I am learning more details and capability of openhab now that I have a mostly working 4.3 install and a small number of Kasa plugs. I have some questions that I have not been able to answer after going through a number of docs & tutorials.
Log file contents - When issuing: log:tail I see events displayed when they occur. Each event is time stamped but it contains no date. Is there a way to configure the logger to include a date with each event?
Does the logger capture events that are initiated outside of openhab for ALL devices? If I change the state of a Kasa plug from the iphone app, I see a state change in the logger. I don’t recall if the logger captures a state change if I initiate the state change by pressing the button on the plug itself.
How to configure Putty (to use ssh) to make a connection to openhab? I’ve read:
that I need to change the sshhost from 127.0.0.1 to 0.0.0.0, and only secured by the password.
If I make this change, a) are there any settings in putty that should be changed? b) is there any way to tighten the security in addition to a password?
Is this the latest and greatest doc for 4.3? There is a LOT of machinery to put in place for a reverse proxy using NGINX (i am using openhab, NOT openhabian). I am running an apache webserver on the same box as openhab. Will running NGINX conflict with Apache? (probably so if using the same ports, so would specifying different ports for NGINX work?.
If so, any docs on how to create a reverse proxy under Apache for openhab?
You’ll have to edit the $OH_USERDATA/log4j2.xml file to change the pattern layout for the STDOUT appender to match the layout for the LOGFILE appender.
All the log statements that come from openbhab.event are the events on openHAB’s event bus. There is no concept of inside or outside. If the Kasa binding sees that the state has changed on the device, it generates an event on the event bus which will result in a command, change or update to the Item that represents that state. Not all technologies support this.
If you see an event in the logs, it means that event has made it into OH and put on the event bus, since the log only shows what made it to the event bus.
The most secure is to just ssh to the machine first and then ssh -P 8101 openhab:localhost.
But if you want to access the karaf console from off the machine you must make that change so it will listen for connections outside the machine. You’ll have to tell Putty to use port 8101 instead of port 22 for that connection.
You can create and configure ssh certificates instead of passwords. See The Console | openHAB.
Yes.
Yes if it tries to connect to the same ports (e.g. 80 and 443).
Sure but you’ll need to include the port in the URL since you will not be using the default HTTP/HTTPS ports.
There used to be, but I guess no one had volunteered to maintain it so they dropped those instructions. In the upper left corner of the docs you can select older versions of OH which will switch to those versions of the docs. You can go back until you see the Apache configuration for that older version of OH and try that out. In all likelihood some things will need to be changed though.
However, a reverse proxy is only required if you are planning on exposing your OH instance to the internet. If that’s your plan, don’t do it. You have lots of other options that are easier and safer, particularly if you are not already an expert in this stuff. The easiest of all would be to use the openHAB Cloud Connector add-on and the free https://myopenhab.org service. That doesn’t require anything special on your part to secure your OH instance and your LAN. It also has the benefit of enabling push notifications and integration with Alexa HomeKit, or Google Assistant.
The next easiest would be to use a VPN like Tailscale or OpenVPN to access your home network. When connected, your remote device will appear to be on your LAN so you can access openHAB and all your services same as you would when you are home. Tailscale is easiest to set up and use, but both are free.
Cloudflare also offers a service that lets you safely get to your home services but I don’t have any experience with that. I can’t even remember the name but that may be enough for you to find it.
When it comes to exposing your LAN directly to the internet, the rule-of-thumb is if you have to ask, you probably don’t have the skills necessary to do so safely. Putting a service on the internet immediately makes it a target, and it takes a lot of work to monitor and protect such a service.
Thank you for taking the time to respond. The answers have been very helpful. I will dabble a bit with the various web access options and see which one seems to fit better.
I think you can use openssh on windows instead of putty.
I haven’t used windows for 15 years as I just use Linux for everything now.
Anyway, something for you to think about.
