PR to fix critical auth situation for remote access

Hi. Hoping some of the core maintainers can give some priority to what I personally feel should be a critical fix. As it stands right now, OH3 is completely unusable remotely when utilizing NGINX to secure the connection. There isn’t really an acceptable alternative that performs well So this problem makes OH3 virtually inaccessible and unusable remotely.

@Spaceman_Spiff created Add cache for auth by spacemanspiff2007 · Pull Request #2101 · openhab/openhab-core · GitHub to rectify this situation. But this PR nor the issues that have been opened on it have not been reviewed or merged yet.

That’s just untrue. I’m happily using NGINX even on a RPi.
Please don’t urge volunteers to work on anything that only you feel to be of utmost importance.
Let alone they all deserve a rest for the time being.

It is not only me. But anyway…

Can you explain what you are doing to happily use The OH 3 main UI with NGINX on a pi with rest API auth enabled and NGINX basic auth enabled? Because it does not work properly for anyone that has discussed it in this forum. It is well documented in multiple git issues with data to back them up.

I am also happily using NGINX with OH3 on Windows, so the combination works.

As i am not using a pi I cannot answer this directly. But for me things work since I added these 2 lines in my nginx.conf:

add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;
proxy_set_header Authorization "";

With these settings I can access OH3 via Browser or Android App from remote. A direct access is possible to Basic UI, Habpanel and OH 3 main UI (without being logged in for administration, this is an additional login step) .

Sure but I won’t. I dislike the aggressiveness you’re coming across as.

Unfortunately those are already part of the OpenHabian NGINX configuration. I believe this issue probably only applies to those on Linux, and possibly hardware dependent at that. Thank you for the suggestion though.

lol wow.

So anyway, is there anyone else not overcome with a perplexing amount of unwarranted childish spite that is willing to help with this issue? One of our community members has already volunteered his time and effort to make a PR that solves this problem. It just needs some attention to get worked into production. Or if there is an existing solution to this problem, and someone is is willing to share it rather than intentionally conceal it from the community, that would be fantastic too. There are many people negatively impacted by this eagerly looking for resolution.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.