Hello Everyone,
Newbie here, struggling with the NGINX configuration.
i’ve followed the guide @ https://www.openhab.org/docs/installation/security.html#encrypted-communication however i’m not managing to get things to work.
- I’m fine with having everybody within my LAN having to type username and pasword, (unless they know that openhab is reachable at 8080=>that would be me…)
- i’m ok withOUT setting a 301 redirect from http to https : as long as i have an https destination port to forward to from the router when an https request is made from ouside to my dyndns host name, i’m fine.
SO,
up until the username authentication i’m fine.
i then followed up with (i thought) no issues generating certificates with OpenSSL, adding them to the ngniX configuration file… BUT
as soon as i try and enter
listen 443 ssl;
i don’t manage to get through to the openhab page anymore.
i’ve been rolling back and forth between various solutions advised in about 24 posts on the forum (some of which are way above my needs and knowledge) but i can’t seem to wrap my brain around it…
my current ngnix configuration file, looks like this
server {
listen 80;
server_name mydomain_or_myip;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
where: ssl certificates are for now just for show, as i’m not managing to get ssl to work.
If i swap “listen 80;
” with “listen 443 ssl;
” should i have the wanted result?
What i get is:
- correct syntax test with ngnix
- after restarting the service and my browser (+clearing its cache)
- correct user+password request
- follwed by a litteral redirect to
https://mydomain_or_myip/start/index
in the address bar (both in chrome and friefox) that doesn’t resolve to the internal ip of my rpi/start/index.
I’ve tried inserting the 301 redirect as per the official guide, but i guess it’s only natural that it doesn’t work if what it’s redirecting to isn’t working in the first place.
I have tried swapping proxy_set_header host to $http_proxy - that resolves to 127.0.0.1/start/index
Any help would be much appreciated.
UPDATE
i’ve been doing some more reading, but i’m getting more and more lost .
- should i use
proxy_bind rpisstaticiphere
? - if nginx receives an https call, after authentication, does it forward it onto openhab as an https call? If so- do i have to i set up openhab as https by default on 8443 and then change
proxy_pass
tohttps://localhost:8443/
for it to work?