Securing an openHAB server on a Raspberry Pi without the cloud - nginx configuration?

Hi, can anyone tell me how I can secure a raspberrypi pi based openhab server so that when connecting from the outside a password is required without using the cloud.

The configuration of the raspberry pi 3 on it placed openhab`ian.



Is it possible to do it on nginx ? if yes how to configure it correctly I added it from openhabian-config level but nothing happens i.e. it does not ask for login and password.

For a quick and not-so-secure solution, you can put an .htpassword file generated, for example, from here, into the directory with openHAB (where the website starts): http://www.htaccesstools.com/htpasswd-generator/

Ultimately make yourself an SSL certificate (at Let’s Encrypt it is free) and connect via SSL (just change the port from the default 443 to some other).

I did as you wrote but no change

As I understand it on http doesn't work either? Here's a detailed description of how to do it in nginx: https://www.digitalocean.com/community/tutori...ord-authentication-with-nginx-on-ubuntu-14-04

I have a configuration that is created automatically

#################################
# openHABian NGINX Confiuration #
#################################

## Redirection
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}

## Reverse Proxy to openHAB
server {
# listen 80;
listen 443 ssl;
server_name localhost;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;

# Cross-Origin Resource Sharing.
add_header 'Access-Control-Allow-Origin' 'http://localhost:8080/rest';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

## Secure Certificate Locations
# ssl_certificate /etc/ssl/certs/openhab.crt;
# ssl_certificate_key /etc/ssl/certs/openhab.key;

location / {
proxy_pass localhost/;
# proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

## Password Protection
# auth_basic "Username and Password Required";
# auth_basic_user_file /etc/nginx/.htpasswd;
}

## Let's Encrypt webroot location
# location /.well-known/acme-challenge/ {
# root /var/www/localhost;
# }
}

# vim: filetype=conf


and now yes openhab is running on port 8090 is redirected externally to port e.g.: 3030
raspberry address let's say 192.168.0.5

and the external address let's say 26.25.26.309 how to enter it correctly in this configuration

From what I understand now nginx runs on port 80 and does not serve OpenHab (which runs on port 8090). So you are not connecting to this nginx at all - at first I understood that you had configured this.

Why don't you just use Google? Here it says exactly what you can and cannot do: https://www.openhab.org/docs/installation/security.html

After entering the sudo nginx - t command in the console, it returns a message that it works
But when I type the IP address of the raspberry, it does not display any page and the address bar shows localhost