I’ve configured an nginx reverse proxy (inside docker) in front of my openhab.
I can now access my openhab (also with the Android App) from my local network using https (on port 443) relying on a “let’s encrypt” cert.
To avoid (even from my local network) a direct connection to openhab (using http or https), I have restricted the access only from my docker container (running my nginx) using OPENHAB_HTTP_ADDRESS: in practice, the only way to access my openhab is to go through nginx (with https).
But, now while using Openhab Cloud, I get “openHAB connection error: Connection refused” when I try to access my dashboard.
According to some posts I read (quite old), it looks like “openHAB Cloud Connector” is trying to go reach my openhab using ‘localhost:8080’. Which is forbidden due OPENHAB_HTTP_ADDRESS setting excluding localhost AND also because I changed http port (not using 8080).
Is there a way to configure the “openHAB Cloud Connector” to use ¨https://mynginx.mydomain.com" instead of ¨http://localhost"?
Help would be greatly appreciated.
PS: Of course, I could expose my nginx reverse proxy on the Internet and no more use the
“openHAB Cloud Connector” (simply changing my router configuration) but I prefer to avoid exposing openhab on the internet.
No, the cloud connector doesn’t expose that as a configurable parameter.
Don’t do that either. Just let localhost connect to port 8080 and nothing else can connect to port 8080. I believe that will make it that what ever is connecting to OH on the port would have to be running not just on the same how, but within the same container.
It’s way less risk over all to allow OH to talk to itself locally than to expose a port on the internet.
I’ve also still troubles with OpenHab android app (accessed from Internet then using “Remote server”) also with HTTP 401 but that’s quite confusing because this message is also referring to a client certificate. And, I’m not using a client certificate and wonder how we can configure such a client certificate with remote access: I see no way of configuring client certificate on https://myopenhab.org/ and also “openHAB Cloud Connector” looks like using localhost:8080 (which is not https that could expect a client cert).
I found another post mentioning that “SSE subscription failed (401 OK): running in fallback mode” can happen with nginx used as reverse proxy (if not correctly configured) but from my understanding adding my nginx reverse proxy has nothing to do with remote access that is relying on “openHAB Cloud Connector”.
There is something I’ve probably not well understood.
Android Openhab is working well (including notifications) using local server (going through nginx with https and authentication).
Make sure in the android app under the server settings the SSL client certificate is set to None.
This is an option for those who expose their reverse proxy to the internet configured to use certificate authentication. It cannot be used with myopenhab.org.
Correct but there might be a similar problem with myopenhab.org. I’ve been using tailscale for a long time for remote access so haven’t seen any errors from myopenhab.org. But I’ve also not seen any errors reported.