After I started to host my own Minecraft Server on the Synology DS216play, I wanted to share my Server Adress to all my friends. Now I have one more question because of OpenHAB on Synology.
Is there any opportunity to protect my OpenHAB with a password lock or something else?
I don’t want that they try to use any ports and to change my settings when they access the OpenHAB Page.
Is it enough when I don’t add the ports to port forwarding? Or can they check it out although they shouldn’t?
Thanks a lot in advance!
Good starting point at http://docs.openhab.org/installation/security.html but that’s wildly dated, especially as it allows known-insecure SSL and TLSv1, and allows known-weak ciphers.
While a reverse proxy can help, if your Minecraft server has a security vulnerability (and we all know how good Microsoft is at finding and resolving security bugs), that puts your openHAB install on the same machine at risk as well. I’d personally buy an ODROID (or RPi, if you favor them) and put your openHAB install on a physically different machine.
You’ll also need to make sure that all http requests are redirected to https by your reverse proxy, as openHAB doesn’t handle the proxy headers properly. openHAB also doesn’t manage the possibility that it has been reverse proxied to anything but the webserver root. (for example, it won’t work if it is at http://www.example.com/openHAB/ instead of at http://www.example.com)
Thanks for your replies!
Because I want to run my minecraft server on the Synology,
I bought a Raspberry Pi 3 Model B today.
I will install my openHAB on the Raspberry Pi because I think it would run better than on the DS216play.