OpenHab 3 with IIS Reverse Proxy on Windows Server 2019 setup issue

Hi all.

I would like to know if anyone has experience with this configuration?
My configuration, which unfortunately does not work.

Basic Auth enabled in IIS/OH3
Users with same login/password exists in Windows/OH3

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow_Credentials" value="true" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
                <add name="Set-Cookie" value="X-OPENHAB-AUTH-HEADER=true;path=/;Secure" />
                <!--<add name="Authorization" value="" />-->
            </customHeaders>
        </httpProtocol>
        <rewrite>
            <outboundRules>
                <rule name="Reverse Proxy" preCondition="Response Is Json" enabled="false" stopProcessing="false">
                    <match filterByTags="None" pattern="http://localhost:8080/(.*)" />
                    <action type="Rewrite" value="https://oh3.mydomain.com/{R:1}" />
                </rule>
                <preConditions>
                    <preCondition name="Response Is Json">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />
                    </preCondition>                    
                </preConditions>                        
            </outboundRules>
            <rules>
                <rule name="Reverse Proxy" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{REQUEST_URI}" pattern="^/.well-known/acme-challenge" negate="true" />
                    </conditions>                    
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />                   
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="HTTP_X_FORWARDED_PROTO" value="https" />
                        <!--<set name="HTTP_X-Real-IP" value="{HTTP_X_FORWARDED_FOR}" />-->                        
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

What am I doing wrong?

Hi,
beyond the obvious answer that someone will eventually say I am going respond with a few questions.
What are you seeing when you attempt to hit the proxy? error? have you looked at it with the F12 or developer tools in your browser/
Have you addressed the basic network requirements including either DNS entries that can resolve or at least etc. host file entries on the server to insure it can actually complete the redirection?
and have you simplified your setup and confirmed a simple redirector works?

I will assume you have a specific reason that you chose to use a server 2019 IIS instance as your reverse proxy. (I will avoid the entire lecture about basic auth and plain text password user names. windows accounts exsposure and all that blagh blagh because I am sure others will jump on that band wagon and preach)
But have you reviewed. the following documentation here for how it is done using Nginx ?

looking at your web config it seems your pattern is not quite right and you have defined preconditions and are not refencing them either.
Perhaps reviewing these links may also help.

Note there is rule inheritance to take into account as well as some other conditions that IIS require you to address as too. Things like . firewall ports certs and such as well as having all of the correct services and modules installed.
Good luck.
And Yes I have set up a IIS reverse proxy just because I could and it does work but I would not have it sitting in a public facing interface because nginx is so much easier to harden not exposing the windows services that IIS requires to make what your are doing work and less prone to be beat up on by the bad guys .

I would like to take a look at your web.config :grinning: :grinning:

My home network consists of a router and a Windows Server, apart from a few computers and laptops.

IIS is installed on this server, which runs ASP.NET applications (my self-written personal cloud, website [my skills - Windows/C++/ASP/NET/SQL/HTML/CSS coder]), RDP RemoteApp farm, ESET NOD mirror and others. Also, this IIS is a reverse proxy for the Subversion server (which seems to work without any problems using Basic Authentication).
I had no problems with setup and development… until I try OpenHab3 :grinning:

Right now, my OpenHab works fine on the local network, but behaves very strangely with reverse proxy.

OpenHab shows me its beautiful window with a suggestion to log in

After successful login, when I click on the login icon (shield), it shows me a built-in browser window (Basic Auth) with a suggestion to log in again … after that, a new offer arrives to enter OpenHab through a regular authorization page, after a successful login, throws it out to the main page as an unauthorized user. But now, if I go to the section of the site through the address bar of the browser, I see that on some I am an Administrator, on some I am not an authorized user.

I read about nginx settings, tried to set up IIS. I have questions about headers. I read the forum, but the guys set up OpenHab2, there are no such problems with authorization.

I don’t know what else needs to be configured. I have tried many configurations and none of them gives a normal result.

Help me! I read all specified articles (microsoft), probably, missed something.

P.S. I am protected from bad guys with IPS from TrendMicro, ESET and Suricata.

Hi Max,
Sorry it took me a few days to reply work got busy (patch Tuesday)…
I spun up my win19server hyper-v image and pulled this off for you as requested.
I could not find my other version where I created the certificates in my CA but this was the one I quickly found

<?xml version="1.0" encoding="UTF-8"?>
<security>
  <requestFiltering allowDoubleEscaping="false" />
</security>
    <rewrite>
        <rules>
            
            <rule name="ReverseProxyInboundRule2" enabled="true" stopProcessing="true">
                <match url="(.*)" />
                <action type="Rewrite" url="http://mytestopenhab.openhab.local:8080/{R:1}" />
                <serverVariables>
                    <set name="Authorization" value="&quot;&quot;" />
                </serverVariables>
            </rule>
        </rules>
        
    </rewrite>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Credentials" value="true" />
            <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            <add name="Set-Cookie X-OPENHAB-AUTH-HEADER" value="true" />
        </customHeaders>
    </httpProtocol>

</system.webServer>

As I said it works fine able to land on the page log into admin and all such fun stuff.
I went to nginx because it was just cleaner in my mind and easier to harden.
Hope it helps and best of luck!
Also for what its worth google up the solution that Jenkins.IO offers for hosting a jenkins instance on a windows server and using IIS for reverse proxy that one also has a few helpful tips on getting it to behave as well.

Thank you.

Sorry, I was on vacation outside the city.

But unfortunately it didn’t work.

For testing:

  1. Created a Hyper-V virtual machine based on Windows Server 2022, turned off the firewall
  2. Deployed a clean OpenHab
  3. Added a user to Windows (user) and OpenHab (admin)
  4. Configured DNS (local network)
  5. Installed IIS (select all components + URLRewrite and requestrouter)
  6. Created a site (not SSL), Enable Basic Auth
  7. Enable ARP Proxy, made a reverse proxy for OpenHab (the config is specified)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Reverse Proxy" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="HTTP_X_FORWARDED_PROTO" value="http" />
                        <set name="Authorization" value="&quot;&quot;" />
                    </serverVariables>
                </rule>
            </rules>
                   
        </rewrite>
        
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />                
				<add name="Access-Control-Allow-Credentials" value="true" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
                <add name="Set-Cookie: X-OPENHAB-AUTH-HEADER" value="1" />
				
				<add name="Access-Control-Allow_Credentials" value="true" />
            </customHeaders>
        </httpProtocol>
                       
    </system.webServer>    
</configuration>

It allows me to enter the site through basic authentication…

But I still can’t log in to OpenHab (through the shield). The hub allows me to enter a name and password…

2022-06-14_124117

…and in response to login, it shows its main interface and the user is not authorized :frowning:

I’ve looked in wireshark and openhab logs and found nothing suspicious…

HI Max,
under server setting ARR Server Proxy settings did you uncheck Reverse rewrite host in response headers check box?
May also want to run this too.
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost
BTW it is also Referenced in this stackoverflow discussion.

I checked my server 2019 and I have that unchecked and in my main config I do see where I had the value that this command line modified also set.
The only other one off settings that I had were these if that helps.
<system.web>

  • <customErrors mode="Off" />
    
  •  <httpRuntime requestPathInvalidCharacters="" />
    
  •  <authentication mode="Windows" />
    
    </system.web>
    I really could not recall why I added them so I did not mention them as they may have been tossed in during some of my initial playing around …
    so I did not want to imply they are really needed…

Hi Max,
after you change the ARR settings try adding these steps
in the inbound rule add this

<set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />

in the server variables add this

<add name="RESPONSE_Set_Cookie" />

In Openhab under your settings and then API security
check advanced and then enable Allow basic authentication and save!
with those settings and the added steps I have mentioned I think you will get the behavior you want.
I have included this full web config as a reference not all is required but I think it gives you a better idea.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
       <httpRuntime requestPathInvalidCharacters="&lt;,>,%,&amp;,\,?" />
        <authentication mode="Windows" />
    </system.web>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://win19testserver.openhab2.nolocal:8080/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_AUTHORIZATION" value="{AUTH_USER}" replace="false" />
                        <set name="HTTP_X_FORWARDED_FOR" value="$proxy_add_x_forwarded_for" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="Authorization" value="&quot;&quot;" />
                        <set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://win19testserver.openhab2.nolocal:8080/(.*)" />
                    <action type="Rewrite" value="{HTMLEncode:{HTTP_REFERER}}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1" logicalGrouping="MatchAny">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />						
                    </preCondition>
                </preConditions>
            </outboundRules>
            <allowedServerVariables>
                <remove name="X_Forwarded-Proto" />
                <remove name="X-Forwarded-For" />
                <remove name="X-Forwarded-Prefix" />
                <remove name="X-Real-IP" />
                <remove name="X-Forwarded-Server" />
                <remove name="X-Forwarded-Scheme" />
                <remove name="X-Forwarded-Host" />
                <add name="HTTP_AUTHORIZATION" />
                <add name="Authorization" />
                <add name="HTTP_X_FORWARDED_HOST" />
                <add name="HTTP_X_FORWARDED_SCHEME" />
                <add name="HTTP_X_FORWARDED_SERVER" />
                <add name="HTTP_X_REAL_IP" />
                <add name="HTTP_X_FORWARDED_PREFIX" />
                <add name="HTTP_X_FORWARDED_FOR" />
                <add name="HTTP_X_FORWARDED_PROTO" />
                <add name="HTTP_COOKIE" />
                <add name="ORIGINAL_HOST" />
                <add name="ORIGINAL_URL" />
                <add name="HTTP_X_OPENHAB_AUTH_HEADER" />
                <add name="RESPONSE_Set_Cookie" />
            </allowedServerVariables>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="True" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Hope this helps.
oh yea do not forget to disable anonymous and enable basic authentication I also set the app pool for this site to no managed code .
update: missed adding these first 2 server variables in web config they had only been added in GUI… :wink:

Hello!!!

Unfortunately, I’m not at home yet. Left for work for a week.

I checked the previous config on the virtual machine, made the fixes you indicated, but it did not help.

I temporarily forwarded only OwnTrack through Reverse Proxy (the main task. I use VPN or telegram/SMS for control/viewing).

When I get back, I’ll definitely try your suggestions and post the result!

Thanks for your help!

Hello. I checked your config, other people’s configs. I tried all the settings, I did a trace of OpenHUB requests - I do not believe that this works for anyone. Some kind of mistake or something. The developers need to check. I’ve already checked the configuration 100 times. It can’t be that all my other proxy servers work and this one doesn’t. OpenHub is unable to complete the validation of the token, it remains pending in the configuration file. Why this happens, I don’t know. I checked it on servers, on virtual machines - everywhere there is one and the same problem.

Hi Max, sorry you are still having issues.
please review below

Request URL: http://openhab3.yeslocal/rest/items?metadata=semantics
Request Method: GET
Status Code: 200 OK
Remote Address: 192.168.51.39:80
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Credentials: True
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Fri, 24 Jun 2022 13:41:14 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: X-OPENHAB-AUTH-HEADER=1
Transfer-Encoding: chunked
X-Powered-By: ARR/3.0
Accept: application/json
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic YWRtaW46VGhpc2lzb3BlbmhhYg==
Cache-Control: no-cache
Connection: keep-alive
Cookie: X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-SESSIONID=06e693d0-2e78-416b-b226-09a60532aa2e
Host: openhab3.yeslocal
Pragma: no-cache
Referer: http://openhab3.yeslocal/settings/items/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.124 Safari/537.36 Edg/102.0.1245.44
X-OPENHAB-TOKEN: eyJraWQiOm51bGwsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJvcGVuaGFiIiwiYXVkIjoib3BlbmhhYiIsImV4cCI6MTY1NjA4MTE3NSwianRpIjoiMUNvcEp4RTlWalRXWjYyUHdSa0ViQSIsImlhdCI6MTY1NjA3NzU3NSwibmJmIjoxNjU2MDc3NDU1LCJzdWIiOiJhZG1pbiIsImNsaWVudF9pZCI6Imh0dHA6Ly9vcGVuaGFiMy55ZXNsb2NhbCIsInNjb3BlIjoiYWRtaW4iLCJyb2xlIjpbImFkbWluaXN0cmF0b3IiXX0.W5A2RF49Hv6mXBV9t4jXSGSws9jmCR62DtCpu44p6MBWDsrZLfUhcCPAZjgaROhJuSAo0gAQEVn0kOO7GJ8BeKNgKR3RUNGTg4kDh4g6owTy2JwU_uG4k7h4ezV2XO8cFiNPDS7bzhoG3OWTKmgMoHkepDpPRDzVCUjM3mki0ZyJtkOhM7vtE1xZ-RS821R1tv1brESxVxbYmo0XcfKDuk2bpFSsXyyKb3kon5ZICoJIy2vi6xpoKhBDszCLg2h2PMt3P5KX91t5rlthGXHxc3rD09Y7scxVJZenEh-eRmYkFbuURQTu9oPm8d3DKgYoYpq6wlAEk_he-JxPxsP8KA
X-Requested-With: XMLHttpRequest

and the config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
       <httpRuntime requestPathInvalidCharacters="&lt;,>,%,&amp;,\,?" />
        <authentication mode="Windows" />
    </system.web>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="https://192.168.1.179:8443/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_AUTHORIZATION" value="{AUTH_USER}" replace="false" />
                        <set name="HTTP_X_FORWARDED_FOR" value="$proxy_add_x_forwarded_for" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="Authorization" value="&quot;&quot;" />
                        <set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.1.179:8443/(.*)" />
                    <action type="Rewrite" value="{HTMLEncode:{HTTP_REFERER}}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1" logicalGrouping="MatchAny">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />						
                    </preCondition>
                </preConditions>
            </outboundRules>
            <allowedServerVariables>
                <remove name="X_Forwarded-Proto" />
                <remove name="X-Forwarded-For" />
                <remove name="X-Forwarded-Prefix" />
                <remove name="X-Real-IP" />
                <remove name="X-Forwarded-Server" />
                <remove name="X-Forwarded-Scheme" />
                <remove name="X-Forwarded-Host" />
                <add name="HTTP_X_FORWARDED_HOST" />
                <add name="HTTP_X_FORWARDED_SCHEME" />
                <add name="HTTP_X_FORWARDED_SERVER" />
                <add name="HTTP_X_REAL_IP" />
                <add name="HTTP_X_FORWARDED_PREFIX" />
                <add name="HTTP_X_FORWARDED_FOR" />
                <add name="HTTP_X_FORWARDED_PROTO" />
                <add name="HTTP_COOKIE" />
                <add name="ORIGINAL_HOST" />
                <add name="ORIGINAL_URL" />
                <add name="HTTP_X_OPENHAB_AUTH_HEADER" />
                <add name="RESPONSE_Set_Cookie" />
                <add name="HTTP_AUTHORIZATION" />
                <add name="Authorization" />
            </allowedServerVariables>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="True" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

and here is the basic authorization settings


and the response headers

and the application pools

and of course the windows version.

“Hello. I checked your config, other people’s configs. I tried all the settings, I did a trace of OpenHUB requests - I do not believe that this works for anyone. Some kind of mistake or something.”
They say pictures are worth a 1000 words!
best regards :no_mouth:

Oh and in case your wondering here it is as a SSL connection.

and here is the header info

Request URL: https://openhab3.yeslocal/rest/items?metadata=semantics
Request Method: GET
Status Code: 200 
Remote Address: 192.168.51.39:443
Referrer Policy: strict-origin-when-cross-origin
access-control-allow-credentials: True
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin: *
content-type: application/json
date: Fri, 24 Jun 2022 17:31:35 GMT
server: Microsoft-IIS/10.0
set-cookie: X-OPENHAB-AUTH-HEADER=1
x-powered-by: ARR/3.0
:authority: openhab3.yeslocal
:method: GET
:path: /rest/items?metadata=semantics
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
authorization: Basic YWRtaW46VGhpc2lzb3BlbmhhYg==
cache-control: no-cache
cookie: X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-SESSIONID=c8691a6e-adf9-493d-b7d6-a039d0c856df
pragma: no-cache
referer: https://openhab3.yeslocal/settings/items/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.124 Safari/537.36 Edg/102.0.1245.44
x-openhab-token: eyJraWQiOm51bGwsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJvcGVuaGFiIiwiYXVkIjoib3BlbmhhYiIsImV4cCI6MTY1NjA5NDYyMiwianRpIjoiUXdha2xsTGV1QjFmV2VmYlFrNWQzdyIsImlhdCI6MTY1NjA5MTAyMiwibmJmIjoxNjU2MDkwOTAyLCJzdWIiOiJhZG1pbiIsImNsaWVudF9pZCI6Imh0dHBzOi8vb3BlbmhhYjMueWVzbG9jYWwiLCJzY29wZSI6ImFkbWluIiwicm9sZSI6WyJhZG1pbmlzdHJhdG9yIl19.DydPk0BiYt9owO6nBxzswkynTYHFDjZ5bdQDuTrOaH_YB-akrc9JKvRo10sutfMi-KqgWr4pv_b_CqzyRGIRPY5tjgpX9dX5l7fL6h5iLwss7GNQ_76E57sw_urOwYOg2UDNmXR1rKy2-dRluQ6eyH5HWEu0teEiq2zoWx9SMSYV1vl2HOqs8zo-wCRK6y9P1qaqMNrAgAH-Yitols00hN47josN7v45xeIZO4y7erIJbPmM3_-PnrkNnODQkuegsgwKcJbY8-vZUeUDUM_4VlBuDVeZ1Ng3PFDvwY4R162c-3muntL9y7tBa2jvkKxj36VfL2Ukw2p6Yu4G08l95g
x-requested-with: XMLHttpRequest

And here is the cert issued from a standalone windows CA

and here is the bindings in the windows 19 server


and here is the settings for urlrewrite

inbound rules

outbound rules

and here are the server variables


and here is ARR

and here is of the appconfig after running the command

So hopefully you can now clearly see it does work
And I am not really sure what you would want a dev to fix???
update: For completeness
Here is the setting change in Openhab

I think other than showing you the A records I added in to my DNS (I am sure you know what those are and how to create a forward lookup zone ) I have given you pictures of everything and every step I outlined to make your configuration work.
Respectfully
Justan Oldman

1 Like