OpenHab 3 with IIS Reverse Proxy on Windows Server 2019 setup issue

Hi,
beyond the obvious answer that someone will eventually say I am going respond with a few questions.
What are you seeing when you attempt to hit the proxy? error? have you looked at it with the F12 or developer tools in your browser/
Have you addressed the basic network requirements including either DNS entries that can resolve or at least etc. host file entries on the server to insure it can actually complete the redirection?
and have you simplified your setup and confirmed a simple redirector works?

I will assume you have a specific reason that you chose to use a server 2019 IIS instance as your reverse proxy. (I will avoid the entire lecture about basic auth and plain text password user names. windows accounts exsposure and all that blagh blagh because I am sure others will jump on that band wagon and preach)
But have you reviewed. the following documentation here for how it is done using Nginx ?

looking at your web config it seems your pattern is not quite right and you have defined preconditions and are not refencing them either.
Perhaps reviewing these links may also help.

Note there is rule inheritance to take into account as well as some other conditions that IIS require you to address as too. Things like . firewall ports certs and such as well as having all of the correct services and modules installed.
Good luck.
And Yes I have set up a IIS reverse proxy just because I could and it does work but I would not have it sitting in a public facing interface because nginx is so much easier to harden not exposing the windows services that IIS requires to make what your are doing work and less prone to be beat up on by the bad guys .

I would like to take a look at your web.config :grinning: :grinning:

My home network consists of a router and a Windows Server, apart from a few computers and laptops.

IIS is installed on this server, which runs ASP.NET applications (my self-written personal cloud, website [my skills - Windows/C++/ASP/NET/SQL/HTML/CSS coder]), RDP RemoteApp farm, ESET NOD mirror and others. Also, this IIS is a reverse proxy for the Subversion server (which seems to work without any problems using Basic Authentication).
I had no problems with setup and development… until I try OpenHab3 :grinning:

Right now, my OpenHab works fine on the local network, but behaves very strangely with reverse proxy.

OpenHab shows me its beautiful window with a suggestion to log in

After successful login, when I click on the login icon (shield), it shows me a built-in browser window (Basic Auth) with a suggestion to log in again … after that, a new offer arrives to enter OpenHab through a regular authorization page, after a successful login, throws it out to the main page as an unauthorized user. But now, if I go to the section of the site through the address bar of the browser, I see that on some I am an Administrator, on some I am not an authorized user.

I read about nginx settings, tried to set up IIS. I have questions about headers. I read the forum, but the guys set up OpenHab2, there are no such problems with authorization.

I don’t know what else needs to be configured. I have tried many configurations and none of them gives a normal result.

Help me! I read all specified articles (microsoft), probably, missed something.

P.S. I am protected from bad guys with IPS from TrendMicro, ESET and Suricata.

Hi Max,
Sorry it took me a few days to reply work got busy (patch Tuesday)…
I spun up my win19server hyper-v image and pulled this off for you as requested.
I could not find my other version where I created the certificates in my CA but this was the one I quickly found

<?xml version="1.0" encoding="UTF-8"?>
<security>
  <requestFiltering allowDoubleEscaping="false" />
</security>
    <rewrite>
        <rules>
            
            <rule name="ReverseProxyInboundRule2" enabled="true" stopProcessing="true">
                <match url="(.*)" />
                <action type="Rewrite" url="http://mytestopenhab.openhab.local:8080/{R:1}" />
                <serverVariables>
                    <set name="Authorization" value="&quot;&quot;" />
                </serverVariables>
            </rule>
        </rules>
        
    </rewrite>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Credentials" value="true" />
            <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            <add name="Set-Cookie X-OPENHAB-AUTH-HEADER" value="true" />
        </customHeaders>
    </httpProtocol>

</system.webServer>

As I said it works fine able to land on the page log into admin and all such fun stuff.
I went to nginx because it was just cleaner in my mind and easier to harden.
Hope it helps and best of luck!
Also for what its worth google up the solution that Jenkins.IO offers for hosting a jenkins instance on a windows server and using IIS for reverse proxy that one also has a few helpful tips on getting it to behave as well.

Thank you.

Sorry, I was on vacation outside the city.

But unfortunately it didn’t work.

For testing:

  1. Created a Hyper-V virtual machine based on Windows Server 2022, turned off the firewall
  2. Deployed a clean OpenHab
  3. Added a user to Windows (user) and OpenHab (admin)
  4. Configured DNS (local network)
  5. Installed IIS (select all components + URLRewrite and requestrouter)
  6. Created a site (not SSL), Enable Basic Auth
  7. Enable ARP Proxy, made a reverse proxy for OpenHab (the config is specified)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Reverse Proxy" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="HTTP_X_FORWARDED_PROTO" value="http" />
                        <set name="Authorization" value="&quot;&quot;" />
                    </serverVariables>
                </rule>
            </rules>
                   
        </rewrite>
        
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />                
				<add name="Access-Control-Allow-Credentials" value="true" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
                <add name="Set-Cookie: X-OPENHAB-AUTH-HEADER" value="1" />
				
				<add name="Access-Control-Allow_Credentials" value="true" />
            </customHeaders>
        </httpProtocol>
                       
    </system.webServer>    
</configuration>

It allows me to enter the site through basic authentication…

But I still can’t log in to OpenHab (through the shield). The hub allows me to enter a name and password…

2022-06-14_124117

…and in response to login, it shows its main interface and the user is not authorized :frowning:

I’ve looked in wireshark and openhab logs and found nothing suspicious…

HI Max,
under server setting ARR Server Proxy settings did you uncheck Reverse rewrite host in response headers check box?
May also want to run this too.
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost
BTW it is also Referenced in this stackoverflow discussion.

I checked my server 2019 and I have that unchecked and in my main config I do see where I had the value that this command line modified also set.
The only other one off settings that I had were these if that helps.
<system.web>

  • <customErrors mode="Off" />
    
  •  <httpRuntime requestPathInvalidCharacters="" />
    
  •  <authentication mode="Windows" />
    
    </system.web>
    I really could not recall why I added them so I did not mention them as they may have been tossed in during some of my initial playing around …
    so I did not want to imply they are really needed…

Hi Max,
after you change the ARR settings try adding these steps
in the inbound rule add this

<set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />

in the server variables add this

<add name="RESPONSE_Set_Cookie" />

In Openhab under your settings and then API security
check advanced and then enable Allow basic authentication and save!
with those settings and the added steps I have mentioned I think you will get the behavior you want.
I have included this full web config as a reference not all is required but I think it gives you a better idea.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
       <httpRuntime requestPathInvalidCharacters="&lt;,>,%,&amp;,\,?" />
        <authentication mode="Windows" />
    </system.web>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://win19testserver.openhab2.nolocal:8080/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_AUTHORIZATION" value="{AUTH_USER}" replace="false" />
                        <set name="HTTP_X_FORWARDED_FOR" value="$proxy_add_x_forwarded_for" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="Authorization" value="&quot;&quot;" />
                        <set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://win19testserver.openhab2.nolocal:8080/(.*)" />
                    <action type="Rewrite" value="{HTMLEncode:{HTTP_REFERER}}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1" logicalGrouping="MatchAny">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />						
                    </preCondition>
                </preConditions>
            </outboundRules>
            <allowedServerVariables>
                <remove name="X_Forwarded-Proto" />
                <remove name="X-Forwarded-For" />
                <remove name="X-Forwarded-Prefix" />
                <remove name="X-Real-IP" />
                <remove name="X-Forwarded-Server" />
                <remove name="X-Forwarded-Scheme" />
                <remove name="X-Forwarded-Host" />
                <add name="HTTP_AUTHORIZATION" />
                <add name="Authorization" />
                <add name="HTTP_X_FORWARDED_HOST" />
                <add name="HTTP_X_FORWARDED_SCHEME" />
                <add name="HTTP_X_FORWARDED_SERVER" />
                <add name="HTTP_X_REAL_IP" />
                <add name="HTTP_X_FORWARDED_PREFIX" />
                <add name="HTTP_X_FORWARDED_FOR" />
                <add name="HTTP_X_FORWARDED_PROTO" />
                <add name="HTTP_COOKIE" />
                <add name="ORIGINAL_HOST" />
                <add name="ORIGINAL_URL" />
                <add name="HTTP_X_OPENHAB_AUTH_HEADER" />
                <add name="RESPONSE_Set_Cookie" />
            </allowedServerVariables>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="True" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Hope this helps.
oh yea do not forget to disable anonymous and enable basic authentication I also set the app pool for this site to no managed code .
update: missed adding these first 2 server variables in web config they had only been added in GUI… :wink:

Hello!!!

Unfortunately, I’m not at home yet. Left for work for a week.

I checked the previous config on the virtual machine, made the fixes you indicated, but it did not help.

I temporarily forwarded only OwnTrack through Reverse Proxy (the main task. I use VPN or telegram/SMS for control/viewing).

When I get back, I’ll definitely try your suggestions and post the result!

Thanks for your help!

Hello. I checked your config, other people’s configs. I tried all the settings, I did a trace of OpenHUB requests - I do not believe that this works for anyone. Some kind of mistake or something. The developers need to check. I’ve already checked the configuration 100 times. It can’t be that all my other proxy servers work and this one doesn’t. OpenHub is unable to complete the validation of the token, it remains pending in the configuration file. Why this happens, I don’t know. I checked it on servers, on virtual machines - everywhere there is one and the same problem.

Hi Max, sorry you are still having issues.
please review below

Request URL: http://openhab3.yeslocal/rest/items?metadata=semantics
Request Method: GET
Status Code: 200 OK
Remote Address: 192.168.51.39:80
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Credentials: True
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Fri, 24 Jun 2022 13:41:14 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: X-OPENHAB-AUTH-HEADER=1
Transfer-Encoding: chunked
X-Powered-By: ARR/3.0
Accept: application/json
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic YWRtaW46VGhpc2lzb3BlbmhhYg==
Cache-Control: no-cache
Connection: keep-alive
Cookie: X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-SESSIONID=06e693d0-2e78-416b-b226-09a60532aa2e
Host: openhab3.yeslocal
Pragma: no-cache
Referer: http://openhab3.yeslocal/settings/items/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.124 Safari/537.36 Edg/102.0.1245.44
X-OPENHAB-TOKEN: eyJraWQiOm51bGwsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJvcGVuaGFiIiwiYXVkIjoib3BlbmhhYiIsImV4cCI6MTY1NjA4MTE3NSwianRpIjoiMUNvcEp4RTlWalRXWjYyUHdSa0ViQSIsImlhdCI6MTY1NjA3NzU3NSwibmJmIjoxNjU2MDc3NDU1LCJzdWIiOiJhZG1pbiIsImNsaWVudF9pZCI6Imh0dHA6Ly9vcGVuaGFiMy55ZXNsb2NhbCIsInNjb3BlIjoiYWRtaW4iLCJyb2xlIjpbImFkbWluaXN0cmF0b3IiXX0.W5A2RF49Hv6mXBV9t4jXSGSws9jmCR62DtCpu44p6MBWDsrZLfUhcCPAZjgaROhJuSAo0gAQEVn0kOO7GJ8BeKNgKR3RUNGTg4kDh4g6owTy2JwU_uG4k7h4ezV2XO8cFiNPDS7bzhoG3OWTKmgMoHkepDpPRDzVCUjM3mki0ZyJtkOhM7vtE1xZ-RS821R1tv1brESxVxbYmo0XcfKDuk2bpFSsXyyKb3kon5ZICoJIy2vi6xpoKhBDszCLg2h2PMt3P5KX91t5rlthGXHxc3rD09Y7scxVJZenEh-eRmYkFbuURQTu9oPm8d3DKgYoYpq6wlAEk_he-JxPxsP8KA
X-Requested-With: XMLHttpRequest

and the config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
       <httpRuntime requestPathInvalidCharacters="&lt;,>,%,&amp;,\,?" />
        <authentication mode="Windows" />
    </system.web>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="https://192.168.1.179:8443/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_AUTHORIZATION" value="{AUTH_USER}" replace="false" />
                        <set name="HTTP_X_FORWARDED_FOR" value="$proxy_add_x_forwarded_for" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
                        <set name="Authorization" value="&quot;&quot;" />
                        <set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
                    </serverVariables>
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.1.179:8443/(.*)" />
                    <action type="Rewrite" value="{HTMLEncode:{HTTP_REFERER}}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1" logicalGrouping="MatchAny">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />						
                    </preCondition>
                </preConditions>
            </outboundRules>
            <allowedServerVariables>
                <remove name="X_Forwarded-Proto" />
                <remove name="X-Forwarded-For" />
                <remove name="X-Forwarded-Prefix" />
                <remove name="X-Real-IP" />
                <remove name="X-Forwarded-Server" />
                <remove name="X-Forwarded-Scheme" />
                <remove name="X-Forwarded-Host" />
                <add name="HTTP_X_FORWARDED_HOST" />
                <add name="HTTP_X_FORWARDED_SCHEME" />
                <add name="HTTP_X_FORWARDED_SERVER" />
                <add name="HTTP_X_REAL_IP" />
                <add name="HTTP_X_FORWARDED_PREFIX" />
                <add name="HTTP_X_FORWARDED_FOR" />
                <add name="HTTP_X_FORWARDED_PROTO" />
                <add name="HTTP_COOKIE" />
                <add name="ORIGINAL_HOST" />
                <add name="ORIGINAL_URL" />
                <add name="HTTP_X_OPENHAB_AUTH_HEADER" />
                <add name="RESPONSE_Set_Cookie" />
                <add name="HTTP_AUTHORIZATION" />
                <add name="Authorization" />
            </allowedServerVariables>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="True" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

and here is the basic authorization settings


and the response headers

and the application pools

and of course the windows version.

“Hello. I checked your config, other people’s configs. I tried all the settings, I did a trace of OpenHUB requests - I do not believe that this works for anyone. Some kind of mistake or something.”
They say pictures are worth a 1000 words!
best regards :no_mouth:

Oh and in case your wondering here it is as a SSL connection.

and here is the header info

Request URL: https://openhab3.yeslocal/rest/items?metadata=semantics
Request Method: GET
Status Code: 200 
Remote Address: 192.168.51.39:443
Referrer Policy: strict-origin-when-cross-origin
access-control-allow-credentials: True
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin: *
content-type: application/json
date: Fri, 24 Jun 2022 17:31:35 GMT
server: Microsoft-IIS/10.0
set-cookie: X-OPENHAB-AUTH-HEADER=1
x-powered-by: ARR/3.0
:authority: openhab3.yeslocal
:method: GET
:path: /rest/items?metadata=semantics
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
authorization: Basic YWRtaW46VGhpc2lzb3BlbmhhYg==
cache-control: no-cache
cookie: X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-AUTH-HEADER=1; X-OPENHAB-SESSIONID=c8691a6e-adf9-493d-b7d6-a039d0c856df
pragma: no-cache
referer: https://openhab3.yeslocal/settings/items/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.124 Safari/537.36 Edg/102.0.1245.44
x-openhab-token: eyJraWQiOm51bGwsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJvcGVuaGFiIiwiYXVkIjoib3BlbmhhYiIsImV4cCI6MTY1NjA5NDYyMiwianRpIjoiUXdha2xsTGV1QjFmV2VmYlFrNWQzdyIsImlhdCI6MTY1NjA5MTAyMiwibmJmIjoxNjU2MDkwOTAyLCJzdWIiOiJhZG1pbiIsImNsaWVudF9pZCI6Imh0dHBzOi8vb3BlbmhhYjMueWVzbG9jYWwiLCJzY29wZSI6ImFkbWluIiwicm9sZSI6WyJhZG1pbmlzdHJhdG9yIl19.DydPk0BiYt9owO6nBxzswkynTYHFDjZ5bdQDuTrOaH_YB-akrc9JKvRo10sutfMi-KqgWr4pv_b_CqzyRGIRPY5tjgpX9dX5l7fL6h5iLwss7GNQ_76E57sw_urOwYOg2UDNmXR1rKy2-dRluQ6eyH5HWEu0teEiq2zoWx9SMSYV1vl2HOqs8zo-wCRK6y9P1qaqMNrAgAH-Yitols00hN47josN7v45xeIZO4y7erIJbPmM3_-PnrkNnODQkuegsgwKcJbY8-vZUeUDUM_4VlBuDVeZ1Ng3PFDvwY4R162c-3muntL9y7tBa2jvkKxj36VfL2Ukw2p6Yu4G08l95g
x-requested-with: XMLHttpRequest

And here is the cert issued from a standalone windows CA

and here is the bindings in the windows 19 server


and here is the settings for urlrewrite

inbound rules

outbound rules

and here are the server variables


and here is ARR

and here is of the appconfig after running the command

So hopefully you can now clearly see it does work
And I am not really sure what you would want a dev to fix???
update: For completeness
Here is the setting change in Openhab

I think other than showing you the A records I added in to my DNS (I am sure you know what those are and how to create a forward lookup zone ) I have given you pictures of everything and every step I outlined to make your configuration work.
Respectfully
Justan Oldman

2 Likes

Very cool, amazing! Thank you for giving me so much time!

I will definitely check with my configuration, but now I see that in the requests you have x-openhab-token, but I don’t have it! Apparently this is the essence of the problem, after authorization I do not receive it in response. I need to think - why and where it disappears from me! I noticed that a stuck authorization token appears in the file with users in the pending status. I should think.

Hi Max,
In all of my testing I do not see the token being returned until after I complete the admin log in to OpenHab If that helps your thought process. And even then, it only shows up on certain responses in the areas like in my screen shot as I navigate around in the application. Also for clarity the certificate in my screenshot is only used for the IIS site so in order to use the SSL 8443 back end connection to Openhab instead of the 8080 default you need to export the self signed certificate from OpenHab and add it to the Trusted Root Certificate store on the IIS server otherwise it will return 502 bad gateway errors. There is of course instructions in the other conversation you posted to and linked this one to that provide a link to a persons GitHub repo and he outlines exactly how to replace that OpenHab self signed certificate with a real public cert.
Update: humm looks like they removed that link here it is for future readers.

Since I run my own Non active directory standalone CA
I do not go out to places like let’s encrypt for certs. If I am going to set up a customer to host something with the intention of the general public accessing it I would just have them buy a real certificate. For anything I do that is for friends and family I simply provide them my Root CA and have them import it to the device they use to connect to my secure sites (Hope this helps someone also trying to make it all work…) :rofl:

Hi Folks for anyone that comes across this discussion here is a little update.
So Today the openhab 3.4 went stable and released.
So ok lets give it a twirl around the old dance floor.
All went well with a fresh install on a windows 10 box that was running older versions just fine (clean install just to be sure it was gonna work)
Setup nicely added the good old NTP binding during local log on and to be sure it actually would do something.
Great everything looks like it worked so now lets go hit it through the IIS reverse proxy
and low and behold we got a HTTP error 500! why? why? why? it was all working fine???
Well shut down the new and lets fire up old version 3.2 and just see where we fat fingered it at!
What the heck? 3.2 works fine!
ok maybe we missed something when 3.3 released so let’s fire that version up clean load!
and bang it works fine too!.
So we popped over to our nginx reverse proxy pointed it to the fancy new 3.4 install instance and dang 3.4 came up fine and worked perfect.
Humm something else has clearly changed with 3.4 that suddenly does not play well with windows IIS!
So as we not so quietly cussed at winders and IIS hopped into the IIS Mangler and turned on some tracing.
Quick hit and short review later we see it is a http 500.52

fast google and we hit the old Microsoft page and here it the fix.

Seems that the new version of 3.4 is using compression “gzip” and ARR 2.0 does not like that at all!.
So follow the link above to address the compression issue and you should be good to go.
Have a great day!

1 Like

Hey!

I know that 1000 years have passed. But here I am again!

Thanks for the manual.

I had a difficult project at work and I put off the smart home for a while.

I checked and compared the settings… our configurations are similar. I have fewer changes from the default settings… but there is one that has caused so many problems. Highlighted in the screenshot!!! Should be off.

This thing prevented everything from working!

Yes, and thanks, I just upgraded to 3.4.1 and the gzip tip helped a lot. I don’t know why the OpenHab developers don’t make the new compression format optionally turn off.

My guess is that very few of the openhab developers run/test on Windows and since nothing else has an issue with it, it’s fairly far down on the list of priorities.

1 Like

This is clear. But it is strange, if earlier a computer + windows were very expensive, now the cost of a mini pc is not high, and the performance is much higher than a micro pc. Traditions…

I’m sorry, I don’t understand what the cost of a mini pc has to do with the issue at hand.

1 Like

Raspberry/Linux for Home Servers - low cost solution (in past)

I completely fail to see the connection between “most openhab developers aren’t using windows” and “the cost of a raspberry pi”.

Dear friend. Let’s not talk about life, there is still a topic about IIS Reverse proxy. We’re getting off topic.