I am using the 18.06 lede on the buffalo G300NH router. Currently I access the web admin using port 80 (192.168.1.1). But since I need to change the port from 80 to another port (I use port 80 for another service - web for example). Please guide the implementation steps help me. (ssh or web GUI)
Thank you.
ps: sorry i'm not good at english
Xài ssh tool như WinSCP rồi login vào. Tới /etc/config/uhttpd rồi chỉnh trong khung màu đỏ là được 
Chỉnh xong xài PuTTY (SSH) chạy lệnh /etc/init.d/uhttpd restart hoặc reboot router đều được.
3 Likes
Are you a member of vozforums?
English please, so everybody around the world can take part in the discussion without the need for using google translate.
@nguyenquocnam The WebUI [LuCI] should never be accessed over HTTP [80], as that sends the root password as plain text.
- If a webpage requires a password, it should always be accessed via HTTPS [443], without exception.
While the luci-ssl and luci-ssl-openssl pacakges will auto-generate a self-signed certificate, this is also not a secure means, opening the user to a MITM attack [while the liklihood is low on a LAN, the fact remains this is a known exploit that can occur due to having no chain of trust]
- The OpenSSL Certificates wiki can be utilized to create a self-signed CA and a properly digitally signed certificate
/etc/config/uhttpd, for HTTPS, should resemble
#
##::[[--- OpenWrt uHTTPd Config ---]]::##
#===================================================
##----- Servers -----##
#===================================================
# Main #
#---------------------------------------------------
config uhttpd 'main'
list listen_http '192.168.1.1:80'
list listen_https '192.168.1.1:443'
option redirect_https '1'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/ssl/certs/wrt1900acs-uhttpd.crt'
option key '/etc/ssl/private/wrt1900acs-uhttpd.key'
option cgi_prefix '/cgi-bin'
option lua_prefix '/luci'
option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua'
option ubus_prefix '/ubus'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
1 Like
Thanks for pointing this out.
While the risk is low on a LAN, that risk factor depends greatly on who accesses the LAN.
- If you're the only one that ever accesses the LAN, the risk is near non-existent, however if there's multiple users, that risk increases.
Regardless, I believe in doing things the correct way the first time around, especially when modifying the /etc/init.d/uhttpd script to create a self-signed CA, using that CA to digitally sign a cert, is quite simple to do; yet for reasons that escape me, OpenWrt devs have never seen fit to make that change.
- I don't know of any other WebAdmin that allows usage of a self-signed cert, due to the fact it's not secure... and considering it's quite easy to fix with a few extra lines of code, it makes no logical or rational sense to not fix.
1 Like