Hi!
I already found this thread:
and this:
and saw the documentation about oh3 installation here:
But I was still not successful to get it up and running in an k3s environment (traefik 1.7 and kubernetes).
Has someone here managed to get the new oh3 authentication up and running behind a basic auth secured traefik reverse proxy? Can someone point me to the necessary yaml-Configs?
Looks like I’m the first with such a setup. I solved it by defining the ingress like that:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: openhab3
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-type: basic
traefik.ingress.kubernetes.io/auth-secret: authsecret
ingress.kubernetes.io/custom-request-headers: "cookie: X-OPENHAB-AUTH-HEADER=true"
ingress.kubernetes.io/custom-response-headers: "cookie: X-OPENHAB-AUTH-HEADER=true"
ingress.kubernetes.io/auth-remove-header: "true"
spec:
rules:
- host: myremoteoh.domain.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: openhab3
port:
number: 8080
The “authsecret” is the name of the kubernetes secret that keeps the password for the basic auth protection.
Would be great to have this for traefik in the openhab3 documentation, too.
Someone knows how translate this to nginx ingress instead ? Thanks !
Hi,
i’m using OH4 in Kubernetes behind an traefik ingress to access the openhab REST-API and web site.
Basic Auth works. I’m also able to login.
After this i see an Authorization Header from Basic Auth and a X-OPENHAB-TOKEN from the login process. But if i simply reload the page the X-OPENHAB-TOKEN is gone and i have to login again.
This is no intended, isn’t it? Or is this a problem of my ingress configuration?
I have the same configuration
What i see if refresh the site is an request to https://xxx/rest/auth/token. The result of this request is 400 {“error”:“invalid_grant”}
It seems that someone drops the X-OPENHAB-SESSIONID-Cookie. The Request /rest/auth/token?useCookie=true should set this cookie but it doesn’t.
Any Ideas?