Hey @nlmarco,
your contribution here is very much appreciated! Why don’t you move these steps to their own tutorial? The topic sure deserves one and a thread is easier found than reply number 38 here
I was trying to get things running, read this thread, saw that things don’t work the way I need with NGINX, tried it with Apache (which was running already, anyway) and directly wrote it here
Now it’s really late and I’m going to postpone any further stuff to tomorrow. But certainly, I should write it in a cleaner way somewhere else.
Hi, I run into this thread while banging my head to wall with nginx proxy. To simplify https certs, I have all my stuff behind one domain, separated by suffixes. OH2 basic UI looses all graphics and CSS files if it’s proxied like that. Any configuration option like grafana has: http://docs.grafana.org/installation/behind_proxy/ which I could set?
I see the right way to do it would be to have conf options for domain an suffix for UI components. All web server confs are temporary tricks around the problem, and any app change could break the web server confs again.
Is any app developer interested of this change? The conf should ask for domain and suffix used in proxy, and app should use those as variables for any internal links. In short
Did u accomplished to set it up ? My problem is that i cant proxy_pass directly to choosen skin and passing to http don’t work either. My config:
Public machine static IP (ipsec and nginx). VPN setup with openhab running on a dynamic IP.
when i setup ginx to proxy_pass from https://public_machine to http://local_vpn_machine it’does not work correctly. Config which is quite good is
listen 443;
proxy_pass https://192.168.1.13:8443;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
but i can’t setup this proxy_pass to redirect directly to https://192.168.1.13:8443/basicui/app - images are not loading at all. It’s a bit confusing to always choose the basicui skin manually
I am in the process of setting up my openhab installation and the route I wanted to go with the reverse proxy is via subdirectory rather than subdomain. I have got most of the items to work, but I am still working out a few areas. Try this in your nginx configuration and let me know how it works for you.
The ?: means a non capturing expression, I haven’t tried it without but it might work without. The case for openhab redirects to the root directory on the target and the rest of the cases carry the first subdirectory forward since that is what the requests seem to reference when accessing it locally.
And when the app references to stuff like /icon or somethig, how do you modify the response to add /openhab to the beginning of uri? So that browser would know to request /openhab/icon instead of /icon? As without /openhab there at the beginning it would point them to non existent path in proxy, or some default site’s /icon directory.
So it basically checks if domain is mydomain.com and uri is /oh/whatever_here, and it just removes /oh. I don’t see the need to check for start|homebuilder|habpanel|basicui|paperui|rest|icon while testing this. perhaps later on it would be nice protection.
It kinda works. It shows the page.
However, now it has the problem I was asking for. So as the backend doesn’t have configuration item (?) for URI prefix, it points browser to e.g. /rest, instead of /oh/rest. To avoid that, all responses from openhab should be read through, and any occurance of such text to be replaced by /oh/ in before it.
It’s likely doable, but it is just so wrong I’m not going to do it. The proper way would be to have such an option in ESH backends configs, so that the app would insert the given $prefix into any URI it sends to browser. This is how many other apps work. Unfortunately it doesn’t have that, I was told, and it would take some effort to find the spots and add it everywhere in code.
So if someone ™ did the following, it would work right:
add uri_prefix option into configs
find all the spots where the applications send internal addresses to browser, like /rest
add $uri_prefix to all those occurances.
After this the forward proxy would not need to do the URI rewrites either. Unfortunately there is no that someone around
Just some basic questions. My OH2 server has a local instance of OpenHab Cloud running locally, this means NGINX and LetsEncrypt is already ready running. This was setup specifically for Cloud notifications from OH2 to my Mobile device.
I currently port forward 8080 to allow access to OH2 from the Internet, but restrict the networks on my Cisco Firewall.
I want to be able to password protect OH2 on the Web, I’m assuming most of this is already done given ive got OpenHab Cloud running locally, right on port 3000?
Which sections would I need to do to allow it to be password protected and use port 80? Further, does this give me the ability to expose HTTP elements in HabPanel and OpenHAB app using short names instead of the full URL? I currently have Grafana Graphs and fetch web cam images but for it to work I also need to open the devices to the Internet. Ideally, id like to stop all that and just have them referenced using http://local-servername/image.jpg for example