I am trying to to set up nginx to do basic reverse proxy. I hve been following some of the other posts on this topic. I’m am making some progress but if OpenHAB asks you to auth alrady what is the point of adding auth in nginx, other than extra security? I’m not exposing this to the internet. But I can’t seem to make the reverse proxy work without it. Is the backend tomcat, or jetty or something else? I feel like there is a file that needs to be edited to tell it serve from this location, similar to doing this with tomcat.
This is what I have in my config so far.
# https://nginx.org/en/docs/http/ngx_http_auth_request_module.html says auth_request may not be combined with auth_basic,
# This is because 401 redirects to vouch, and you never get the basic auth form.
# However, openhab apps are configured and send the correct auth info without triggering 401, so this works for that case.
location /openhab/ {
# auth_basic "Username and Password Required";
# auth_basic_user_file /var/lib/openhab/etc/.htpasswd-openhab; #htpasswd -c openhab username
# proxy_pass http://localhost:8080/;
proxy_buffering off;
proxy_set_header Host $http_host/openhab;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # add the real ip of the client
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# resolver 10.150.10.110 valid=30s;
set $upstream_app 127.0.0.1;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# change the normal "start" redirect directly to the basic ui;
# proxy_redirect http://localhost/openhab/start/index /openhab/basicui/app;
sub_filter_types application/javascript text/xml text/css text/javascript application/json text/plain;
sub_filter_once off;
sub_filter '/rest/' '/openhab/rest/';
sub_filter '"/icon/' '"/openhab/icon/';
sub_filter '"/basicui/' '"/openhab/basicui/';
sub_filter '"/chart' '"/openhab/chart';
}
# User management at sitemap level -> strip openhab json file
location = /rest/sitemaps {
resolver 127.0.0.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_pass http://localhost/cgi-bin/ohsitemap/filter?user=$remote_user;
}
# location /.well-known/acme-challenge/ {
# root /var/www/acme-challenge;
# }
Thoughts?