openHAB 3 UI

Tags: #<Tag:0x00007efec04a5658>

Hello,
I just upgraded my working OH server to 3.
I can’t see the New main UI in the Android openHAB application (last version).
Please Help !

Only the sitemap is available in the Android App right now - you can download the OpenHAB Beta App to get access to the experimental iFrame soloution for the MainUI.

1 Like

Thanks.
Yes, i tested it. With beta version, Local use is ok but in case of remote connection via the cloud I should pass through the sign in page of myopenhab. Is it the only way for the moment ?
I understood that these feature is under développement.

I also search for the most feasible way to use the meet UI on an Android phone.

My requirement:

  • It shouldn’t matter if I’m in my local network or if I would like to use the ui remotely
  • I want to run it from my device’s home screen

I tried the beta version of the Android app, but I don’t like the two navigation bars.

Second approach is using https://home.myopenhab.org as a PWA. That works fine, but quite often I just see a blank screen. I assume it’s because my session expired, but I don’t know for sure.

As mentioned I use myopenhab.org for accessing openHAB remotely, but it would be ok to use a reverse proxy as well if this offers a better solution for my requirements.

1 Like

What about wiregaurd? No need for the openhab cloud and it will be much faster.

I use NGINX and opened ports on my router.
Then i use a chrome page saved to my home screen.
This works best

I switched to this approach, too. It works great. How do you authenticate? I had some issues with basic auth and use a client certificate like described here.

I haven’t sorted out NGINX authentication yet. Its just open. using the openhab authentication only for now

I’d advise you to sort it out since items can still be seen and controlled without auth by default.

Example NGINX config:

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name example.org;
        ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
        add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;

        location / {
                proxy_pass       https://localhost:8443/;
                proxy_set_header Host               $http_host;
                proxy_set_header X-Real-IP          $remote_addr;
                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto  $scheme;
                proxy_set_header Authorization      "";
                proxy_read_timeout                  7200;

                auth_basic "Access retricted";
                auth_basic_user_file /etc/nginx/htpasswd;
        }
}

Don’t forget these two lines especially:

add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;

and

proxy_set_header Authorization      "";

They are important so the openHAB auth and the Basic auth to the reverse proxy don’t mix.

My default NGINX config has those lines already. I install it using openhabian-config
I then port forward port 60, on my router. have that link to my openhab3 IP address internall 443 port.
When i go to log in using nginx, it accepts the username and password, and then seems to start loading, then asks me for username and password over and over again. nothing happens.

Ive setup a username and password using

sudo htpasswd -c /etc/nginx/.htpasswd username

Also when i go to https://my.local.ip:60, i get a webpage saying my connection is not private. saying the certificate is invalid. but i can continue by clicking continue

this is my config

##################################
# openHABian NGINX Configuration #
##################################

## Redirection
 server {
#   listen                          80;
   server_name                     xxxxxxxxxxx;
   return 301                      https://$server_name$request_uri;
 }

## Reverse Proxy to openHAB
server {
#    listen                          80;
   listen                          443 ssl;
    server_name                     xxxxxxxxxxxxxx;
   add_header                      Strict-Transport-Security "max-age=31536000; includeSubDomains";

    # Cross-Origin Resource Sharing.
    add_header 'Access-Control-Allow-Origin' '*' always; # make sure that also a 400 response works
    add_header 'Access-Control-Allow_Credentials' 'true' always;
    add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;
    add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;
    proxy_set_header Authorization "";

## Secure Certificate Locations
   ssl_certificate                 /etc/ssl/certs/openhab.crt;
   ssl_certificate_key             /etc/ssl/certs/openhab.key;

    location / {
        proxy_pass                              http://localhost:8080/;
        proxy_set_header Host                   $http_host;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_read_timeout 3600;

## Password Protection
       auth_basic                              "Username and Password Required";
       auth_basic_user_file                    /etc/nginx/.htpasswd;
    }

## Let's Encrypt webroot location
#WEBROOT   location /.well-known/acme-challenge/ {
#WEBROOT       root                                    /var/www/115.70.140.97;
#WEBROOT   }
}

# vim: filetype=conf

Wait a minute. Never mind.

The default config created seems to be wrong.
The line

proxy_set_header Authorization "";

is not created under location / {
its above it.

Once i moved that down into location / { it let me log in fine.
Im not using SSL, becuase i get the insecure network error, and it shows on the top of the page when i use a shortcut on my home screen. So i have forwarded another internal port instead.