Connect to REST API via HTTPS #82
Comments
|
I had trouble too. After vs code restart they where gone. |
|
@lsiepel I restarted several times and tried different settings, so I think this does not help. What access.log are you talking about? Something from openhab or VS code? I will take a look at it if you tell me where to find it. |
|
@kubawolanin With this copy I still get an error message but a more interesting one: This is true, I am using the certificate generated by openhab. This is just fine for me though. Can I somehow tell the extension to ignore this? |
|
@OliverHi did you try those steps described in the official VSCode docs? I have no experience with self signed certificates so can't help much. |
|
@kubawolanin I am not really sure what to do. I tried importing the certificate in windows but that did not help. I also tried to start VSCode with the --ignore-certificate-errors argument from the command line but that did not change anything. Is there something I overlooked? |
|
@kubawolanin I have installed the extension you've linked in your comment. For me it works now. I have a valid certificate from lets encrypt. My configuration is: just with another domain. |
|
I am running vscode-openhab 0.4.0 and try to connect to the REST API via https. I use an Let's Encrypt certificate for that domain. The OH ports are behind an NGINX proxy running on a separate host. When trying to open the OH menu on the left VS Code throws:
My VS Code extension settings: Connecting to https://openhab.domain.nl/rest via the browser gives: Apparently @rbi was successful with version 0.3.5 of the extension, but with the current version it does not work for me. |
|
Hey @justClouds -> did you try it with the 0.3.5 version already? |
|
Sorry, little busy. Will test asap. |
|
0.4.1 extension REST API not working via HTTPS. |
|
Could you please share a scren of your broser and your openhab host and port settings just to double check the config? |
my fault. Is there any way to use https with domain name with auth, deny access to OH via LAN (only with proxy) and use LSP? |
Not sure about this, since the language server uses a different port. With this setup and a working rest connection over https this should be possible. |
|
You can not access the LSP server from outside or over http/https protocol. The LSP uses its own port and protocol and is not tunelled through http(s) or openhab remote service. So the only way to access openhab lsp is to connect to it directly through local network. Or if you have a VPN that behaves like a local network. |
That's why i wrote this. |
|
This is seriously a bummer when heavily working with textual configuration files. Without the access to the REST API I could even work native with any text editor. [Update] I'm not that inside this JavaScript world (I luckily where able to refuse that part in my life), so I cannot give a better alternative. However, it seems to me this library is pretty much dead (no updates since years, pretty much like QueryDSL in my Java world). Maybe the maintainer of this extensions could review another one? |
|
Exactly as I thought: node.js is the culprit (as always). This framework from hell has problems with certificate chains, more exactly with certificate being signed with an intermediate certificate from the orginal CA. That's quiet usual and sometimes lead to problems in the past. However, Node.js seem to be quiet picky about those chains. Even though I imported the intermediate cert into my operating systems trusted chain, it's claiming to be unable to verify the first certificate. Solution: Create a chained certificate like mentioned here in the NGINX documentation: http://nginx.org/en/docs/http/configuring_https_servers.html Take care to use the correct order when merging together all certificates. Additionally, when using "cat" under Linux or Mac double check to have separated boths certs with a 'newline' character. |
|
If you access your openhab installation from local network why bother using ssl anyway for local development? |
|
@SamuelBrucksch Seriously? No I will not answer or discuss your question here. Only so much: Why 2019 still offering unencrypted traffic in the first place? I explained the problem, found the culprit and presented a solution. Issue closed. |
|
This is normally used for local development. I understand you want to use https when you expose openhab to the internet. But on local network there really is no need to use https. |
|
@SamuelBrucksch As I said, this is one perspective. But not mine as it is exactly this perspective leading to those massive security exploits inside our "smarter home" walls. Just one culprit inside the network is enough. Do you seriously claim you know what processes are running one your smart phone, tablet, computer, NAS, TV, .... I don't. |
|
Thats a reason i can understand. If you comment issues here you should explain more in details your reasons as noone can read your mind and knows whats going on. If you are just bashing node and node modules and this extension noone will be serious about helping you. Which node versions are affected by the certificate problems? They also work on solving issues, so maybe in a newer node version this problem does not exist anymore. If it still exists why not open an issue at node github? If you can give me a step by step instruction on how to run into this problem i might give it a shot and try to investigate if there are workarounds. BTW any programming language has their pros and cons, so just because you dont like node it doesnt have to be bad. |
|
Well, I tested every version (running locally within RunKit and even directly) and it seems this one sits deep with their "request" library. I found some related issues on Github, but they're every open since years or closed after a long discussion without giving any explanation. (That's why I personally ditch NodeJS). |
|
@wwebers Yes I would also suggest documenting this somewhere! I ran into that issue too: OpenHAB SSL in Internet Explorer and Firefox were running perfectly, but Visual Studio Code Extension still complained: "Error while connecting to openHAB REST API, unable to verify the first certificate" An easier way to get certificate chain (especially when there are more certificates in between): Open page in Firefox and show certificates of this page. You can see all certificates in that chain, Firefox collects them automatically. Click "Download: PEM (chain)" and voilà you get the full chain to set for your server. This one worked for me, thanks for your comment! |
|
Hey @stefan-muc, Thank you for your valuable input. There is a docs folder in this repository and a Usage.md file where the information could last. |
|
@Confectrician Yeah, I did a proposal, see pull request. I hope it's not too long, but I'd rather like to go into detail than to write something that can't be understood. I'm sorry, I don't know what's wrong with my signed-off line, there's an automatic check complaining about it, despite I added one as required in contributing.md |
My openhab instance is running on a raspberry pi and shares its config files via samba. On another windows pc in the network I have installed VS Code with openhab addon. I am getting a "Error while connecting to openHAB REST API." error though.
I think my problem is that openhab is only reachable over https on a special port.
https://192.168.2.xxx:8444/rest is working and returning some text. So I added
to my config but the error remains. I also tried it with https://dns-name but no luck either.
Expected behavior for this would be to either just connect with the https in the host string or another setting to enable https
The text was updated successfully, but these errors were encountered: