I was not able to run luci on https with 8080 port. I've changed port number under /etc/config/uhttpd, also added port under firewall > traffic rules > Open ports on router, added certificate and key files.
I still do not see any 8080 open port with netstat -ln command internally or with nmap from outside.
Can you help?
uci show uhttpd
uhttpd.main=uhttpd
uhttpd.main.listen_http='0.0.0.0:80'
uhttpd.main.listen_https='0.0.0.0:8080'
uhttpd.main.redirect_https='1'
uhttpd.main.home='/www'
uhttpd.main.rfc1918_filter='1'
uhttpd.main.max_requests='1'
uhttpd.main.max_connections='100'
uhttpd.main.cert='/etc/uhttpd.crt'
uhttpd.main.key='/etc/uhttpd.key'
uhttpd.main.cgi_prefix='/cgi-bin'
uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
uhttpd.main.script_timeout='60'
uhttpd.main.network_timeout='30'
uhttpd.main.http_keepalive='20'
uhttpd.main.tcp_keepalive='1'
uhttpd.defaults=cert
uhttpd.defaults.days='730'
uhttpd.defaults.bits='2048'
uhttpd.defaults.country='ZZ'
uhttpd.defaults.state='Somewhere'
uhttpd.defaults.location='Unknown'
uhttpd.defaults.commonname='OpenWrt'
Please re-install then test.
What method / guide did you use for key install?
service log restart; service uhttpd restart; sleep 10
logread -e uhttpd; netstat -l -n -p | grep -e uhttpd
this guide:
sudo openssl req -new > new.ssl.csr
sudo openssl rsa -in privkey.pem -out new.cert.key
sudo openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
- Can you explain where this guide came from and why you used it (e.g. can you provide a weblink, is this from a tutorial to setup HTTPS on OpenWrt, etc.)?
- Were these commands ran on the OpenWrt device?
- There is no sudo by default in OpenWrt
First off it is not considered safe to expose LuCI to the Internet, even with https. Https protects the user from eavesdropping or man in the middle attacks. It does nothing to protect the server from being hacked.
I think that a DH (Diffie-Hellman key exchange) parameter file is also required for the https server to work. Check the system log for error messages.
2 Likes
I've created self signed certificate on another PC and copied to router.
If you are still interested, source is: https://www.linux.com/learn/creating-self-signed-ssl-certificates-apache-linux
- OpenWrt does this for you, why did you create a cert on a PC?
- Are you sure you've installed the packages needed on OpenWrt for a HTTPS instance?
Also, as @mk24 noted, if this is to expose your router to the Internet, I don't advise that for security reasons.
See: https://openwrt.org/docs/guide-user/luci/luci.secure for the official Wiki on setting up HTTPS on OpenWrt.
Seems that ssl package was not installed. thanks for help.
Another weird this is that now I cannot change uhttpd as it is read-only now
1 Like
- Verify that you haven't ran out of free flash space on your device. Use the
df -hcommand to check - What model device are you using?
Yes it was problem with space.
2 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.