Securing openHAB with HTTPS: Need Help

Integrations
, , ,
1

My goal is to secure the openHAB site on my emonPi with HTTPS such that when I log in remotely my password is not sent in the clear.

My configuration: my emonHub runs the November 2016 emonPi SD image. It is connected to my home router via ethernet, and is assigned a static IP. I use port-forwarding in my router to forward traffic on ports 80, 443, 883, 8080, and 8443 to those same ports on my emonHub. I own a domain name, and I use AWS Route 53 to forward requests for “home.mydomainname.com” to the IP I’m assigned by my service provider.

I used CertBot from Let’s Encrypt successfully on the emonHub. Now when I browse to https://home.mydomain.com/ I get forwarded to https://home.mydomain.com/emoncms and I see the “Secure” indicator in my browser.

Now I’d like to get the same thing working for my openHAB instance on that emonHub. I’ve tried browsing to https://home.mydomain.com:8443, but I don’t get any response and the connection times out.

I’ve read a number of articles that are beyond my knowledge of Apache/NGIX, but it seems like I’m pretty close, and that if I could do some kind of virtual host, or redirection, the connection to openHAB could be secured with the certificate I now already have in place. Can anyone help get me there? Thanks!

2

I was able to get https working with openHAB today.

I saw the following quote here: Security · openhab/openhab1-addons Wiki · GitHub

openHAB supports HTTPS out of the box. Just point your browser to

https://127.0.0.1:8443/openhab.app?sitemap=demo#

So I started checking to see if port 8443 was open everywhere in my setup. It turns out the the port is not open on the emonSD image. I did the following to open it, but it might be worth doing so on future emonSD image versions.

$ rpi-rw
$ sudo ufw allow 8443/tcp

Now openHab is available encrypted over HTTPS, so I am happy. It would be even more cool if there were an easy way to get my certificate from Let’s Encrypt to replace the default (untrusted) one from openhab.org, but I tried it, and it is not what I would consider easy. If anyone wants to write a script similar to this one, but made for emonPi, that would be awesome: openhab-letsencrypt.md · GitHub.