NOTE! This site uses cookies and similar technologies.

If you not change browser settings, you agree to it. Learn more

I understand
We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies from this website. If you would like to change your preferences you may do so by following the instructions <a href="http://www.aboutcookies.org/Default.aspx?page=1">here</a>

In openHAB BETA 2.0 there isn't any authentification or security feature implemented yet. So to protect it, I installed nginx and setup a reverse proxy with an authentication query before linking to the local openhab UI.

! Update: Meanwhile there was an openhab documentation added, which describes the setup: http://docs.openhab.org/configuration/nginx.html
Please disregard the solution below, as it may contain a few bugs. 

Basic structure

So here ist the basic concept of my structure in detail:

  • A DNS Server links a subdomain to the current IP of the Router. (not part of this article)
  • On the Router Port 443 (HTTPS) is forwarded through the Firewall to nginx (any Port, but chose 443 in my case as well) (not part of this article)
  • nginx queries the user to authenticate before linking him to the openhab on Port 8080 of the same machine (yes! This is what's this article is about)

Installing nginx

Install nginx with apt-get and these commands:

sudo apt-get update
sudo apt-get install nginx

Create certificate for encryption

To accept HTTPS request, it needs a new pair of a SSL-certificate and a corresponding private key. You can generate one yourself in the nginx folder by first changing into this directory and the creating the certificate by using openssl:

cd /etc/nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

Create user and password access with apache2-utils

In the same folder we will create a .htpasswd file where there will be a user and a hashed password will be stored.

This will be done by apache2-utils, which you install like this, if not installed yet:
sudo apt-get install apache2-utils

Then use this command, and replace <USERNAME> with a username of your choise. This will be followed by a password query.
sudo htpasswd -c /etc/nginx/.htpasswd <USERNAME>

Configure nginx

Create following file

sudo nano /etc/nginx/sites-enabled/default

With this content:

Test configuration

To test the configuration use following command. Errors will be shown with a description.

sudo nginx -t

Reload nginx

At the end, reload nginx. Now the new configuration will be used.

sudo service nginx reload

Sources

This configuration is created with the help of both of these articles: