Nginx reverse proxy on dedicated hardware

Hi,
any nginx cracks here? I try to open an address on a dedicated nginx proxy which is running on a dedicated RPi.
So, my configuration look this way:
Internet -> Proxy (PI no. 1) -> OpenHABian (PI no. 2)

I want to access my OH installation using the following address:
https://mydomain.org/openhab

Unfortunately, I manage the forwarding from the proxy to the OH-Raspberry, but when the request is being processed on the OH raspberry, it’s being forwarded to the following address:
https://mydomain.org/start/index

This doesn’t work - and if I open up another location in my nginx conf for /start/index, I get a server error (to many redirections).

Here’s the relevant part of my nginx conf:

        location /openhab/ {
            proxy_pass                            http://192.168.1.xx:8080/;
            proxy_set_header Host                 $http_host;
            proxy_set_header X-Real-IP            $remote_addr;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto    "http";
            satisfy                               any;
        }

Any hint how to fix this?

Thanks!

1 Like

As far as I know no one has ever managed to get that to work. The problem is nginx isn’t able to convert all the embedded URLs, some of which are created dynamically at runtime via JavaScript to use that new based URL for subsequent calls to the OH REST API and subpages.

Someone maybe two years ago got reasonably close with a whole bunch of Rules but I don’t think it was ever completed.

There was an issue opened at some point to provide an OH parameter to support replacing the subdomain itself like a lot of web apps allow, but I don’t know the status.

The tl;dr is unless you figure out the translation rules yourself, no one I know of on this forum has ever made it work. You can’t use https://mydomain.org/openhab/start/index. You will have to use https://mydomain.org/start/index.

Look at https://www.openhab.org/docs/installation/security.html#setting-up-nginx for how to set nginx up for this latter approach.

1 Like

@rlkoshak, thank you. That‘s sad that‘s not possible to use a subdomain for openhab. I‘m no Java developer, but I don‘t think it‘s a big effort to add a prameter to the config which is by default „/„ and will be used in every link which is being generated during the execution.

I‘ll check github if there is such a feature request already and if not, I‘ll open one.

But you told me a workaround: I‘ll try to set up /start as openhab domain for the meantime, because I guess this should work then.

Thank you!

Here are the rules i’m using.

The result is you can access your install from https://mydomain.org/openhab, but it will rewrite subdirectories. In other words, you can start from /openhab, but once you start navigating, the subdirectory pathing will automatically be rewritten as
https://mydomain.org/basicui/app.

Works really nicely, even with 3rd party apps.

They were created by another contributor here, but I’ve tweaked them a little for compatibility with HomeHabit



        # reverse proxy                                                                                                                                                                                                                                               proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect off;
        proxy_set_header Host $http_host;                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

        ##### OpenHAB #####
        location ~* ^/(?:openhab|start|homebuilder|habpanel|classicui|habmin|basicui|paperui|rest|doc|conf|icon|static) {
            rewrite /openhab / break;                                                                                                                                                                                                                                     rewrite /((?:start|homebuilder|habpanel|classicui|habmin|basicui|paperui|rest|doc|conf|icon|static)/.*) /$1 break;
            proxy_pass http://openhabIP:port;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
                                                                                                                                                                                                                                                                          auth_basic "Username and Password Required";
            auth_basic_user_file /opt/etc/nginx/.htpasswd;
        }       
2 Likes

@roy_liao Thank you very much! Worked flawlessly!! I’ve seen some other posts that would have needed this aswell

Glad to hear it worked!

Ultimately, I do think a VPN solution would be better, but this is a clean way of managing things for now. Eventually, I’d like to move to wireguard

PaperUI works atleast, but it seems that I cant use basicui/sitemaps as they dont seem to load all images and stuff.
Any idea what could be the issue here?

Scratch that, I’m stupid…

Here’s how I attacked this.Using a private cloud server and a WireGuard tunnel. Working great for me so far:

Guarding The Smart House

The approach is generic, so should work for any home automation system out there. Have to confess that I had this built before searching the openHAB discussions for an existing solution.