OH2 behind reverse proxy - Changing context path or adding new virtual host

hakan · September 7, 2015, 3:52pm

Hi,

I want to reach my OH2 runtime (on a RPi) via my nginx running on my router. To avoid opening up non-standard ports, I would love to rewrite “https://my-external-name/openhab/” to “http://my-internal-oh2:8080/”

The following gives me 404 though:

location /openhab/ {
  proxy_pass                            http://my-internal-oh2:8080/;
  proxy_set_header Host                 $http_host;
  proxy_set_header X-Real-IP            $remote_addr;
  proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Scheme   $scheme;   
}

The examples on the wiki ( jetty.md on github ) talk about running OH2 on a subdomain…

Is changing the context path possible or should I go with mapping another virtual host to my router (and map an appropriate CNAME to it)?

hakan · September 9, 2015, 2:42pm

Answering myself, as bug #423506 ( “Enable easy use of reverse proxies” ) is still open, I went with opening up another port on my router and using nginx to accept https requests and forward them to the OH2 server.

Kai · September 11, 2015, 3:27pm

On the other hand there is https://github.com/openhab/openhab2/blob/master/docs/sources/configuration/jetty.md - so it seems to have worked in the past already (and I only missed to close the Bugzilla entry at that time).
I never used that myself, so I cannot help on analyzing problems. But maybe you can try and see if this description is still up to date and solves your problems?

hakan · September 11, 2015, 3:39pm

The description is up-to-date. I solved the issue by opening up a second port on my router and creating a separate nginx “server” on that port. OH2 seems to require being in the root of the URI of the server.

What does not work, and is documented in the ES bug, is putting openhab below some URI.

Kai · September 11, 2015, 3:50pm

Ok, thanks for the update. So we can leave the Bugzilla entry open then.

nobbi · March 3, 2016, 9:14pm

Hello,

i am following the same approach as the tread starter. I want to run oh2 in a lxc container. The container is only reachable from the host, so i want to set up a nginx reverse proxy on the host. The description in the documentation doesn’t work, neither the documentation on the nginx site.
Is there a possibility to get the error fixed?

If I can help anyway, please let me know.

thanks in advance,
Nobbi

greg · June 7, 2016, 12:09pm

I too am wanting to run behind nginx with rewrite.

Is there a way to change jetty or whatever to enable this - Im interested in both 1.8.x and 2.0beta,

mix_at_pl · June 9, 2016, 8:58pm

Here is my working configuration of apache based rev proxy with SSL for OH1.8, it runs as separate VirtualHost with own port.

<VirtualHost *:7443>
    ServerSignature Off
    RequestHeader set X-Forwarded-Proto "https"
    ServerName my_server_name
    SSLEngine On
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    <Proxy *>
            AddDefaultCharset off
            Order deny,allow
            Allow from all
    </Proxy>
    SSLCertificateFile    /etc/apache2/certs/my.crt
    SSLCertificateKeyFile /etc/apache2/certs/my.key
    RewriteEngine On
    # redirect to HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    # some tricks with jetty proxy
    RewriteCond %{QUERY_STRING} !baseUrl
    RewriteRule ^/proxy /proxy?baseUrl=http://127.0.0.1:8080 [R,L,QSA]
    RewriteCond %{QUERY_STRING} ^(.*&baseUrl)(.*)$
    RewriteCond %{QUERY_STRING} !mySPECIALitem_X
    RewriteRule ^(/proxy)$ $1?mySPECIALitem_X=1&%1=http://127.0.0.1:8080 [R,L]
    <Directory />
            Options -Indexes -FollowSymLinks -Includes -ExecCGI
    </Directory>

    # reverse proxy location
    <Location />
            Order allow,deny
            #Order deny,allow
            Allow from all
            #Optional Authentication
            #AuthType Basic
            #AuthName "Password Required"
            #AuthUserFile /opt/openhab/password.file
            # Require valid-user
            SetEnv proxy-nokeepalive 1
            ProxyPass http://127.0.0.1:8080/
            ProxyPassReverse http://127.0.0.1:8080/

            # redirect to default sitemap
            RedirectMatch permanent ^/$ /openhab.app?sitemap=default
    </Location>

Also in etc/jetty.xml I had to modify http and https connectors

For HTTP:

<Call name="addConnector">
            <Arg>
                    <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
                            <!-- add this -->
                            <Set name="host">
                                    <SystemProperty default="127.0.0.1" name="http.host"></SystemProperty>
                            </Set>

and for HTTPS:

  <Call name="addConnector">
            <Arg>
                    <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
                    <!-- add this -->
                    <Set name="host">
                                    <SystemProperty default="127.0.0.1" name="https.host"></SystemProperty>
                    </Set>