Ngnix no authentication is asked?

Rak123 · March 2, 2020, 9:41am

I have installed lastet openhabian.And through openhabian-config I have installed nginx reverse proxy.But after the setup is complete I locally accessed the openhab server without authentication.

I wanted to have login and password for app as well as web ui.I can see login and passowrd for local settings n app but dont know how to configure it.

Anyone who has wifi access in my house can download the app and load the sitemap.I think the openhab is auto discovered when connected in local network which I dont want.

csi_oh · March 2, 2020, 10:23am

Please have a look into the docs.

openHAB does not (yet) support restricting access through HTTP(S) for certain users - there is no authentication in place, nor is there a limitation of functionality or information that different users can access.

Bruce_Osborne · March 2, 2020, 10:23am

Nginx can be secured as stated in the security documentation but only if you set that up.

Rak123 · March 2, 2020, 6:15pm

currtenly openhab app autodiscovers the openhab server. Is it possible in someway to stop the app to auto discover openhab server.Also I Username and Password under Local server url in app how to configure it.

Rak123 · March 2, 2020, 6:19pm

I have read this documentation.I have installed the setup.
My concern was to secure the my system locally,as I can see the Username and Password in openhab app.I do not want the app to autodiscover openhab server locally.
Is there any way I can do that?

Bruce_Osborne · March 2, 2020, 6:20pm

I have never had the iPhone app autodiscover my openhab server.

Rak123 · March 2, 2020, 6:25pm

I am using an android app

Rak123 · March 2, 2020, 6:28pm

Is there any way to disable autodiscovery of openhab server from android app?
Also how to set local url Username and password?

Bruce_Osborne · March 2, 2020, 6:33pm

Sorry, my mind reading did not pick that up earlier.

rlkoshak · March 2, 2020, 7:14pm

Auto-discovery isn’t the problem, it that your OH is accessible over your local network. If you want to secure your OH server on your LAN, you need to configure the firewall on the host to only allow connectivity from nginx. Then nothing else can access openHAB except by first authenticating through nginx.

And then you have no local connection as far as the android app is concerned. You would only configure the remote connection. There is no way to supply a username/password for the local connection.

NOTE: this may break some things. For example, you won’t be able to get to the LSP used by VSCode to syntax check your configs as you type. There may be some bindings that require broadcast packets. There might be other bindings that need to communicate with OH directly as well. So you either need to allow local traffic to these ports on OH or only block access to port 8080/8443 or live without those features.

Rak123 · March 3, 2020, 4:10am

Is there tutorial where I can do this? I have never configured a firewall before.Is there any one who has done this.

rlkoshak · March 3, 2020, 1:35pm

I’m sure there are tons of them just a google search away. I think overall this is considered outside the scope of OH itself.