@elwyngoossen Your connections shouldn’t be shown as insecure anymore with the latest beta.
@elwyngoossen I’m having the same problem as you. I have a reverse proxy (Nginx) set up on openhabian. I can connect fine from a browser, but not the OpenHab app. I get the same message as you. Have tried the Beta version, but is the same.
Did you manage to fix yours?
Does openhabian come with an nginx reverse proxy? Can you post the config here?
@mueller-ma The Nginx remote proxy can be installed using one of the options in openhabian-config. There is a guide here:
It’s not exactly plug and play though. I’m using DuckDns so I had to use the troubleshooting guide near the end to get the certificates accepted. Also, for some reason the secure certificate location entries in my /etc/nginx/sites-enabled folder entry were hashed out, so I had to unhash them to get it working.
As I mentioned above, I can connect remotely with a Web browser, but not with the OpenHAB Android app.
1 Like
Please post the files in /etc/nginx/sites-enabled/ (redact any personal information, like url).
I have one file in /etc/nginx/sites-enabled named openhab. Contents as below (I have replaced my Internet URL with <your_internet_url>):
#################################
# openHABian NGINX Confiuration #
#################################
## Redirection
server {
listen 80;
server_name <your_internet_url>;
return 301 https://$server_name$request_uri;
}
## Reverse Proxy to openHAB
server {
# listen 80;
listen 443 ssl;
server_name <your_internet_url>;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Cross-Origin Resource Sharing.
add_header 'Access-Control-Allow-Origin' 'http://localhost:8080/rest';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
## Secure Certificate Locations
ssl_certificate /etc/letsencrypt/live/<your_internet_url>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your_internet_url>/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
# proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Password Protection
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
## Let's Encrypt webroot location
# location /.well-known/acme-challenge/ {
# root /var/www/<your_internet_url>;
# }
}
# vim: filetype=conf