Vs code openHAB extension + Apache2 reverse proxy with self signed certificate

Hi,

Is there a setting in vs code to accept self signed certificates? My openhab server is now behind a reverse proxy with authentication + ssl and vscode won’t connect to it. It just complains that a self signed certificate could not be verified.

Thanks,
Miika

If your openhab server and vscode computer are on the same network won’t it work as normal by specifying the direct address?

My OH accepts connections only from localhost. Everything goes through proxy. I could revert this and open a hole in my firewall. But then I would loose my access control and I don’t want to do that.

1 Like

Is it your preview of the sitemap that is failing or is the language server failing as well. The language server is on another port (5007). You might have to forego the sitemap preview and just take advantage of the lsp and use a browser for the sitemap. You will need to open port 5007 or forward that traffic through your proxy as well.

Sitemap preview is failing. I have already opened port 5007 for language server and vscode doesn’t give any errors about lsp so I think that’s working. However, as I have allowed access to web servers only from localhost, does it have the same affect in language server? Is the port 5007 also only accessible from localhost?

This is the actual error vscode is giving me: Error while connecting to openHAB REST API. self signed certificate

I don’t know. If it appears to be working I think the answer is that everything is fine from the language server perspective. You can test it by typing in some known errors and see if VSCode identifies the errors and highlights them in Red.

The sightmap preview might be something you have to give up on in VSCode with this configuration. You can file an issue and see if there is something that can be done from the extensions perspective, but if I were to bet, I’d bet it is a limitation on VSCode itself.

I’ll do some tests with language server later. Thanks for yor input.

Does @kubawolanin have any thoughts? If I remeber correctly you are quite familiar with vscode and oh extension?

I think the main problem here is that I can’t get a proper certificate with Let’sEncrypt and certbot. My ISP blocks every port under ~1000 exept 500. And certbot won’t work with non standard ports. I’ll start googling for some workaround.

Yes, I’m quite familiar with the extension :wink:

Regarding the sitemap preview - see these posts:

The VSCode’s API for HTML preview we’ve used so far has been deprecated. When I upgraded the vscode engine in the extension, I’ve introduced this bug that causes PaperUI and BasicUI not displayed in the editor.
We need to adjust the extension so it uses the new webview API. I need some time before I can code it but it’ll definitely happen this week.

You can downgrade your VSCode extension for the time being and see if that helps.
Cheers

Thanks @kubawolanin for your suggestion but downgrading the extension didn’t help. It might help for the sitemap preview problem but has nothing to do with ssl settings and accepting certificates. I found few suggestions about setting https.proxyStrictSSL = true but this seems to affect only when your whole internet connection is behind a proxy e.g corporate network.

As for now there’s nothing we can do exept use unencrypted connections or verified certificates. There’s a open issue in vscodes github about this so we have to wait if they come up with something.

My solution for now is to disable proxy+ssl for my local network and tighten up my firewall to let only specific ip numbers to my oh server.

And the language server will ofcourse work now that connections to oh server is accepted not only from localhost.

1 Like