Lost LuCi on port 80, only available on port 443 [Solved]

ffries · August 20, 2020, 11:13am

Maybe it is not related, but slightly after bringing up HE.net ipv6 tunnel, I lost LuCi web interface on IPv4.
Now when I connect to LuCi, it downloads this webpage ...

#!/usr/bin/lua
require "luci.cacheloader"
require "luci.sgi.cgi"
luci.dispatcher.indexcache = "/tmp/luci-indexcache"
luci.sgi.cgi.run()

I tried to reboot OpenWRT restart uhttpd, another browser, clear browsing history, nothing changes.

#top
shows no memory shortage:

Mem: 171100K used, 79860K free, 15344K shrd, 2432K buff, 28980K cached
CPU:   0% usr   0% sys   0% nic  98% idle   0% io   0% irq   0% sirq
Load average: 0.19 0.50 0.26 2/87 4764
  PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
   89     2 root     IW       0   0%   0% [kworker/0:2]
   70     2 root     IW       0   0%   0% [kworker/2:1]
   63     2 root     IW       0   0%   0% [kworker/u8:1]
 4764  4273 root     R     1096   0%   0% top
   69     2 root     IW       0   0%   0% [kworker/1:1]
   71     2 root     IW       0   0%   0% [kworker/3:1]
 1036     1 root     S     1248   0%   0% /usr/sbin/odhcpd
    7     2 root     SW       0   0%   0% [ksoftirqd/0]
 4453     1 unbound  S    83684  33%   0% /usr/sbin/unbound -d -c /var/lib/unbound/unbound.conf
 2976     1 root     S     4524   2%   0% /usr/sbin/wpa_supplicant -B -s -b br-lan -P /var/run/wpa_supplicant-mesh0.pid -D nl80211 -i mesh0 -c /var/ru
 3494     1 root     S     4316   2%   0% /usr/sbin/hostapd -s -P /var/run/wifi-phy0.pid -B /var/run/hostapd-phy0.conf
 1364     1 http     S     3816   2%   0% /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
  788     1 root     S     1828   1%   0% /sbin/rpcd -s /var/run/ubus.sock -t 30
 1627     1 root     S     1712   1%   0% /usr/sbin/uhttpd -f -h /www -r oiseau -x /cgi-bin -t 60 -T 30 -k 20 -A 1 -n 3 -N 100 -R -p 0.0.0.0:80 -p [::
  954     1 root     S     1556   1%   0% /sbin/netifd
    1     0 root     S     1360   1%   0% /sbin/procd
 3420     1 root     S     1280   1%   0% /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S myddns_ipv4 -- start
 3722     1 dnsmasq  S     1176   0%   0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
 4273  4272 root     S     1088   0%   0% -ash
 2678     1 root     S<    1084   0%   0% /usr/sbin/ntpd -n -N -l -S /usr/sbin/ntpd-hotplug -p 0.openwrt.pool.ntp.org -p 1.openwrt.pool.ntp.org -p 2.o
 1064     1 root     S     1084   0%   0% /usr/sbin/crond -f -c /etc/crontabs -l 5
 1197   954 root     S     1080   0%   0% udhcpc -p /var/run/udhcpc-eth1.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth1 -x hostname:oiseau -V neufbox_
 4039  3420 root     S     1080   0%   0% sleep 300
  757     1 root     S     1048   0%   0% /sbin/logd -S 64
  155     1 root     S     1012   0%   0% /sbin/ubusd
 4272  3769 root     S      908   0%   0% /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 192.168.9.1:22 -p 2001:470:cad4::1:22 -p fd71:1a2a:6448:
 3769     1 root     S      844   0%   0% /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 192.168.9.1:22 -p 2001:470:cad4::1:22 -p fd71:1a2a:6448:
  173     1 root     S      816   0%   0% /sbin/urngd
 2718     1 root     S      752   0%   0% /usr/sbin/igmpproxy -n /var/etc/igmpproxy.conf
  156     1 root     S      704   0%   0% /sbin/askfirst /usr/libexec/login.sh
    5     2 root     IW       0   0%   0% [kworker/u8:0]
^C147     2 root     SWN      0   0%   0% [jffs2_gcd_mtd11]

I can ping the OpenWRT router and connect in SSH.
This is LuCi web interface on 80 port, not https.

uhttp started successfully:

cat /var/log/lighttpd/error.log
2020-08-20 12:27:32: (server.c.1521) server started (lighttpd/1.4.54)

Any help appreciated.

ffries · August 20, 2020, 11:32am

There is no: /tmp/luci-indexcache
Could it be the problem?

Here is my http configuration:
cat /etc/config/uhttpd

# Server configuration
config uhttpd main

	# HTTP listen addresses, multiple allowed
	list listen_http	0.0.0.0:80
	list listen_http	[::]:80

	# HTTPS listen addresses, multiple allowed
	list listen_https	0.0.0.0:443
	list listen_https	[::]:443

	# Redirect HTTP requests to HTTPS if possible
	option redirect_https	1

	# Server document root
	option home		/www

	# Reject requests from RFC1918 IP addresses
	# directed to the servers public IP(s).
	# This is a DNS rebinding countermeasure.
	option rfc1918_filter 1

	# Maximum number of concurrent requests.
	# If this number is exceeded, further requests are
	# queued until the number of running requests drops
	# below the limit again.
	option max_requests 3

	# Maximum number of concurrent connections.
	# If this number is exceeded, further TCP connection
	# attempts are queued until the number of active
	# connections drops below the limit again.
	option max_connections 100

	# Certificate and private key for HTTPS.
	# If no listen_https addresses are given,
	# the key options are ignored.
	option cert		/etc/uhttpd.crt
	option key		/etc/uhttpd.key

	# CGI url prefix, will be searched in docroot.
	# Default is /cgi-bin
	option cgi_prefix	/cgi-bin

	# List of extension->interpreter mappings.
	# Files with an associated interpreter can
	# be called outside of the CGI prefix and do
	# not need to be executable.
#	list interpreter	".php=/usr/bin/php-cgi"
#	list interpreter	".cgi=/usr/bin/perl"

	# List of prefix->Lua handler mappings.
	# Any request to an URL beneath the prefix
	# will be dispatched to the associated Lua
	# handler script. Lua support is disabled when
	# no handler mappings are specified. Lua prefix
	# matches have precedence over the CGI prefix.
	list lua_prefix		"/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"

	# Specify the ubus-rpc prefix and socket path.
#	option ubus_prefix	/ubus
#	option ubus_socket	/var/run/ubus.sock

	# CGI/Lua timeout, if the called script does not
	# write data within the given amount of seconds,
	# the server will terminate the request with
	# 504 Gateway Timeout response.
	option script_timeout	60

	# Network timeout, if the current connection is
	# blocked for the specified amount of seconds,
	# the server will terminate the associated
	# request process.
	option network_timeout	30

	# HTTP Keep-Alive, specifies the timeout for persistent
	# HTTP/1.1 connections. Setting this to 0 will disable
	# persistent HTTP connections.
	option http_keepalive	20

	# TCP Keep-Alive, send periodic keep-alive probes
	# over established connections to detect dead peers.
	# The value is given in seconds to specify the
	# interval between subsequent probes.
	# Setting this to 0 will disable TCP keep-alive.
	option tcp_keepalive	1

	# Basic auth realm, defaults to local hostname
#	option realm	OpenWrt

	# Configuration file in busybox httpd format
#	option config	/etc/httpd.conf

	# Do not follow symlinks that point outside of the
	# home directory.
#	option no_symlinks	0

	# Do not produce directory listings but send 403
	# instead if a client requests an url pointing to
	# a directory without any index file.
#	option no_dirlists	0

	# Do not authenticate any ubus-rpc requests against
	# the ubus session/access procedure.
	# This is dangerous and should be always left off
	# except for development and debug purposes!
#	option no_ubusauth	0

	# For this instance of uhttpd use the listed httpauth
	# sections to require Basic auth to the specified
	# resources.
#	list httpauth prefix_user


# Defaults for automatic certificate and key generation
config cert defaults

	# Validity time
	option days		730

	# key type: rsa or ec
	option key_type		rsa

	# RSA key size
	option bits		2048

	# EC curve name
	# Curve names vary between mbedtls/px5g and openssl
	# P-256 or P-384 are guaranteed to work
	option ec_curve		P-256

	# Location
	option country		ZZ
	option state		Somewhere
	option location		Unknown

	# Common name
	option commonname	'OpenWrt'

# config httpauth prefix_user
#	option prefix /protected/url/path
#	option username user
#	option password 'plaintext_or_md5_or_$p$user_for_system_user'

ffries · August 20, 2020, 11:35am

LuCI does not work in http (80 port) but it works on https (443).
So what is the problem?

ffries · August 20, 2020, 11:50am

Because http is not working, I just disabled all http connections:
#/etc/config/uhttp

        # HTTP listen addresses, multiple allowed
        #list listen_http       0.0.0.0:80
        #list listen_http       [::]:80

Before setting this as solved, I need to know what is happening there.

trentmu · August 20, 2020, 12:55pm

It will automatically switch you to https(port 443). If you change this to option redirect_https 0 you will be able to use both http/https

ffries · August 20, 2020, 12:57pm

Yeah, I just double-checked enabling both http and https without redirection and http does not work. Sounds like a mistery.

By the way, it could have started when I installed acme. I had to revert all files including uhttpd.conf to be able to access the router http page.

Hope this is not a malware.

pwned · August 20, 2020, 1:31pm

No it's not. You can enable/disable such behaviour on browser level also. I've activated the option to always request https on my firefox. I'm not sure if its standard since a few releases anyway. I think chromium is forcing that since a few releases?

ffries · August 20, 2020, 1:34pm

Yes, it is called https anywhere.

Besides, my problem is that I don't understand why my router is serving half pages in http. I am looking for explanation, still searching ...

ffries · August 20, 2020, 1:42pm

I found the culprit. It was lighttpd running on the same 80 port.

opkg remove lighttpd
solved the issue.

ffries · August 20, 2020, 2:45pm

Sorry for the confusion, the problem is not solved.

ffries · August 20, 2020, 4:05pm

The problem is that port 80 is serving crap even if disabled.

What command would show the open ports and indicate which service/process is serving the information?

ffries · August 20, 2020, 8:36pm

netstat -anp | grep ":80"
returns nothing

Clearing data history solved the issue. So closing.

system · August 30, 2020, 8:36pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.