There seems to be a few tutorials which all work to secure various access methods and they work however they dont appear to work together.
I use Web browser access to OH2 via HTTPS, using NGINX. This works fine and works with a Username/password.
Using this NGINX Config, I can access OH2 but I cant access the OpenHab Cloud local instance, on 3000. It appears it only works by having location as set to / , how would I obtain access using HTTPS to both sites? both 3000 & 8080
Further, the instructions say to secure it with a user/pass by adding. Thats al well and good for a web browser, but when you enable this it breaks the openhab android app. So, maybe you secure the app via Certs - great, but that then that breaks the web browser access!!
Cant darn win!
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
You can have web access using client certs, but that requires installing the certs on every device that should have access. It would be nice if you could have nginx check for a client certs and if not present, use basic auth, but that isn’t supported out of the box and requires some really hacky config. Also, you would be promoted for a certificate every time you try to visit the site which would be rather annoying, especially for family members who doesn’t know what to make of it.
As for the path issue with openhab cloud, I’ve been researching this as well (but with grafana and frontal). Grafana supports configuring a base path, but frontail doesn’t. I believe the only way is to purchase a domain name and configuring different subdomains in nginx. Just remember that if you are using let’s encrypt you must add all subdomains to the SAN-list to avoid cert warnings.
Edit: sorry for not being able to help more, I would be very happy as well if someone has a better answer
I would need to have two server blocks, one with Auth to protect on the internet and one without auth for openhab cloud for use on the Mobile device. Ill give it a go!
I have no experience in home to configure oh-cloud, so can’t help you there I’m afraid… But of course you would need some kind of authentication to prevent everyone having access.
Perhaps you could have two different subdomains proxying the same server but one using basic auth and the other certificate auth? You said in your first post that you got cert auth to work with the Android app no?
Edit: you need to configure the Android app to connect to port 443 (or if you tell nginx to listen to another port, 443 is just standard for ssl)
I can’t recreate your setup, since i don’t have an openhab-cloud instance running, and i don’t use openhab-cloud or the app very often, so can’t say what’s wrong. But if the app sys it’s connected then something must be working at least