-
-
Save OLibutzki/02e8b68e635f5a80cbb7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The only way I've been able to get openHAB behind an nginx proxy is by: | |
For debugging, I ran curl(1) against nginx: | |
$ curl -k 'https://192.168.1.130:9443/rest/sitemaps/jp?type=json' | |
{"name":"jp","link":"https://192.168.1.130:9443/rest/sitemaps/jp","homepage | |
The important thing to look out for here, is that ALL URIs returned are actually of scheme 'https'. | |
I was able to accomplish this by directing the outgoing nginx port to openHAB's TLS port; attempts to direct to openHAB's plain port (8080 by default) result in URLs with 'http' as scheme. | |
I'm binding openHAB to the loopback interface with a change in jetty.xml (see below); not required. | |
# openHAB2 | |
With openHAB2 it is possible to direct to openHAB's plain port. You just have to add the X-Forwarded-Scheme header to your reverse proxy configuration. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*** etc/jetty.xml.orig 2013-12-18 19:23:37.000000000 +0100 | |
--- etc/jetty.xml 2013-12-14 13:16:49.000000000 +0100 | |
*************** | |
*** 84,89 **** | |
--- 84,90 ---- | |
<Arg> | |
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> | |
<Set name="port"><Property name="jetty.port.ssl" /></Set> | |
+ <Set name="Host">127.0.0.1</Set> <!-- JPM: bind to loopback --> | |
<Set name="maxIdleTime">30000</Set> | |
<Set name="Acceptors">2</Set> | |
<Set name="AcceptQueueSize">100</Set> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 1; | |
error_log error.log debug; | |
pid nginx.pid; | |
# for debugging | |
daemon off; | |
events { | |
worker_connections 128; | |
} | |
http { | |
server { | |
listen 192.168.1.130:9443; | |
server_name 192.168.1.130; | |
ssl on; | |
ssl_certificate server.crt; | |
ssl_certificate_key server.key; | |
ssl_session_cache shared:SSL:10m; | |
location / { | |
# Convert inbound WAN requests for https:// to | |
# LAN requests for https://..:8443 for openHAB | |
proxy_pass https://127.0.0.1:8443/; | |
proxy_set_header Host $host:$server_port; | |
# openHAB2 | |
proxy_set_header X-Forwarded-Scheme $scheme; | |
# FIXME: keepalive needs tuning (e.g. HABdroid & openHAB/iOS don't see eachothers switches move) | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. keepalives | |
2. logging | |
3. auth |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment