openWB · benderl · Mar 4, 2026 · Oct 20, 2025 · Oct 24, 2025 · Oct 24, 2025
diff --git a/.htaccess b/.htaccess
@@ -7,4 +7,5 @@
 RedirectMatch 404 \.conf$
 RedirectMatch 404 \.ini$
 RedirectMatch 404 \.py$
+RedirectMatch 404 \.sh$
 ErrorDocument 404 /openWB/web/error.html
diff --git a/data/clients/.gitignore b/data/clients/.gitignore
@@ -0,0 +1 @@
+*.json
diff --git a/data/clients/.htaccess b/data/clients/.htaccess
@@ -0,0 +1,3 @@
+<Files "*.json">
+	Require all denied
+</Files>
diff --git a/data/config/apache/000-default.conf b/data/config/apache/000-default.conf
@@ -1,4 +1,4 @@
-# openwb-version:5
+# openwb-version:6
 <VirtualHost *:80>
 	# The ServerName directive sets the request scheme, hostname and port that
 	# the server uses to identify itself. This is used when creating
@@ -37,9 +37,9 @@
 	# after it has been globally disabled with "a2disconf".
 	#Include conf-available/serve-cgi-bin.conf
 
-	ProxyPass "/ws" "ws://localhost:9001"
-	# ToDo: remove the next line when main page is using vue.js
-	ProxyPass "/mqtt" "ws://localhost:9001"
+	# Proxy WebSocket and MQTT connections to Mosquitto
+	# ToDo: remove /mqtt target once all clients use /ws
+	ProxyPassMatch "^/(ws|mqtt)(/|$)" "ws://127.0.0.1:9003/"
 </VirtualHost>
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/data/config/apache/apache-openwb-ssl.conf b/data/config/apache/apache-openwb-ssl.conf
@@ -1,4 +1,4 @@
-# openwb-version:6
+# openwb-version:8
 <IfModule mod_ssl.c>
 	<VirtualHost _default_:443>
 		ServerAdmin webmaster@localhost
@@ -139,9 +139,10 @@
 		#		nokeepalive ssl-unclean-shutdown \
 		#		downgrade-1.0 force-response-1.0
 
-		ProxyPass "/ws" "ws://localhost:9001"
-		# ToDo: remove the next line when main page is using vue.js
-		ProxyPass "/mqtt" "ws://localhost:9001"
+		# Proxy WebSocket and MQTT connections to Mosquitto
+		# ToDo: remove /mqtt target once all clients use /ws
+		ProxyPassMatch "^/(ws|mqtt)(/|$)" "ws://127.0.0.1:9003/"
+
 	</VirtualHost>
 </IfModule>
 

diff --git a/data/config/apache/apache-redirect-ssl.conf b/data/config/apache/apache-redirect-ssl.conf
@@ -0,0 +1,29 @@
+# openwb-version:1
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	#CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# redirect all HTTP traffic to HTTPS
+	RewriteEngine On
+	RewriteCond %{HTTPS} off
+	RewriteRule ^/?(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/data/config/apache/localhost.conf b/data/config/apache/localhost.conf
@@ -0,0 +1,47 @@
+# openwb-version:2
+Listen 127.0.0.1:81
+
+<VirtualHost *:81>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	#CustomLog ${APACHE_LOG_DIR}/access.log combined
+	<Directory /var/www/>
+		AllowOverride All
+		Require all granted
+		Options -Indexes
+	</Directory>
+	<Directory /var/www/html/openWB/ramdisk>
+		Options +Indexes
+	</Directory>
+	<Directory /var/www/html/openWB/data/backup>
+		Options +Indexes
+	</Directory>
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+
+	# Proxy WebSocket and MQTT connections to Mosquitto
+	# ToDo: remove /mqtt target once all clients use /ws
+	ProxyPassMatch "^/(ws|mqtt)(/|$)" "ws://127.0.0.1:9003/"
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/data/config/display/lxdeautostart b/data/config/display/lxdeautostart
@@ -1,7 +1,7 @@
-# openwb-version:1
+# openwb-version:4
 # enable screen blanking / power management
 xset s 15
 # Start Chromium in kiosk mode
 sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' ~/.config/chromium/'Local State'
 sed -i 's/"exited_cleanly":false/"exited_cleanly":true/; s/"exit_type":"[^"]\+"/"exit_type":"Normal"/' ~/.config/chromium/Default/Preferences
-chromium --start-fullscreen --kiosk --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null  --password-store=basic --disable-pinch --overscroll-history-navigation=disabled --disable-features=TouchpadOverscrollHistoryNavigation http://localhost/openWB/web/display/
+chromium --start-fullscreen --kiosk --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null --password-store=basic --disable-pinch --overscroll-history-navigation=disabled --disable-features=TouchpadOverscrollHistoryNavigation --ignore-certificate-errors --allow-insecure-localhost http://127.0.0.1:81/openWB/web/display/
diff --git a/data/config/mosquitto/mosquitto_local.conf → ...nfig/mosquitto/local/mosquitto_local.conf b/data/config/mosquitto/mosquitto_local.conf → ...nfig/mosquitto/local/mosquitto_local.conf
@@ -5,8 +5,6 @@ persistence_location /var/lib/mosquitto_local/
 log_type error
 log_type warning
 log_dest file /var/log/mosquitto/mosquitto_local.log
-# timestamp format currently not supported in stretch or buster with mosquitto 1.5
-# only enable on bullseye and newer
 log_timestamp_format %Y-%m-%dT%H:%M:%S
 
 include_dir /etc/mosquitto/conf_local.d
diff --git a/data/config/mosquitto/mosquitto_local_init → ...nfig/mosquitto/local/mosquitto_local_init b/data/config/mosquitto/mosquitto_local_init → ...nfig/mosquitto/local/mosquitto_local_init
diff --git a/data/config/mosquitto/openwb_local.conf → .../config/mosquitto/local/openwb_local.conf b/data/config/mosquitto/openwb_local.conf → .../config/mosquitto/local/openwb_local.conf
diff --git a/data/config/mosquitto/mosquitto.conf b/data/config/mosquitto/mosquitto.conf
diff --git a/data/config/mosquitto/openwb.conf b/data/config/mosquitto/openwb.conf