mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 (edited) Hello Friends, I'm just starting with my first UnRAID intel based home server, and I would like to install OpenHAB 3.2.0 on it to replace my current OpenHAB 3.2.0 system running on a Raspberry Pi 4. Using UnRAID's community apps, I was able to install the OpenHAB docker app. Since I understood UnRAID is using ports 8080 and 443 for its internal functions, I added to the OpenHAB docker template two ports: HTTP: 8686 and HTTPS: 446 I also made a small change to the docker template path locations from: Host Path 2: /mnt/user/appdata/openhab2/conf/ => /mnt/user/appdata/openhab/conf/ (removing the "2" from "openhab2") and Host Path 3: /mnt/user/appdata/openhab2/userdata/ => /mnt/user/appdata/openhab/userdata/ (removing the "2" from "openhab2") The docker app installation finished successfully and I was able to run the following command to open the terminal client: docker exec -it openHAB /openhab/runtime/bin/client I might be missing something, but how do I log into OpenHAB's MainUI web application? I tried browsing to the address: http://[MyServer IP]:8686, and I also tried http://localhost:8686, but neither options worked and I was not able to lopen the web MainUI. Am I doing something wrong? Edited March 8, 2022 by mjeshurun Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 (edited) Hello, You don't have to modify the templates. What is the network configuration of the apps? If you are using Host, that mean it will use the same ip as the unraid system (which I use). Then, what you need to do. Under "HTTP Port" and "HTTPS Port", you input the port that you want to listen to. This port will be the port used to access the server. Docker itself listen on a port, but this is the "port forward" mapping from docker and your real NIC. This way, the service can listen to 8080, but you can open this port to 8888 from outside request. You'll have the LSP port and SSH Port too to modify if needed. Another thing you can do, if you want (like me) to have a matching port from the docker and outside, is add this to you extra parameters: -e OPENHAB_HTTP_PORT=8888 -e OPENHAB_HTTPS_PORT=8443 This command will tell openhab in the docker to listen to another port. If you do that, you must delete the ports in the template page and recreate them (because they expecte to listen on the default port). If you add port to the docker configuration, don't forget there's a host port (port the service inside docker listen) and a value (the port used to access from the outside). It's a good practice to have the same port on each side but it's not required (and not always possible). So if you use the -e command, you must change the host port value to the one you input. Else, you just change the value port and keep the host port the default the service listen to As for the host path, this is 100% to your installation, it's simply to where data is saved. This template is probably from a openhab2 installation and it wasn't changed during the update process. hope that help? Edited March 8, 2022 by Nodiaque 1 Quote Link to comment
mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 7 minutes ago, Nodiaque said: Hello, You don't have to modify the templates. What is the network configuration of the apps? If you are using Host, that mean it will use the same ip as the unraid system (which I use). Then, what you need to do. Under "HTTP Port" and "HTTPS Port", you input the port that you want to listen to. This port will be the port used to access the server. Docker itself listen on a port, but this is the "port forward" mapping from docker and your real NIC. This way, the service can listen to 8080, but you can open this port to 8888 from outside request. You'll have the LSP port and SSH Port too to modify if needed. Another thing you can do, if you want (like me) to have a matching port from the docker and outside, is add this to you extra parameters: -e OPENHAB_HTTP_PORT=8888 -e OPENHAB_HTTPS_PORT=8443 This command will tell openhab in the docker to listen to another port. If you do that, you must delete the ports in the template page and recreate them (because they expecte to listen on the default port). If you add port to the docker configuration, don't forget there's a host port (port the service inside docker listen) and a value (the port used to access from the outside). It's a good practice to have the same port on each side but it's not required (and not always possible). So if you use the -e command, you must change the host port value to the one you input. Else, you just change the value port and keep the host port the default the service listen to As for the host path, this is 100% to your installation, it's simply to where data is saved. This template is probably from a openhab2 installation and it wasn't changed during the update process. hope that help? Thank you so much for the detailed answer, @Nodiaque!! 🙏🙏 I will read it thoroughly and try to follow your tips. Your explanation about ports made me think of another question. For security reasons, I would like to limit the amount of open ports on my router and server. Is it possible to configure the OpenHAB docker app to run along with Nginx reverse proxy? Quote Link to comment
mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 26 minutes ago, Nodiaque said: You don't have to modify the templates. What is the network configuration of the apps? If you are using Host, that mean it will use the same ip as the unraid system (which I use). Changing the docker app configuratin to host now brings up the web ui on port 8080 28 minutes ago, Nodiaque said: Under "HTTP Port" and "HTTPS Port", you input the port that you want to listen to. This port will be the port used to access the server. Docker itself listen on a port, but this is the "port forward" mapping from docker and your real NIC. This way, the service can listen to 8080, but you can open this port to 8888 from outside request. You'll have the LSP port and SSH Port too to modify if needed. Another thing you can do, if you want (like me) to have a matching port from the docker and outside, is add this to you extra parameters: -e OPENHAB_HTTP_PORT=8888 -e OPENHAB_HTTPS_PORT=8443 This command will tell openhab in the docker to listen to another port. If you do that, you must delete the ports in the template page and recreate them (because they expecte to listen on the default port). This part of the explanation I didn't understand. Where do I change the ports numbers? And where should I run the command you mentioned? -e OPENHAB_HTTP_PORT=8888 -e OPENHAB_HTTPS_PORT=8443 Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 the -e openha.... is extra parameter When you do that, you change what the service is listing from. But then, on docker template, you must add new port forwarding for these port because the default one have another port on the host side. So delete http port already there And create new one 1 by 1 As for the reverse proxy, you can install SWAG that already have everything setup for reverse proxy. But openhab shouldn't be open on the outside. for this, either use a VPN or openhab cloud, which is free (that's what I use, this way, nothing open). 1 Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 (edited) I forgot. You must also change this value to your http value: Else, when you click on webui in unraid, it'll direct you to whatever the value is there by default, which is 8080 I think. I do run openhab as host, I simply run it on other port like you can see. In fact, port 9999 used to be the default port, they changed it somewhere in version 2.5 I think. Running it as host also make it available for network scan and other stuff like that. Technically, when you run as host, you don't need to define the port redirection like I did because all port are mapped automatically. I prefer having them specified anyway, this way, when you create other docker for other service, you can check all port already assigned under show docker allocation Edited March 8, 2022 by Nodiaque 1 Quote Link to comment
mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 14 minutes ago, Nodiaque said: the -e openha.... is extra parameter Amazing! Your explanation was perfect. I was able to change the ports 🙏 28 minutes ago, Nodiaque said: As for the reverse proxy, you can install SWAG that already have everything setup for reverse proxy. But openhab shouldn't be open on the outside. for this, either use a VPN or openhab cloud, which is free (that's what I use, this way, nothing open). I have swag installed, and would like to set it up for OpenHAB to limit the open ports, but since you mention OpenHAB should not be open to the outside, is there any value to running OpenHAB behind the reverse proxy? If I'm not opening the app to the outside, what should I write in the openhab.subdomain.conf for 'server_name'? Should I write the local IP of the UnRAID server? Should I change anything else in the .conf file? Quote Link to comment
mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 I'm not sure the extra parameters I added actually did anything. UnRAID is showing OpenHAB as using ports: 5007, 8080, 8101, 8443. Instead of showing the port numbers I defined in the extra parameters 🤔 Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 6 minutes ago, mjeshurun said: I'm not sure the extra parameters I added actually did anything. UnRAID is showing OpenHAB as using ports: 5007, 8080, 8101, 8443. Instead of showing the port numbers I defined in the extra parameters 🤔 I must say, looking at my openhab right now, unraid does show same thing and same in docker allocation. I think these value are read only when it's not host, cause I'm really listening on 9999 But in reality, if I do docker ps, there's no port since it's host based: and If I go to port 8080, that's my qbitorrent client. I just tried switching from host to bridge network and now I got the right ports Then I reverted to host and docker allocation came back to 8080. I think it's something in the template that make it think it's that, while it isn't. At least if you do a docker ps, you'll see it's not using those port. Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 (edited) 23 minutes ago, mjeshurun said: Amazing! Your explanation was perfect. I was able to change the ports 🙏 I have swag installed, and would like to set it up for OpenHAB to limit the open ports, but since you mention OpenHAB should not be open to the outside, is there any value to running OpenHAB behind the reverse proxy? If I'm not opening the app to the outside, what should I write in the openhab.subdomain.conf for 'server_name'? Should I write the local IP of the UnRAID server? Should I change anything else in the .conf file? For me reverse proxy, I don't see the need on my end. For real security, openhab should reside on an isolated network with any iot stuff, but even I don't have that. If you really want it (which is for transparent ssl connection but you still require a valid cert installed in openhab if you want to directly connect to the ssl port with the apps), all you have to do in either the subdomain.conf or folder.conf is to change server_name for the docker name of your openhab container. That's the only thing you need and I think restart swag after Edited March 8, 2022 by Nodiaque Quote Link to comment
Nodiaque Posted March 8, 2022 Share Posted March 8, 2022 There's some other extra param you might want to add -e CRYPTO_POLICY=unlimited (this is for a bug I don't remember) -e "EXTRA_JAVA_OPTS=-Duser.timezone=America/Montreal (this set your timezone in java, not needed but I like having everything set) -Dlog4j2.formatMsgNoLookups=true" (this is for the log4j exploit, I'm unsure if the current version is fixed but that's the fix in the meantime) Quote Link to comment
mjeshurun Posted March 8, 2022 Share Posted March 8, 2022 6 minutes ago, Nodiaque said: There's some other extra param you might want to add -e CRYPTO_POLICY=unlimited (this is for a bug I don't remember) -e "EXTRA_JAVA_OPTS=-Duser.timezone=America/Montreal (this set your timezone in java, not needed but I like having everything set) -Dlog4j2.formatMsgNoLookups=true" (this is for the log4j exploit, I'm unsure if the current version is fixed but that's the fix in the meantime) Thank you so much! I will follow your tips tomorrow and report back Quote Link to comment
mjeshurun Posted March 9, 2022 Share Posted March 9, 2022 (edited) 20 hours ago, Nodiaque said: If you really want it (which is for transparent ssl connection but you still require a valid cert installed in openhab if you want to directly connect to the ssl port with the apps), all you have to do in either the subdomain.conf or folder.conf is to change server_name for the docker name of your openhab container. That's the only thing you need and I think restart swag after Hi @Nodiaque, I tried to follow your suggestion, but I don't think it worked. I tried to define server_name by the name of the openhab docker container, and I also tried defining server_name by my UnRAID server local IP. I think neither options worked, because I don't see a lock icon for the URL in the browser search bar. Which means the connection is not secure. Edited March 9, 2022 by mjeshurun Quote Link to comment
Nodiaque Posted March 9, 2022 Share Posted March 9, 2022 To have a secure connection, you must use the ssl port. Also, your router need to allow loopback connection which sometime doesn't work. Try from a cellphone on lte network instead of wifi, that's how I tested it. Also, certificate from let's encrypt doesn't work from IP, they work for dns name. You must configured swag to get a certificate for your dns name like dyndns, duckdns and other. Quote Link to comment
mjeshurun Posted March 9, 2022 Share Posted March 9, 2022 2 hours ago, Nodiaque said: To have a secure connection, you must use the ssl port. I tried. Unfortunately, it doesnt open properly. However, when I try the http port, OpenHAB's MainUI opens ok. 2 hours ago, Nodiaque said: Also, certificate from let's encrypt doesn't work from IP, they work for dns name. You must configured swag to get a certificate for your dns name like dyndns, duckdns and other. I installed UnRAID Cloudflare-DDNS and created a CNAME on Cloudflare to automatically update my external dynamic IP given by my ISP. I then configured the swag's docker app proxy-conf file for openhab.subfolder.conf with the DDNS CNAME address I created on Cloudflare. Is this what you meant I should do? Quote Link to comment
knex666 Posted March 9, 2022 Author Share Posted March 9, 2022 13 minutes ago, mjeshurun said: I tried. Unfortunately, it doesnt open properly. I installed UnRAID Cloudflare-DDNS and created a CNAME on Cloudflare to automatically update my external dynamic IP given by my ISP. I then configured the swag's docker app proxy-conf file for openhab.subfolder.conf with the DDNS CNAME address I created on Cloudflare. Is this what you meant I should do? Hi, I am using openHAB Cloud Connect, is there any reason not to do this and explore it directly? From my point of view its much more secure to use a relay. If you want to use it with https than you should just proxy pass it in your swag or nginx proxy manager. Cheers 1 Quote Link to comment
mjeshurun Posted March 9, 2022 Share Posted March 9, 2022 2 hours ago, knex666 said: Hi, I am using openHAB Cloud Connect, is there any reason not to do this and explore it directly? From my point of view its much more secure to use a relay. If you want to use it with https than you should just proxy pass it in your swag or nginx proxy manager. Cheers HI @knex666, thank you for your message 🙏 My aim is to expose OpenHAB to the outside world using OpenHABCloud, but I would like to run the docker app in conjunction with a reverse proxy (swag) to limit the number of open ports on my router, and to secure all communications with https. Quote Link to comment
Nodiaque Posted March 9, 2022 Share Posted March 9, 2022 You don't have to open any port for openhab cloud. In fact, there's no port needed at all. That's why it's all app services. So not even need reverse proxy to secure it, there's nothing to open. Quote Link to comment
mjeshurun Posted March 10, 2022 Share Posted March 10, 2022 48 minutes ago, Nodiaque said: You don't have to open any port for openhab cloud. In fact, there's no port needed at all. That's why it's all app services. So not even need reverse proxy to secure it, there's nothing to open. In that case, what is the benefit of using OpenHAB behind a reverse proxy? I understand people are doing it. are there no pro's for using openhab behind a reverse proxy? Quote Link to comment
Nodiaque Posted March 10, 2022 Share Posted March 10, 2022 I don't know why people are using it behind a reverse proxy. Reverse proxy doesn't give any security unless you implement security either at the app level or at the reverse proxy like some kind of authentication. This VS opening the web port to the web, I don't see the difference. Reverse proxy here is more for easier management of ssl cert since you don't need to publish the cert to all app swag does it by itself. Thing is, this is true only if no app directly connect to it (like the android app unless it support reverse proxy). I don't use reverse proxy at all for anything, everything is closed from the internet and use webservice that doesn't expose anything. The exception being my emby server, where while it does work behind the proxy when using the web browser, it doesn't work from apps thus require my ports to be open for it. Quote Link to comment
mjeshurun Posted March 30, 2022 Share Posted March 30, 2022 Hello Friends, I have two questions regarding the OpenHAB docker container, and I hope someone can assist. 1. how do we create backups files using the OpenHAB docker container? 2. after each UnRAID reboot, the Homekit binding shows my devices in the iOS Home app as unavailable. To fix this, I need to enable/disable the 'Use openHAB mDNS service' option inside the Homekit Integration settings, and then the Home app will refresh and properly show the devices. Is there a known fix for this issue? Quote Link to comment
Nodiaque Posted March 30, 2022 Share Posted March 30, 2022 Hello, For #1, I use ca backup plugin. You can configure it to make backup of the vms and docker. For #2, I cannot say since I don't use homekit. You might have more help in openhab forum. 1 Quote Link to comment
mjeshurun Posted March 30, 2022 Share Posted March 30, 2022 Just now, Nodiaque said: Hello, For #1, I use ca backup plugin. You can configure it to make backup of the vms and docker. For #2, I cannot say since I don't use homekit. You might have more help in openhab forum. Thank you very much. Regarding 1. is it not possible to use OpenHAB's builtin backup/restore system with the docker configuration? Quote Link to comment
Nodiaque Posted March 30, 2022 Share Posted March 30, 2022 (edited) I never used it, but I don't see why not. You should have mounted each data folder path thus the backup should be saved in that destination. I just don't bother because it's easier to restore a unraid backup then booting a new vm and restoring data into it edit: I also don't recall openhab doing backup automatically except when doing an upgrade. With the plugin, you can backup all of your docker on a schedule, you can even turn them on/off. Edited March 30, 2022 by Nodiaque Quote Link to comment
mjeshurun Posted August 15, 2022 Share Posted August 15, 2022 (edited) Hello Friends, After rebooting my unraid server today, OpenHAB 3.3.0 (installed with the docker app) no longer recognizes my zwave and zigbee controller dongles that are connected using USB. This means all my zwave and zigbee Things are showing an Error: Bridge message. I tried to reboot the unraid server again, thus also restarting OpenHAB, but that didn't fix the issue. Does anyone know how to fix this? Edited August 15, 2022 by mjeshurun Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.