my openhab instance works perfectly but the app for iOS (version 2.03 on iOS 12.1.4) does not. A “connecting” message appears at the buttom but nothing happens.
In the log of the reverse proxy which is connected upstream I can see that requests for /rest/sitemaps with the basic auth username arrive and they are responded (status code 200). But there are also requests for /rest/bindings without a username and these are dismissed (status code 403).
It is an SSL setup with selfsigned certificates. I think there was no info/warning/question about that when connected the first time.
On my android phone with the android app it works without any problem.
Sure, the browser asks for authentication for all openhab URLs. If given the json reply is responded (200) otherwise access is denied (403). Works as designed.
The android app also requests some (problably the same) URLs without authentication. But in contrast to the iOS app it works.
But you are talking about the local connection here, aren’t you?
I haven’t tried setting up an SSL reverse proxy yet, but since you are saying that you use self-signed certificates, have you imported them onto your iPhone?
Sorry, no, it’s a remote connection. A local connection would be hardly to test because it is another network.
Is it neccessary to import selfsigned certificates? This would be done outside the app, wouldn’t it?
On the first connection the android the app has shown a popup with the so far unknown certificate data. It could be accepted within the app.
SSL connections by the iPhone app should be established because I can see successful requests (and unsuccessful ones without authentication) in the reverse proxy logs.
Sorry, but I have to ask again, just to make sure we’re speaking of the same things. I am a bit confused now.
The url I you entered is the one with the ssl reverse proxy in between? And this url goes through the reverse proxy to our openHAB instance? And in the app on your iPhone, have you entered this url under Local URL or Remote URL?
Yes, it should be necessary. SSL connections would normally not be accepted with an unknown and thus untrusted certificate. You can import the certificate by sending it your iPhone (email or Airdrop, whatever). How did you create the certificate? Using the keychain assistent of a Mac?
Don’t sure if it is the same problem, but using iOS app with vpn to connect to openhab didn’t worked.
I had to insert local ip in the app under external ip to get it working. The app seems to decide by wlan connectivity if internal ip or extern ip is used.
Thanks, I am on another network so a local connection would never be possible. (I am confused now what is the meaning of local and remote here. I thought it is related to IPv4 net mask. Or is it wifi vs. mobile? What if I am connected to another wifi?)
I’ve been using a local url with on-demand VPN on my iPhone which works perfectly. I have entered the local url in Local URL field, and I entered myopenhab.org in the Remote URL field.
As far as I can tell, the app tries to connect locally first. If that fails, it uses the remote connection. However, in combination with the on-demand VPN, the attempt to locally connect causes the VPN to get established, and the local connection works.
Local means in the local network (LAN). However, if using VPN, the Local URL field of the app can be used because the VPN tunnel makes the other end appear as if it were within the local network of the iPhone.
Importing the certificate did not solve the problem. The app shows the same behaviour: popup “connecting”, nothing more.
SSL doesn’t seem to be the problem. I also tried it with an official singed certificate (by let’s encrypt), that didn’t work either.
Next I am going to try it without SSL and plain http.
Very interesting. I startet vpn connection, when established I could not connect with only local ip configured in App. He forced to enter an external ip. Because don’t use myopenhab.org there was no way to get it working without enter local ip at external ip.
Are you sure, it works with vpn and not via myopenhab.org at your device?
I tested many configurations and the result is that SSL works fine, but authentication is the problem.
(Authentication is done by a reverse proxy making use of basic authentication.)
If access is granted at all: works
If access is granted some users only (basic authentication) and username/password not correct: red popup with an appropriate access denied massage: works
If access is granted to some users only with username and password correct: the problem “Connection” popup, nothing more
The proxy log shows requests to /rest/sitemaps with authentication that were responded successfully.
But there are also requests to /rest/bindings without authentication (or a wrong one). These requests were of course denied. (403)
If access is granted some users only but anybody (= no restriction) to /rest/sitemaps: works
In summary the app sends requests without (or wrong) authentication for some ressources. These requests are denied and the app is not usable.