After reboot couldn't connect to the GUI / how to listen on a specific interface?

ebalcsk · March 4, 2021, 8:42am

Hello

After reboot i am not able to connect to the GUI.
Actually It's looks like running:

# service uhttpd status
running

After restart everything go back to normal and connection is possible.

# service uhttpd restart

From the config file:

config uhttpd 'main'
        #list listen_http '0.0.0.0:80'
        #list listen_http '[::]:80'
        list listen_https '192.168.50.1:5000'
        list listen_https '[::]:5000'
        #option redirect_https '0'
        option home '/www'
        option rfc1918_filter '1'
        option max_requests '3'
        option max_connections '100'
        option cert '/etc/uhttpd.crt'
        option key '/etc/uhttpd.key'
        option cgi_prefix '/cgi-bin'
        list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
        option script_timeout '60'
        option network_timeout '30'
        option http_keepalive '20'
        option tcp_keepalive '1'
        option ubus_prefix '/ubus'

config cert 'defaults'
        option days '730'
        option key_type 'ec'
        option bits '2048'
        option ec_curve 'P-256'
        option country 'ZZ'
        option state 'Somewhere'
        option location 'Unknown'
        option commonname 'OpenWrt'

Identified the following line: list listen_https '192.168.50.1:5000'

If i change to list listen_https '0.0.0.0:5000' connection possible

I wonder how to define a specific address to the GUI to listen on?

Thank you

frollic · March 4, 2021, 8:56am

0.0.0.0 are all interfaces/IPs of the router.

is the routers IP 192.168.50.1 ? if not, that line's useless.

if you want to allow only one IP to connect, it has to be managed through a rule.
the uhttpd config defines what interfaces to listen to, now whom to allow to connect.

ebalcsk · March 4, 2021, 8:57am

Actually if i uncomment IPV6 address also working

config uhttpd 'main'
        #list listen_http '0.0.0.0:80'
        #list listen_http '[::]:80'
        list listen_https '192.168.50.1:5000'
        #list listen_https '[::]:5000'

i really not need ipv6 address so this is good for me solution, but i curious what went wrong? It is strange.

ebalcsk · March 4, 2021, 8:58am

yes one of the router if ip is 192.168.50.1. I do not want to let to connect every ip on the router that why not use 0.0.0.0

frollic · March 4, 2021, 9:00am

that's not how it works.

0.0.0.0 will be all interfaces in the router, 192.168.50.1 will be one interface, but still all users/IPs on that net.
access control isn't done here.

ebalcsk · March 4, 2021, 9:04am

I think generally it is bad piactise to limiten on all IP.

frollic · March 4, 2021, 9:14am

Well,

it's on the LAN side, one could consider it being a controlled environment.

trendy · March 4, 2021, 11:38am

system · March 14, 2021, 11:38am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.