Hello
My setup:
- openhab3 on raspi4 running in docker
- auth via admin account
- traefik reverse proxy
- basic auth with openhabuser:another_password
This causes the following issue:
-
Traefik configured to keep the auth headers of basic auth
- after entering traefiks basic auth: empty page with HTTP 401 on some URLs
-
Traefik configured to drop the auth headers of basic auth
- after entering traefik basic auth: openhab3 unauthed view works fine
- Clicking login and entering admin credentials: empty page with HTTP 401 on some URLs
so basically there seems to be a problem with the different auth mechanism.
When I keep the traefik auth headers, OH3 seems to interpret them and fails to login (which is okay, because i do not want the admin password for the OH instance to be the same as the one i use to keep the public away from my oh UI.
When i drop the headers, it seems that they are also used for authenticatin the admin user while doing admin stuff => no admin stuff at all
here my traefik config if relevant:
- "traefik.enable=true"
- "traefik.http.routers.openhab.rule=Host(`oh.mydomain.com`)"
- "traefik.http.routers.openhab.entrypoints=websecure"
- "traefik.http.routers.openhab.tls=true"
- "traefik.http.routers.openhab.middlewares=openhab-auth"
- "traefik.http.services.openhab.loadbalancer.server.port=8080"
- "traefik.http.middlewares.openhab-auth.basicauth.users=openhabuser:hashed_PW"
- "traefik.http.middlewares.openhab-auth.basicauth.removeheader=true" # auth header am openhab macht komische dinge