How to change port web ui

I am using the 18.06 lede on the buffalo G300NH router. Currently I access the web admin using port 80 (192.168.1.1). But since I need to change the port from 80 to another port (I use port 80 for another service - web for example). Please guide the implementation steps help me. (ssh or web GUI)
Thank you.
ps: sorry i'm not good at english

Xài ssh tool như WinSCP rồi login vào. Tới /etc/config/uhttpd rồi chỉnh trong khung màu đỏ là được :smiley:

image

Chỉnh xong xài PuTTY (SSH) chạy lệnh /etc/init.d/uhttpd restart hoặc reboot router đều được.

2 Likes

Cám ơn @danghuy1994 đã đổi thành công :slight_smile:

Are you a member of vozforums?

English please, so everybody around the world can take part in the discussion without the need for using google translate.

@nguyenquocnam The WebUI [LuCI] should never be accessed over HTTP [80], as that sends the root password as plain text.

  • If a webpage requires a password, it should always be accessed via HTTPS [443], without exception.

While the luci-ssl and luci-ssl-openssl pacakges will auto-generate a self-signed certificate, this is also not a secure means, opening the user to a MITM attack [while the liklihood is low on a LAN, the fact remains this is a known exploit that can occur due to having no chain of trust]

  • The OpenSSL Certificates wiki can be utilized to create a self-signed CA and a properly digitally signed certificate

/etc/config/uhttpd, for HTTPS, should resemble

#

     ##::[[---  OpenWrt uHTTPd Config  ---]]::##

#===================================================
              ##----- Servers -----##
#===================================================

    # Main #
#---------------------------------------------------
config uhttpd 'main'
    list    listen_http         '192.168.1.1:80'
    list    listen_https        '192.168.1.1:443'
    option  redirect_https      '1'
    option  home                '/www'
    option  rfc1918_filter      '1'
    option  max_requests        '3'
    option  max_connections     '100'
    option  cert                '/etc/ssl/certs/wrt1900acs-uhttpd.crt'
    option  key                 '/etc/ssl/private/wrt1900acs-uhttpd.key'
    option  cgi_prefix          '/cgi-bin'
    option  lua_prefix          '/luci'
    option  lua_handler         '/usr/lib/lua/luci/sgi/uhttpd.lua'
    option  ubus_prefix         '/ubus'
    option  script_timeout      '60'
    option  network_timeout     '30'
    option  http_keepalive      '20'
    option  tcp_keepalive       '1'
1 Like

Thanks for pointing this out.

While the risk is low on a LAN, that risk factor depends greatly on who accesses the LAN.

  • If you're the only one that ever accesses the LAN, the risk is near non-existent, however if there's multiple users, that risk increases.

Regardless, I believe in doing things the correct way the first time around, especially when modifying the /etc/init.d/uhttpd script to create a self-signed CA, using that CA to digitally sign a cert, is quite simple to do; yet for reasons that escape me, OpenWrt devs have never seen fit to make that change.

  • I don't know of any other WebAdmin that allows usage of a self-signed cert, due to the fact it's not secure... and considering it's quite easy to fix with a few extra lines of code, it makes no logical or rational sense to not fix.
1 Like