Reverse proxy

Hi All
I configured reverse proxy for openhab2
http works ok but https returned follwing error
400 Bad Request
The plain HTTP request was sent to HTTPS port

my configuration in /etc/nginx/site-enable/default looks like this

server {
listen 80;
listen 443 ssl;
server_name my_real_domain;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;

    location / {
            proxy_pass                            http://openhab2:8080/;
            proxy_buffering                       off;
            proxy_set_header Host                 $http_host;
            proxy_set_header X-Real-IP            $remote_addr;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto    $scheme;
            auth_basic                            "Username and Password Required";
            auth_basic_user_file                  /etc/nginx/.htpasswd;
            }

}

eny idea what i doing wrong ?
regards

Are you opening the url http://yourhostname:443 or just https://yourhostname because the errors suggest you calling the wrong url from the browser?

Could you make a screenshot including the address bar?

yes
I opened both
I redirect port on my router. Port 8081 is redirected to port 443 on my host behind router
i looks like this
port 8081 -> port 443 on 192.168.1.157
If i enter https://mydomain:8081 from outside its redirect me to local host and ask me to enter user name and password till now it works OK
but after I enter user and password browser change https to http and url looks like this
http://mydomain:8081/start/index if i mnualy change http to https it works OK

Did you follow http://docs.openhab.org/installation/nginx.html ?

yes
the configuration file looks e little bit different but it does not matter

It looks like nginx doesn’t understand that the router is redirecting the traffic to another port. Have you tried including 8081 in your SSL line?

sorry but I don undestand
What do you mean including 8081 in SSL line ?

You can maybe try to change “listen 443 ssl;” to “listen 8081 ssl;” and let the port forward 8081 to 8081 on 192.168.1.157.

I think this is more or less what @Benjy meant

1 Like

This might also give some hints, but I thought it be the answer but I am in doubt now.

proxy_set_header Host $host:$server_port;

This is my configuration

    location / {
            proxy_bind 127.0.0.1;
            proxy_pass http://localhost:8080/;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
    }

But I run it via https on port 443

but i thinh that i have to change ssl port in openhab2
Is it correct ?

I think that openHAB is unaware of the ssl port

nginx is a proxy, it serves as a secure window into you openHAB instance. Your local server would be running as normal and is fairly unaware of nginx. You connect securely to nginx, which the passes the information on to openHAB locally.

This means that you should simply open port 443 on your router and foward it to the ip of your openHAB machine. Using the default options in the tutorial @ThomDietrich posted above, you simply would have to write: ((notice no port)).

https://mydomain/start/index

You’re now connecting to nginx via port 443, and nginx is passing the information for you via localhost:8080

If you want to use any port other than 443, you’re free to do so but you need to specify it in the URL. You should not need to create an additional redirect to port 443 because your local network likely does not care which port it is.

1 Like