In openHAB BETA 2.0 there isn't any authentification or security feature implemented yet. So to protect it, I installed nginx and setup a reverse proxy with an authentication query before linking to the local openhab UI.
! Update: Meanwhile there was an openhab documentation added, which describes the setup: http://docs.openhab.org/configuration/nginx.html
Please disregard the solution below, as it may contain a few bugs.
So here ist the basic concept of my structure in detail:
- A DNS Server links a subdomain to the current IP of the Router. (not part of this article)
- On the Router Port 443 (HTTPS) is forwarded through the Firewall to nginx (any Port, but chose 443 in my case as well) (not part of this article)
- nginx queries the user to authenticate before linking him to the openhab on Port 8080 of the same machine (yes! This is what's this article is about)
Install nginx with apt-get and these commands:
sudo apt-get update
sudo apt-get install nginx
Create certificate for encryption
To accept HTTPS request, it needs a new pair of a SSL-certificate and a corresponding private key. You can generate one yourself in the nginx folder by first changing into this directory and the creating the certificate by using openssl:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
Create user and password access with apache2-utils
In the same folder we will create a .htpasswd file where there will be a user and a hashed password will be stored.
This will be done by apache2-utils, which you install like this, if not installed yet:
sudo apt-get install apache2-utils
Then use this command, and replace <USERNAME> with a username of your choise. This will be followed by a password query.
sudo htpasswd -c /etc/nginx/.htpasswd <USERNAME>
Create following file
sudo nano /etc/nginx/sites-enabled/default
With this content:
To test the configuration use following command. Errors will be shown with a description.
sudo nginx -t
At the end, reload nginx. Now the new configuration will be used.
sudo service nginx reload
This configuration is created with the help of both of these articles: