[SOLVED] Openhab2 nginx config

I have this file:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        auth_basic      "User and Password";
        auth_basic_user_file    /etc/nginx/.htpasswd;
		
		root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

		server_name _;

		location / {
						try_files $uri $uri/ =404;
						proxy_pass                            http://localhost:8080/;
						proxy_set_header Host                 $http_host;
						proxy_set_header X-Real-IP            $remote_addr;
						proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
						proxy_set_header X-Forwarded-Proto    $scheme;
					}
		}

When I writte localhost this redired to http://localhost/start/index and should be: http://localhost:8080/start/index.
Some help?

Hey @jeess, did you also have a look at some of the existing documentation and tutorials for this?

Yes, I did. I have follewed the documentation, but I don’t nknow becouse it rediret to localhost/start/index instead of localhost:8080/start/index.

Well you could use a 301 redirect for that.

Is that just for easy access within your local network? Because nothing will be secured with Nginx that way. Thats why everyone normally uses the Reverse Proxy solution and does not expose port 8080 externally.

Hi @jeess,
Follow above tutorial and your nginx config file,and if you set up successfully ( test with command sudo nginx -t ), you type on browse with http://localhost ( on your server ) or http://openhab_ip ( on other devices ), it will ask you username and password. When login successfully, the address bar on your browse will rediret to localhost/start/index or openhab_ip/start/index ( it’s not localhost:8080/start/index or openhab_ip:8080/start/index ) .
Because when you use Nginx Reverse Proxy, it’ll not expose port 8080.

Ok, It’s correct inside to local network, but for entry in my openhab from outside my local network, Have I that open a port in my router distinct to 8080 for not expose the port 8080? and If I open the port for example 1234. Will I have that modify the config file NGINX?

I would not advise you to open http / port 8080 on your router. there is nothing encrypted and everything will be sent in the clear. If you really want to open a port on your router to access your openhab I strongly suggest using https for example open the port 443 on your router and use nginx to redirect to 8443 on the openhab server. In the documentation you will see how you can use certificates to do that.
You need to adjust your nginx configuration accordingly ie ask for a username and password to authenticate externally otherwise everybody will have access to your openhab etc

An easier way to access your system would be to use myopenhab.org which is openhab’s cloud service

HTH,
Christos

Is there any way to configurate NGINX for acces from Internet wihtout use SSL and that when acces it asks the user and password equal that when I acces from localnetwork?

Hi @jeess,

If you want to acces OpenHAB from Internet with port you want ( example 1234 ), you could do with this way :

  • config your Nginx file :
    server {
    listen 1234 default_server;
    listen [::]:1234 default_server;
    auth_basic “User and Password”;
    auth_basic_user_file /etc/nginx/.htpasswd;

      root /var/www/html;
      index index.html index.htm index.nginx-debian.html;
    
      server_name _;
    
      location / {
      				try_files $uri $uri/ =404;
      				proxy_pass                            http://localhost:8080/;
      				proxy_set_header Host                 $http_host;
      				proxy_set_header X-Real-IP            $remote_addr;
      				proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
      				proxy_set_header X-Forwarded-Proto    $scheme;
      			}
      }
    
  • Open port 1234 on your modem

  • Access with this link http//your_dns_name:1234 or http//your_static_ip_internet:1234 on browse from outside

It must work fine. Good luck !

Hi @KevinHab,

Thank very much, it works fine.

Again opening http access (no SSL) from the internet and using a username / password is pointless. Your username / password will be sent out in the clear with no encryption so anybody can see them