go through NGINX without basic auth, it is works fine.
Which arguments did you use to create the password hash when running htpasswd ?
There are different algorithms that can be used - fast and slow one.
The slow one iterates several times over the cleartext password to get the hashed one.
This takes time and it is intended that this takes time to ‘block’ remote attackers that try to guess the password.
I’m not talking about OH basic auth. I’m talking about NGINX basic auth. Which as far as I can tell are two totally different and unrelated processes. Logging into NGINX doesn’t log you into OH and it doesn’t matter of I log into OH or not.
Also, logging into OH’s basic auth seems to work fine for me?
right, it seems to be the issue you reported.
Root cause seems to be a more CPU intensive password hashing algorithm to make it more secure. Similar to that what is described in the above linked documents.
I’m having no problems at all using OpenHab’s main UI authentication. Whether I’m logged in as an administrator or not, it seems to work fine… or at least it isn’t showing any symptoms I notice. And that appears to be what the open issue is about. Maybe I’m just not using it hard enough to see the symptoms there?
My problem occurs going through NGINX basic auth, nothing to do with OpenHab’s main ui auth as far as I know. It sounds like it is has happening for the same reason… too many requests getting authenticated and bogging down the CPU. But I don’t see how working around the OH problem will do anything for the NGINX issue?
So, I tried disabling Rest Auth from the console with bundle:stop org.openhab.core.io.rest.auth and it did indeed fix the NGINX basic auth problem. IDK why, I don’t understand what one has to do with the other, and I’m sure everyone else gets it but me. So, that’s awesome and I can connect remotely now.
BUT, with rest auth disabled, I am no longer able to log into the main UI as an administrator. It goes to grey empty screen and fails. Clearing browser data or using an incognito window does not help.
I’m the another one who experience such issue w NGINX and OH3. Today found your post while looking for solution.
For me this slow is about 3 seconds of wait at every request to server remote address (but only in the android application, not when use browser - this is weird) like go to subpage or open main. After stop bundle org.openhab.core.io.rest.auth like you mention, it fix the slow problem but it’s imposible to login to administrator page.
From my observation of CPU usage in time of wait for remote server response, it’s openhab process take most.
