Hi all,
I set up a reverse proxy based on apache 2.4 which, after struggling with the config quite a long time, is working from the outside world by a public DNS server name as well as from the inside (LAN and local DNS server name).
There is only one annoying thing which I tracked down to a timeout after POST, when using the SSL encrypted remote access. When I change, for example, a dimmable light the actual setting is not shown in the app until the proxy timeout occurs or when I change view in the app. It works like a charm if I am logged in to my WLAN an the local server URL is used.
As the http and https reverse proxy both use the same backend address http://127.0.0.1:myOHport I was expecting both configurations to behave identically.
Comparing the apache logs only shows that the POST request, which sends the new setting to the item, returns immediately followed by a GET using http, while POST times out on HTTPS (or maybe the following GET which should fetch the new item state).
The local config looks like this
<VirtualHost my.local.ip:80>
ServerName my.local.servername
ErrorLog /var/log/apache2/lerror.log
CustomLog /var/log/apache2/access.log vhost_debug
CustomLog /var/log/apache2/referer.log referer
ProxyPass / http://127.0.0.1:8880/
ProxyPassReverse / http://127.0.0.1:8880/
<Location "/">
AuthName openHAB
AuthType Basic
AuthBasicProvider file
AuthUserFile /my/password/file
<RequireAll>
<RequireAny>
Require ip my.local.net
</RequireAny>
<RequireAny>
Require ip some.client.without.username
Require ip other.client.without.username
Require valid-user
</RequireAny>
</RequireAll>
</Location>
</VirtualHost>
The SSL config looks like this:
<VirtualHost my.local.server.ip:443>
ServerName my.public.servername
ProxyPass / http://127.0.0.1:8880/
ProxyPassReverse / http://127.0.0.1:8880/
ProxyTimeout 30
ProxyPreserveHost On
SetEnv proxy-nokeepalive 1
SSLProxyEngine on
RequestHeader set X-Forwarded-Proto "https"
Header edit Location ^http: https:
ProxyHTMLEnable On
LogLevel info
ErrorLog /var/log/apache2/ssl_error.log
CustomLog /var/log/apache2/ssl_access.log ssl_vhost_common
CustomLog /var/log/apache2/ssl_referer.log referer
SSLEngine On
SSLCACertificateFile /my/ssl/cakey
SSLCACertificatePath /my/ssl/cacrt
SSLCertificateFile /my/openhab/serverkey
SSLCertificateKeyFile /my/openhab/servercrt
SSLCARevocationCheck chain no_crl_for_cert_ok
SSLCARevocationPath /my/ssl/crl
SSLCipherSuite HIGH:!aNULL:!MD5
<Location "/">
AuthName openHAB
AuthType Basic
AuthBasicProvider file
AuthUserFile /my/openhab/pwfile
SSLVerifyClient require
SSLVerifyDepth 1
<RequireAny>
Require ip my.local.net
Require valid-user
<RequireAll>
Require expr %{SSL_CLIENT_S_DN_OU} == 'my client OU'
Require expr %{SSL_CLIENT_S_DN_O} == 'my client O'
</RequireAll>
<RequireAny>
Require expr %{SSL_CLIENT_S_DN_CN} == 'user1'
Require expr %{SSL_CLIENT_S_DN_CN} == 'user2'
Require expr %{SSL_CLIENT_S_DN_CN} == 'user3'
Require expr %{SSL_CLIENT_S_DN_CN} == 'user4'
</RequireAny>
</RequireAny>
</Location>
</VirtualHost>
The Basic UI shows the same behaviour. The Classic UI works as expected. Paper UI shows the same behaviour on the first change, every change on the same item after that results in “Error 400: Bad request”.
Checking a heating control item I saw that somehow the character encoding might be broken.
openhab.log:
2019-12-04 15:09:04.198 [WARN ] [rest.core.internal.item.ItemResource] - Receive
d HTTP POST request at 'items/HeizkoerperAnbauKueche_4_SetTemperature' with an i
nvalid status value '18.9 °C'.
2019-12-04 15:14:35.447 [WARN ] [rest.core.internal.item.ItemResource] - Receive
d HTTP POST request at 'items/HeizkoerperAnbauKueche_4_SetTemperature' with an i
nvalid status value '19.1 °C'.