SSL bug in REST API?

Hi, I’m using the official Android app for openhab.

I have configured a remote URL using https protocol. But the app is still using the unencrypted http url!

I discovered it as I turned off port 80 http on my server: the app isn’t working anymore. Also I can see the http URLs in Android log and with proxying the requests.

I tested a bit and found out the the server REST API delivers the http URLs although requested via https. So maybe this is not an issue of the app, but the server.

Didn’t have time to dig into the API core of openhab to check it.

Or did I miss a setting on server side?

Do you have security:option=ON or security:option=EXTERNAL set in openhab.cfg?

If it was set to EXTERNAL, were you doing your testing outside of your LAN?

Are you connecting to the HTTPS OH port (8433 by default)?

Ok, it’s kind of my fault… I’m using apache to proxy the access to openhab. Apache has the correct SSL cert which is used for my server (a let’s encrypt one). So I proxied to the 8080 port of openhab which of course is http.

So I turned SSLProxyEngine on to proxy to the SSL Port 8443 of openhab. Now the rest api returns https, but with host “” which of course won’t be accessible from external.

But if I proxy to the 8080 port via http, the rest service reports correctly my public domain. Guess I have to check the source code how the url is built…

Any idea’s?

Afraid not. I abandoned trying to do my own reverse proxy when my.openhab was released.

Hmm, ok. I don’t like to make OH available directly from external. Additionally I have other websites running also with SSL, so I need the 443 port (and I don’t like to use others because of some firewalls are blocking other ports).

So I have to play around if I get it working or change the rest API to return always https links or something like that.

Am 30. Januar 2016 00:37:45 MEZ, schrieb Rich Koshak

Guess I got it working. Needed to add ProxyPreserveHost on setting in the apache config.

But this forwards the external name to openhab, so the openhab cert must be set to the same external name (but can be self signed as long as it is trusted on the machine).