I run snapshot builds on a UniFi AP. Every time I update OpenWRT and re-install luci and luci-ssl I have a hard time logging in to LuCI again, I keep getting various network or RPC errors, e.g.
NetworkError
HTTP error 400 while loading class file "/luci-static/resources/view/status/index.js?v=git-20.311.85590-5c5b134"
at compileClass (https://unifiap/luci-static/resources/luci.js?v=git-20.311.85590-5c5b134:169:16)
After a few page reloads it will eventually start working.
Anything I can do? Do I need to clear anything on the AP, or on the browser side?
How can I troubleshoot this? Any logs I can provide?
Once I manage to log in and then click around the errors in the console stop. But if I log out and attempt to log in again, the errors appear and right after the login the top menu bar is missing until I refresh the page. Something is wrong with my config ...
# Server configuration
config uhttpd main
# HTTP listen addresses, multiple allowed
#list listen_http 0.0.0.0:80
#list listen_http [::]:80
# HTTPS listen addresses, multiple allowed
list listen_https 192.168.1.32:443
#list listen_https [::]:443
# Redirect HTTP requests to HTTPS if possible
option redirect_https 1
# Server document root
option home /www
# Reject requests from RFC1918 IP addresses
# directed to the servers public IP(s).
# This is a DNS rebinding countermeasure.
option rfc1918_filter 1
# Maximum number of concurrent requests.
# If this number is exceeded, further requests are
# queued until the number of running requests drops
# below the limit again.
option max_requests 3
# Maximum number of concurrent connections.
# If this number is exceeded, further TCP connection
# attempts are queued until the number of active
# connections drops below the limit again.
option max_connections 100
# Certificate and private key for HTTPS.
# If no listen_https addresses are given,
# the key options are ignored.
option cert /etc/uhttpd.crt
option key /etc/uhttpd.key
# CGI url prefix, will be searched in docroot.
# Default is /cgi-bin
option cgi_prefix /cgi-bin
# List of extension->interpreter mappings.
# Files with an associated interpreter can
# be called outside of the CGI prefix and do
# not need to be executable.
# list interpreter ".php=/usr/bin/php-cgi"
# list interpreter ".cgi=/usr/bin/perl"
# List of prefix->Lua handler mappings.
# Any request to an URL beneath the prefix
# will be dispatched to the associated Lua
# handler script. Lua support is disabled when
# no handler mappings are specified. Lua prefix
# matches have precedence over the CGI prefix.
list lua_prefix "/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"
# Specify the ubus-rpc prefix and socket path.
# option ubus_prefix /ubus
# option ubus_socket /var/run/ubus/ubus.sock
# CGI/Lua timeout, if the called script does not
# write data within the given amount of seconds,
# the server will terminate the request with
# 504 Gateway Timeout response.
option script_timeout 60
# Network timeout, if the current connection is
# blocked for the specified amount of seconds,
# the server will terminate the associated
# request process.
option network_timeout 30
# HTTP Keep-Alive, specifies the timeout for persistent
# HTTP/1.1 connections. Setting this to 0 will disable
# persistent HTTP connections.
option http_keepalive 20
# TCP Keep-Alive, send periodic keep-alive probes
# over established connections to detect dead peers.
# The value is given in seconds to specify the
# interval between subsequent probes.
# Setting this to 0 will disable TCP keep-alive.
option tcp_keepalive 1
# Basic auth realm, defaults to local hostname
# option realm OpenWrt
# Configuration file in busybox httpd format
# option config /etc/httpd.conf
# Do not follow symlinks that point outside of the
# home directory.
# option no_symlinks 0
# Do not produce directory listings but send 403
# instead if a client requests an url pointing to
# a directory without any index file.
# option no_dirlists 0
# Do not authenticate any ubus-rpc requests against
# the ubus session/access procedure.
# This is dangerous and should be always left off
# except for development and debug purposes!
# option no_ubusauth 0
# For this instance of uhttpd use the listed httpauth
# sections to require Basic auth to the specified
# resources.
# list httpauth prefix_user
# Defaults for automatic certificate and key generation
config cert defaults
# Validity time
option days 730
# key type: rsa or ec
option key_type ec
# RSA key size
option bits 2048
# EC curve name
# Curve names vary between px5g-{wolfssl,mbedtls} and openssl
# P-256 or P-384 are guaranteed to work
option ec_curve P-256
# Location
option country ZZ
option state Somewhere
option location Unknown
# Common name
option commonname 'OpenWrt'
# config httpauth prefix_user
# option prefix /protected/url/path
# option username user
# option password 'plaintext_or_md5_or_$p$user_for_system_user'
I fixed this by downgrading uhttpd to the version from 19.07.4 release
Manually unpack uhttpd_2020-03-13-975dce23-1_x86_64.ipk, then unpack data.tar.gz
/etc/init.d/uhttpd stop
replace /usr/sbin/uhttpd with unpacked version
cd /usr/lib
ln -s libjson-c.so.5 libjson-c.so.2
/etc/init.d/uhttp start
I'm not able to install luci-ssl-openssl on snapshot builds:
* check_data_file_clashes: Package libustream-openssl20200215 wants to install file /lib/libustream-ssl.so
But that file is already provided by package * libustream-wolfssl20200215
* opkg_install_cmd: Cannot install package luci-ssl-openssl.
Forcing an overwrite of conflicts doesn't work either, my device runs out of disk space. Oh well, I will have to live with the errors until snapshots give up on wolfssl which I understand is the plan going forward.
I think I found the problem, the default uhttpd config file has this option commented out: # option ubus_prefix '/ubus'
If I uncomment it and restart uhttpd, I don't see any errors anymore.