Luci-https not working correctly


I have noticed on the last couple of stable builds and snapshot builds, the luci https is extremely slow or doesn't load at all. This mostly occurs on pages where a script is loaded. e.g the network view or the first page after log in. Sometimes I get an error message on the luci site that a script could not be loaded. This has been happening across different routers. I've also tried different browsers etc. This makes using https impossible.

At the moment I am using:

  • OpenWrt SNAPSHOT r11009-1cf2495d48

  • Netgear Nighthawk X4S R7800

  • openvpn-openssl 2.4.7-2

  • luci-ssl-openssl git-19.258.59939-fbfb4af-1

I assume it's a combination of some packages. On all the devices the thing that is the same is the openvpn-Openssl and luci-ssl-openssl instead of the mbedTLS. Which can’t be combined.

Has anyone else experienced this?

Please let me know if you need any logs or more information.


Does http work fine?
Do you see any extreme cpu load when you try to open the page? (top or htop from SSH).

1 Like

Thanks for your reply.

Http works fine. I had already checked with htop. No high cpu load when trying to use luci with https.

I am not sure what is the reason for that. I am using the same packages in my routers (different models) without such behavior.
As a workaround I can suggest to use http over OpenVPN or SSH tunneling if you are connecting from the internet.

1 Like

Yes that is how I'm doing it at the moment. Through Openvpn tunnel. I guess it must be a particular setting i do on my devices. I'll have to configure a free device manually again and check after which step the issue occurs.

@boni, welcome to the community!

Wait, so you're saying this only occurs when:

  • you are on your OpenVPN tunnel
  • attempt to reach LuCI over HTTPS

If so, it may be entropy. Please provide the results of:

cat /proc/sys/kernel/random/entropy_avail

Before and after attempting to access LuCI.

Thanks for your reply. :slight_smile:

"Unfortunately" it also occurs while in the lan via wifi. I haven't checked via cable yet. Might do that tonight.

Do you still think it could be due to entropy? Should I still create the cat output?

Yes, please - just to eliminate the possibility.

Ok, so i was connected via cable in the LAN and still the same issue.

Here is the output before accessing luci:
~# cat /proc/sys/kernel/random/entropy_avail

and here after accessing luci:
~# cat /proc/sys/kernel/random/entropy_avail

This is the error message i sometimes get in luci when accessing via https:

OK, it's definitely not entropy.

Could you post the luci and uhttpd settings from /etc/config/ just to be sure?

I left them basically default.

config uhttpd 'main'
	list listen_http ''
	list listen_http '[::]:80'
	list listen_https ''
	list listen_https '[::]:444'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'

config cert 'defaults'
	option days '730'
	option key_type 'rsa'
	option bits '2048'
	option ec_curve 'P-256'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'ABCDEF'
	option country 'DE'


config core 'main'
	option lang 'auto'
	option mediaurlbase '/luci-static/bootstrap'
	option resourcebase '/luci-static/resources'

config extern 'flash_keep'
	option uci '/etc/config/'
	option dropbear '/etc/dropbear/'
	option openvpn '/etc/openvpn/'
	option passwd '/etc/passwd'
	option opkg '/etc/opkg.conf'
	option firewall '/etc/firewall.user'
	option uploads '/lib/uci/upload/'

config internal 'languages'

config internal 'sauth'
	option sessionpath '/tmp/luci-sessions'
	option sessiontime '3600'

config internal 'ccache'
	option enable '1'

config internal 'themes'
	option Bootstrap '/luci-static/bootstrap'

config internal 'apply'
	option rollback '30'
	option holdoff '4'
	option timeout '5'
	option display '1.5'

config internal 'diag'
	option dns ''
	option ping 'openwrt'
	option route 'openwrt'