Use nginx Proxy handle/control sitemaps depending on authentication

Tags: #<Tag:0x00007f6179a8b880> #<Tag:0x00007f6179a8b470> #<Tag:0x00007f6179a8aed0>

hey there, i do really need your help setting up my nginx proxy for my OH,

The issue: i want to get a access control to my sitemaps, i setup a user and password configuration which works, i have to login and then i get the OH page served. but i want to login and depending on the logged in user, i want to tell nginx which location to serve, e.g. http://localhost:8080/basicui/app?sitemap=MyOpenSitemap … each sitemap has different functionalities where users can do more … or less thinks.

i searched really a lot but i didnt even found a solution to set the location which nginx offers when requesting the server, e.g. i tried to set the proxy_pass not to http://localhost:8080/ which is the “main view” of the OH system, i want to change it to serve to a sitemap… but i didnt get it working. there are errors, first the error saying “URI to long” so i set the “long_location_header_buffer” up but still getting an other error after that, wich says “bad request” …

I do really need help to get nginx set up for the challenge… is there anybody who has set up his nginx proxy with same functionalities i am looking for? it would be very helpful to get tips, i think my problem is on nginx side. i found a thread: https://community.openhab.org/t/hiding-a-sitemap-from-non-system-admin-users-oh-1-x/20434/7 but it does not really help for me but the guys there seems to have a similar issue.

thanks for your help,

cheers, tobi

I’m no expert in this so take it with a grain of salt. BUT, what you are asking for is some form of conditional forwarding. I don’t think nginx can do what you are looking for. That type of behavior is usually handled by the content served up by the webserver, not the webserver itself.

I’m thinking what you really need is code served up by nginx that does this and then can redirect you to different sitemaps. Some tasty php or html5 :slight_smile:

thanks for your reply. i tested a bit with nginx and … i think you are right - it seems that nginx does not offer the functionalities needed for my task. i also tried a own way, with setting up a node webserver running as a forwarding proxy. i let the node webserver redirect any request to the nginx proxy … with this way i handled the “authentication” on the frontend served by my node webserver. but the problem is that the OH content does not work … the paperUI view is loaded but there are no clicks etc. possible because there accure a DOM error making problems, so i stoped the node webserver plan and are now still looking for other ways. i found out that the apache http2 proxy perhaps can solve my task…
does anyone has experiences with this?

cheers, tobi

I’m no expert, but a quick Google search revealed this:

thank you, i will have a Look at this.

I have the same problem. I have two htpasswd file for two location, it works but not with sitemap url, my webpage isn’t complet, I have just some texts but not icon, color, etc

have you found a solution ?

TL;DR I got nginx working so that it will allow certain IP addresses and/or subnets (for example guest Wifi) to access a set of limited-functionality OpenHAB sitemaps.

Admin-level users coming from authorized IPs and/or subnets can see the full set of available OH sitemaps, including sensitive ones with administrative & global settings, etc.

With this setup a necessary separation between regular users & openhab administrators is achieved.

NB: my production setup is still on OpenHAB 1.8 but I see no reason why a similar nginx setup wouldn’t work with OpenHAB 2. Will update this post if/when I migrate to OH2 and get nginx working there as well.

See this discussion:
https://community.openhab.org/t/hiding-a-sitemap-from-non-system-admin-users-oh-1-x/20434