I’m running the latest openhabian version using the “unstable” version of openhab.
I also had troubles lately to secure my installation using SSL because the certification process “sadly failed”.
Today I noticed by coincidence, that everyone(!) can surf to my openhab starting page, clicking around in ´the paper or basic ui and being able to do what nobody except me should be able to.
I disabled now the remote access for port 80 (where nginx was listening to) and achieved to cut-off the access from the internet.
But why and how on earth did this happen - and why is there no question anymore for userid and password like it was before I tried to use the nginx reverse proxy? How can I restore at least the basic security?