Hi All,
This configuration allows you to password protect access to the various UI’s found by visiting http://localhost:8080 whilst allowing HabPanel access to be open.
It assumes you have NGINX installed.
This works just fine for PC, but when using an IPhone or IPad, the Local URL for some reason needs to be set to http://localhost/habpanel/# - perhaps someone smarter than I can work that one out!
First,
Install the following:
sudo apt-get install apache2-utils
Once complete, then set a password using this command
sudo htpasswd -c /etc/nginx/.htpasswd username
Replace username, with the username of your choice.
Finally, paste this configuration into a file of your naming choice, under /etc/nginx/sites-enabled/
NOTE: replace server_name with the real IP address of your OH2 server.
server {
listen 80;
listen [::]:80;
server_name 192.168.0.87;
location /rest/ {
proxy_pass http://127.0.0.1:8080/rest/;
}
location /static/ {
proxy_pass http://127.0.0.1:8080/static/;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /habpanel/ {
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/habpanel/;
}
}
Then, issue command
sudo systemctl restart nginx
Finally, update the configuration file below, modifying the line (ensure you remove the # comment)
/etc/defaults/openhab
with
OPENHAB_HTTP_ADDRESS=127.0.0.1
This removes any client talking to the server, instead only allowing access from the server itself (NGINX)
This will now password protect the UI’s, but allow access to HabPanel.
Cheers