Change the reForis web admin port

I’ve just bought a Turris Omnia wifi6 and have read the documents
and am configuring it. I have used Gargoyle for many years but not openwrt.
Turris OS version is 6.5.2.

I have one question:
I have changed the ssh port with no problem, but
how do I change to admin port for the reForis web interface from 80/443 to some other nn/nnn?

Incorrect answers i have found online:

  1. System > Settings / Admin Access

- no such menu entry

  1. System > Administration > Services > Find the HTTP service and click Edit

- no such menu entry

  1. Edit the configuration file /etc/reforis/reforis.conf, look for line port = 8080

- no such file

There is a file:
but the only entry is a comment
# void for now

I assume I can put an entry in /etc/config/reforis,
but if so, what is the syntax?

What about looking at /etc/config/lighttpd?

I wonder why to do that. Seems like a security by obscurity. And I believe it will get overwriten by each update

No, its both

  1. statistical arbitrage:
    Increases the cost of attacking me by 65000/4 (assuming 2 open ports).
  2. leveraging the actual threat landscape:
    Many attackers simply scan known ports for knoown vulnerabilities
    using something like Shodan as target guidance.

There is no
there is
which I checked.

I also checked:
All the relevant files in /etc/lighttpd/conf.d/
All the plausible files in /etc/config/
(including foris, foris-controller, foris-controller-subordinates,luci, network, reforis)

The only item I found was:
/etc/config/foris-ws has a line
option port 9080
but I dont know what foris-ws is and the line seems not relevant.

So I cant find where the reForis and Luci listening ports are set,
or how to change them.

It doesn’t get overwritten by Gargoyle updates, which is also based on openwrt.
Anyway, if it is, after each update, I’ll just fix it again
until it gives up overwriting it and apologises for being inconsiderate :grinning:.

Of course I can amend the firewall rules

luci / network / firewall / traffic rule



to change port 443 to nnnn

but that only allows the packet in,
it doesn’t mean reForis will accept it.

For example
if I change port 22 to nnnn in the firewall, then try to ssh from the wan,
sshd will receive the packet but reject the connection attempt.

I did try to just connect to the box from the lan on a different port
(from the lan so the firewall would not reject it)
but it just resets the connection.

So, there must be some way to configure reForis
to accept connections on a different port.

Further information on what doesn’t work:

As the web server seems to be lighttpd, after reading

I tried editing
to add:
server.port = “nnnn”
server.port = nnnn
and then restarting the service

However then I just couldn’t connect.

root@router:~# grep port /etc/lighttpd/conf.d/*
            "port" => 9999,
/etc/lighttpd/conf.d/30-fastcgi.conf:#    "port"
=> "2000",
        "port" => 80
/etc/lighttpd/conf.d/70-foris-ws.conf:  proxy.ser
ver = ( "" => ( ( "host" => "", "port" =
> "9080" ) ) )
/etc/lighttpd/conf.d/80-netdata.conf:  proxy.serv
er = ( "" => ( ( "host" => "", "port" =>
 "19999") ) )
/etc/lighttpd/conf.d/90-turris-root.conf:# to sup
port Turris webapps.
root@router:~# grep 443 /etc/lighttpd/conf.d/*
socket"] == ":443" {
socket"] == "[::]:443" {

Maybe this will give you some hints

1 Like

thanks for that, I had seen some of those but not all.

I think the first few are not relevant:
they are the loopback address ( rather than an external access address.
also we are looking to change ports 80 and 443, not 1999 etc

But the last 2 could be key. I detailed them below

I do worry as both of them say:
“is not meant to be edited”
and sometimes they really mean it. :wink:

Also the lighttpd documentation does say to change lighttpd.conf:

server.port = 80

and even though it doesn’t work, it deosn’t seem wise to ignore it.

Anyway I’ll try them both tomorrow - bedtime in NZ.

Just in case, is there any way of doing rollbacks to the snapshots
from the command line?


#This is part of turris-webapps package and is not meant to be edited.
#If you need different setup, uninstall this package and create your own config
#Listen on IPv4 “:80" (default) and on IPv6 “[::]:80”
$SERVER[“socket”] == "
:80” { }
$SERVER[“socket”] == “[::]:80” { }


#This package is not meant to be edited, it is part of package lighttpd-https-cert
#If you need different https setup, uninstall this package and create your own configuration
$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
$SERVER[“socket”] == “[::]:443” {
ssl.engine = “enable”

ok, thanks to Orest, I think it is solved.

OpenWrt Luci uses uhttpd as its webserver.
Gargoyle replaces Luci, also using uhttpd.
GL.iNet uses uhttpd as its webserver for Luci
and nginx as its webserver for its own web admin panel.
(so one can set the access ports separately).
reForis seems to use lighttpd as the web server,
and for both reForis and for Luci.
This is why none of the online guides are correct.

1. To change to https port from 443 → nnn
edit /etc/lighttpd/conf.d/40-ssl-enable.conf

$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
$SERVER[“socket”] == “[::]:443” {
ssl.engine = “enable”


$SERVER[“socket”] == “:nnn” {
ssl.engine = “enable”
$SERVER[“socket”] == “[::]:nnn” {
ssl.engine = “enable”

Now, after restarting lighttpd, you can https to port nnn.
but as expected, not to 443.

2. To add xxx as a port for http
edit /etc/lighttpd/conf.d/90-turris-root.conf

$SERVER[“socket”] == ":80” { }
$SERVER[“socket”] == “[::]:80” { }

change to:

$SERVER[“socket”] == ":xxx” { }
$SERVER[“socket”] == “[::]:xxx” { }

Now, after restarting lighttpd, you can http to port xxx.

3. But a funny,
you can now http to both port 80 and port xxx ?!?!
So , now you have to edit /etc/lighttpd/lighttpd.conf
to add a line:

server.port = xxx

Now you can connect http on xxx but not 80.

4. But still one funny outstanding.
if you try to connect on 443 you get the correct error:

Unable to connect

but if you now try to connect on port 80 you get a page with just one lonely line,
obviously output by some confused code:

Network Error when attempting to fetch resource

After a few reboots and a day of cool-down, this last error seems to have disappeared, so I think I can mark this as a solution.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.