Why is myopenhab required?

Hello,

I want to have access to my openhab instance through internet. So I was reading the security chapter.
But I don’t understand why we should use myopenhab cloud ?
As there’s already authentication in OH3, what’s the added value of myopenhab cloud service ?

Thanks
Regards.

It’s not required. You could setup a reverse proxy, as documented here.

You would need to setup your local network yourself to provide secure access (proxy/NAT, firewalling etc). myopenHAB also allow for more selective exposure of openHAB functions to the outside such as for example only those items you want to be visible to your Alexa.

I use the vpn which is available at my fritzbox… works pretty well.
Enabling the vpn on my iPhone and I am able to connect to the openhab dashboard via my bookmarked ip. It is the same like your are locally connected.

1 Like

myopenhab does more than just remote access:

  1. Allows you to send notification / push messages to mobile phones
  2. Allows you to connect to Alexa and Google devices that need trusted security certs.

If you don’t care about those two aspects then you can just setup either:

  1. Reverse proxy (redirects the traffic but your phone is still outside your network)
  2. VPN like either openVPN or the newer and faster Wireguard. You then show up as actually being on your home network. This is free and does not need you to buy a VPN service with a monthly fee which is similar but different.

I personally prefer option 2 with Wireguard as then if you want to do other things like internet banking on a free wifi service you get protection.

Of course you do also have the option of setting up your own myopenhab cloud, or you can choose to use a mixture of these.

Hi,

Thanks a lot for your answers, it’s a little bit more clear to me.
But what’s the difference between using a reverse proxy (that add authentication) and OH3 that already have authentication ( I’ve created one admin user and one simple user) ?

Thanks
Best regards.

A reverse proxy does more than just add authentication. The link I posted takes you to the relevant section in the openHAB docs which has a short explanation, or check the Wikipedia article.

One important thing that hasn’t been mentioned is that the authentication in OH only protects the admin features. It doesn’t protect everything. By default without the reverse proxy, users can access parts of your REST API (e.g. see, update, and command Items) without authentication. Your Main UI can be accessed. And so on.

It does not provide complete auth and auth.

I’ll also mention that most people do not have the technical expertise nor the time required to initially set up and continuously monitor a service like openHAB directly exposed to the Internet. As a rule of thumb, my approach is “if you have to ask you probably shouldn’t be taking on that risk in the first place.” The Internet is a dangerous place. There is evidence that openHAB has been included in the various attack bots that are out there on the internet constantly probing machines for weaknesses. Your machine will be attacked. Do you have the skills to know when it’s under attack, mitigate the attacks, and discover when an attack was successful?

2 Likes

Hello,

Thank you all for those information.
I will check which solution better fit my needs.