I have two major objectives:
- HTTPS-only web UI and
- Get the HTTP(S) authentication the the connection instead of a login page.
From the OpenWRT wiki I have got these directions for HTTPS
opkg install luci-ssl
/etc/init.d/uhttpd stop
mv /etc/config/uhttpd /etc/config/uhttpd.old
WEBUIPORT=880
config uhttpd 'main'
list listen_https '0.0.0.0:$WEBUIPORT' #IPv4 TCP PORT HERE!
list listen_https '[::]:$WEBUIPORT' # IPv6 TCP PORT HERE!
option redirect_https '1'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
option realm 'My Realm'
config cert 'px5g'
option days '730' # <== TWO YEARS
option bits '1024'
option country 'IT' # <== YOUR COUNTRY ISO CODE
option state 'Caserta' # <== YOUR Province/County NAME
option location 'San Nicola la Strada' # <== YOUR CITY
option commonname 'My Office Router' # <== YOUR DEVICE
EOF
/etc/init.d/uhttpd start
After the last start
command crypto certificates will be created on the fly.
For the HTTP(S) AUTH request I have these directions:
/etc/init.d/uhttpd stop
echo '/:root:$p$root' >> /etc/httpd.conf
uci set uhttpd.main.realm="My Realm" # <== YOUR DEVICE NAME HERE!
uci commit uhttpd
sed -i -e 's/\.sysauth = .*/.sysauth = nil/g' /usr/lib/lua/luci/controller/admin/*.lua
/etc/init.d/uhttpd start
Both are quite old and, more importan, are related to OpenWRT 14.07, so they could not fit current LEDE stuff.
In my opinion the HTTPS stuff should be OK.
I wouldn't bet on the HTTP AUTH request stuff as I don't know very well the LUA language.
Is there any one that can confirm or give me some hints?