When I bind my local Habian instance to the myopenhab.org public server, I am able to manage my local Habian instance without issue. So clearly I have an issue with my cloud config.
Enter your domains at SSL Server Test (Powered by Qualys SSL Labs) . An analysis of your ssl setup will be done and all known issues like outdated ciphers, known vulnerable implementations of TLS/SSL etc. will be detected and reported.
Based on the report you can take actions and redo the test.
Thank you, Wolfgang. Your post was the one I had found and made an effort to return to, with no luck.
I have configured my Nginx and startup routines as per your attachments, editing them to fit my environment. I do now have a secure connection to the subdomain but I it gives a 502 response. The log tells me:
invalid port in upstream "undefined:undefined/remote/"
Which I assume ties in with:
if ($http_cookie ~ "CloudServer=(\S+)\%3A(\d+).*") {
set $upstream_host $1;
set $upstream_port $2;
set $upstream_server "${upstream_host}:${upstream_port}";
}
Do you have any idea why these two values could be undefined? I have tried setting the ip address entries in the startup routines and upstream socketapp, proxyapp and webapp settings to both the IP on eth0 interface and a loopback address, but still no bueno!
Also, now the Hasbian displays as ‘Not Connected’ in my Cloud instance but happily shows as online in myopenhab.org if I test it on there!
If you have any theories, I’d love to hear them. It may be that my problem solving journey so far has left some destruction that could warrant a purge. But it would be nice to avoid that, if I can
As far as I remember at the beginning I had the same error.
You started two instances of the openhab-cloud app.js file ?
What is the content of the http_cookie ? I think you can have a look at cookie content in your browser as well as add a debug/print statement in the app.js file
So my issue was very simple! All I had to do was edit my Nginx and add fullchain.pem instead of cert.pem. I notice above in this thread that my configuration was correct at some point. But initially I pasted your config in and had to do it in three stages as the buffer wouldn’t contain the full text. To rule out any error, I did a WGET on your file from this server and in the process it reverted it to cert.pem.
Wolfgang, I really appreciate your attention on this, have a great weekend.
For anyone future Openhab Cloud people that run into this issue in the future. Wolfgang’s config it great, you just need to edit it and change the ssl_certificate entry for both endpoints
# mydomain.com
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem #change from cert.pem
# home.mydomain.com
ssl_certificate /etc/letsencrypt/live/home.mydomain.com/fullchain.pem #change from cert.pem