Openhabian doesn't ask for userid & password and is open to everyone over the internet?

I’m running the latest openhabian version using the “unstable” version of openhab.
I also had troubles lately to secure my installation using SSL because the certification process “sadly failed”.
Today I noticed by coincidence, that everyone(!) can surf to my openhab starting page, clicking around in ´the paper or basic ui and being able to do what nobody except me should be able to.

I disabled now the remote access for port 80 (where nginx was listening to) and achieved to cut-off the access from the internet.

But why and how on earth did this happen - and why is there no question anymore for userid and password like it was before I tried to use the nginx reverse proxy? How can I restore at least the basic security?

OH 2.x doesn’t have authentication built in. The purpose of the nginx proxy is to add authentication. The docs have a pretty good walkthrough on setting up nginx with authentication: https://docs.openhab.org/installation/security.html#nginx-reverse-proxy

Auth section specifically: https://docs.openhab.org/installation/security.html#nginx-auth

Stupid me , thank you. I was moving back and forth so often that I forgot about this.
Thanks, will read through the docu once more!