OH3 zarządzanie uży...
 
Powiadomienia
Wyczyść wszystko

openHAB OH3 zarządzanie użytkownikami przez odwrotne proxy

slawek_sp1
(@slawek_sp1)
Młodzik

Witam.

Próbuje wdrożyć na openhab 3 zarządzanie wieloma użytkownikami przez nginx. Doszedłem do punktu gdzie przez przeglądarkę mogę logować się różnymi loginami uzyskując dostęp do różnych sitemaps. Problem polega na tym że nie działa to w aplikacji na androida. Nie wiem gdzie umieścić plik filter.cgi? Link do orginalnego tematu:

https://community.openhab.org/t/detailed-access-control-and-user-management-by-reverse-proxy-it-works/66450/3

Moja konfiguracja:

server {
listen 80;
server_name 192.168.1.99;
return 301  https://$server_name$request_uri; 
}

server {
listen 443 ssl;
server_name 192.168.1.99;

add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;

ssl_certificate /etc/letsencrypt/live/xxxxxxxxxx.xx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.xx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

access_log /var/log/nginx/oh_ssl.access.log;
error_log /var/log/nginx/oh_ssl.error.log;

auth_basic "Sitemap";
auth_basic_user_file /etc/nginx/ohpass;

# Disable unwanted UIs
location ~ /(habpanel|classicui|paperui|doc|habmin) {
return 403;
}

# Redirect to expected UIs (need to do it in two steps to process auth_basic before the return 302
# authentified user is then used as the sitemap name
location = / {
try_files DUMMY @return302;
}
location @return302 {
return 302 /basicui/app?sitemap=$remote_user;
}

# User management at sitemap level -> strip openhab json file through filter script (see below)
location = /rest/sitemaps {
proxy_set_header X-Forwarded-Host $http_host;
proxy_pass  http://127.0.0.1/cgi-bin/filter?user=$remote_user; 
}

# Proxying the request to OpenHab
location / {

# Double test to limit access to the right UI and the right sitemap
if ($uri = "/basicui/app") {
set $test "${test}A";
}
if ($arg_sitemap != $remote_user) {
set $test "${test}B";
}
if ($remote_user = "master") {
set $test "";
}
if ($test = AB) {
return 403;
}

# Proxying the request
proxy_pass  http://localhost:8080/; 

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization "";

proxy_http_version 1.1;
#proxy_set_header Connection "";

client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

# OpenHab authentication (base64 of user:password)
#proxy_set_header Authorization "Basic ZWxzYTpteWVsc2FwcHAK";

proxy_intercept_errors on;
}
}

Próbował ktoś już może ogarnąć ten temat. Ten z linku jest na OH2.

Pozdrawiam.

 

Cytuj
Autor tematu Dodane : 25/03/2021 6:55 pm
Udostępnij: