NGINX reverse proxy setup issue

Hello Everyone,

Newbie here, struggling with the NGINX configuration.

i’ve followed the guide @ https://www.openhab.org/docs/installation/security.html#encrypted-communication however i’m not managing to get things to work.

  • I’m fine with having everybody within my LAN having to type username and pasword, (unless they know that openhab is reachable at 8080=>that would be me…)
  • i’m ok withOUT setting a 301 redirect from http to https : as long as i have an https destination port to forward to from the router when an https request is made from ouside to my dyndns host name, i’m fine.

SO,
up until the username authentication i’m fine.
i then followed up with (i thought) no issues generating certificates with OpenSSL, adding them to the ngniX configuration file… BUT

as soon as i try and enter

listen                          443 ssl;

i don’t manage to get through to the openhab page anymore.
i’ve been rolling back and forth between various solutions advised in about 24 posts on the forum (some of which are way above my needs and knowledge) but i can’t seem to wrap my brain around it…

my current ngnix configuration file, looks like this

server {
    listen                                    80;
    server_name                               mydomain_or_myip;
    ssl_certificate                           /etc/ssl/openhab.crt;
    ssl_certificate_key                       /etc/ssl/openhab.key;

    location / {
        proxy_pass                            http://localhost:8080/;
        proxy_set_header Host                 $http_host;
        proxy_set_header X-Real-IP            $remote_addr;
        proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto    $scheme;
        satisfy                               any;
        allow                                 127.0.0.1;
        deny                                  all;
        auth_basic                            "Username and Password Required";
        auth_basic_user_file                  /etc/nginx/.htpasswd;
    }
}

where: ssl certificates are for now just for show, as i’m not managing to get ssl to work.
If i swap “listen 80;” with “listen 443 ssl;” should i have the wanted result?
What i get is:

  • correct syntax test with ngnix
  • after restarting the service and my browser (+clearing its cache)
  • correct user+password request
  • follwed by a litteral redirect to

https://mydomain_or_myip/start/index

in the address bar (both in chrome and friefox) that doesn’t resolve to the internal ip of my rpi/start/index.

I’ve tried inserting the 301 redirect as per the official guide, but i guess it’s only natural that it doesn’t work if what it’s redirecting to isn’t working in the first place.
I have tried swapping proxy_set_header host to $http_proxy - that resolves to 127.0.0.1/start/index

Any help would be much appreciated.


UPDATE
i’ve been doing some more reading, but i’m getting more and more lost :face_with_raised_eyebrow: :persevere:.

  • should i use proxy_bind rpisstaticiphere ?
  • if nginx receives an https call, after authentication, does it forward it onto openhab as an https call? If so- do i have to i set up openhab as https by default on 8443 and then change proxy_pass to https://localhost:8443/
    for it to work?

Does anybody with NGINX knowledge manage to help me?

I hate to be a bugger, but i’m still really stuck :confused:

to the mods:
please close this thread. i’ve made substantial changes to the configuration,so it’s obsolete.
I have indeed made some steps forward but sadly i find myself in a very simlar situation now. will ask for help in another thread. ty.