Visual Studio Code after Ninx reverse proxy setup

Hi there,

Did anyone handle the REST API connection between Visual Studio and Openhab with Nginx?

my jason file looks like:

{

    "http.proxyStrictSSL": false,
    "openhab.host": "https://openhab",
    "openhab.port": 443,
    "openhab.lspPort": 5007,
    "editor.renderWhitespace": "none",
    "editor.renderControlCharacters": false,
    "breadcrumbs.enabled": false,
    "workbench.activityBar.visible": true,
    "workbench.statusBar.visible": true,
    "window.menuBarVisibility": "default",
    "workbench.iconTheme": "openhab"
}

And I get following error:

image

Nginx working on 443 port and server name is “openhab”

Just to be sure: does it work without any certificate issue when you connect to https://openhab from the same machine as where VS Code runs? And is it Linux, Windows or macOS where you run VS Code?

I think we have an open issue on github for self signed certificate issues, but I am not sure.
I will have a look at weekend, cause I am on mobile currently.

yes it does work from the same machine in webbrowser corectly.

image

VS Code runs on windows 10

Thanks

Looks like you need some fix…

I will wait for @Confectrician - regarding github

Sorry for the delay, i was quite busy with some docs/website issues.
But @noppes123 could have remembered the issue i was talking about too, since he took part in discussion. :stuck_out_tongue:

It is the following and i think it will match your problem description:

We can’t do much here because of the way node js handles the https.

A solution/workaround is described here:

We should document that like suggested in the last comment.

You’re right. I forgot… :wink:

i have combinated my certificate with valicert from here:
link

Set it in nginx and reload it.

It works like a charm in webbrowser but still not working in visual studio - maybe because i dont gave anything mentioned in Nginx conf file regardinf lsp port 5007?

[19:29:27] root@openhab:/etc/ssl# openssl s_client -connect openhab:443
CONNECTED(00000005)
depth=0 C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab
**verify error:num=20:unable to get local issuer certificate**
verify return:1
depth=0 C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab
**verify error:num=21:unable to verify the first certificate**
verify return:1
---
Certificate chain
 0 s:C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab
   i:C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab
 1 s:C = PL, O = home.pl S.A., CN = Certyfikat SSL
   i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Global Services CA SHA2
 2 s:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Global Services CA SHA2
   i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
 3 s:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
   i:C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
 4 s:C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
   i:C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
---
Server certificate
-----BEGIN CERTIFICATE-----
.
.  certificate code here not important for topic
.
.
.
-----END CERTIFICATE-----
subject=C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab

issuer=C = PL, ST = Lower Silesia, L = Wroclaw, O = openhab, OU = openhab, CN = openhab

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5944 bytes and written 402 bytes
**Verification error: unable to verify the first certificate**
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: xxxxx
    Session-ID-ctx:
    Master-Key: xxxxx
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
	.
	. tls code here not important for topic
	.
	.

    Start Time: 1578249142
    Timeout   : 7200 (sec)
    **Verify return code: 21 (unable to verify the first certificate)**
    Extended master secret: yes

Did anyone manage to use Visual Studio with Nginx? How to manage that?

I did combine intermediate certificate and still same error.