How do i install a webserver on my Turris Omnia (3.11.6)?

Dear Community,

I would like to host a simple little website on my Turris Omnia router and therefore need to get a webserver up-and-running. Now i am aware that it already comes with lighthttps, but this one is serving Foris & LuCl. I tried to find tutorials for virtual hosting to no avail. Then i tried to follow this tutorial for nginx: https://doc.turris.cz/doc/en/public/webserver. But at the end i only get the following error when i try to finally start nginx:

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] still could not bind()

If you know what i might have done wrong, or if you can point me to yet another solution, i’d be really grateful. Please take into consideration that i am not very versed with manual configurations in a linux-like environment, let alone server administration. So i would need a step-wise instruction, until i have a root folder where i can place my .php & . html files.

Many thanks in advance!

Did you change lighttpd port? This error message tells you that another service is already listening on port 80 (default http port)

For me, the easiest way was to put the apache web server into an LXC container.

1 Like

Well, i think that’s what i did when i set

server.port = 81
$SERVER["socket"] == "[::]:81" { }

in the lighthttpd.conf file. Might there be another service, listening on port 80?

For small sites I use uhttpd. Port 81. Easy settings.
http://90.179.79.195:81/
Turris 1.0 RC 3.11.7

So you suggest i throw a linux distribution into a virtual machine and then install the webserver from there? Which one did you use?

Cool! I might actually start with this.

easy Debian buster and install apache2 and php5.6

So, i got this to work and now i’d like to enable https. But when i try to install:

opkg install uhttpd-mod-tls

It fails because:

Cannot satisfy the following dependencies for uhttpd-mod-tls:

* libustream-polarssl *

How do i manually install libustream-polarssl to get around this?

I think for https you have to install libuhttpd-mbedtls , libuhttpd-openssl
https://openwrt.org/docs/guide-user/services/webserver/uhttpd

Same problem. Those packages are just not available under Turris…
(At least i got PHP to work meanwhile =)

Then run everything in the container, and in dns assign a fix ip lease. Maybe an easy way. The benefit, the web can be run on standard port 80.

For uhttpd-tls, try this:

opkg update
wget http://archive.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/base/libustream-polarssl_2015-07-09-c2d73c22618e8ee444e8d346695eca908ecb72d3_mvebu.ipk -O /tmp/libustream-polarssl.ipk
opkg install /tmp/libustream-polarssl.ipk

and then continue:

opkg install uhttpd-mod-tls
opkg install luci-ssl

Unfortunately I can’t try it, I use TOS4 - another architecture.

For https to work, you need to change the https port from 443 to approx. 444 .Edit the /etc/config/uhttpd file and change:

list listen_http 0.0.0.0:81
#list listen_http [::]:81
list listen_https 0.0.0.0:444
#list listen_https [::]:444

Then the site access would look like this:
http://192.168.1.1:81/
https://192.168.1.1:444/

If you want to host a web site, I recommend editing the IP address from 0.0.0.0 to the IP address of the router (192.168.1.1).

and if you want PHP to work, add a line:

list interpreter ".php=/usr/bin/php-cgi"

https://192.168.1.1:444
So, when you click the page, you’ll see a warning? https works? is the problem only in the certificate?
e.g from Firefox.:

If the problem is only in the certificate:
The generated certificate needs to be approved by a certification authority - this process is domain dependent, so signatures are not easy.

No, the page isn’t loading at all (under port 444), not even a warning.

192.168.1.1 didn’t send any data.

@Pepe is probably right, best to use nginx according to the documentation (https://doc.turris.cz/doc/en/public/webserver):

NGINX + SSL + PHP7

Step by step …

Create a folder /usr/share/htdocs and copy the web content you want to share.

Install the necessary packages:

opkg update
opkg install nginx-ssl php7-fastcgi openssl-util

We generate an SSL certificate key pair:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert.key -out /etc/cert.crt

Information: If you want to share a website over the Internet, it is important to have the certificate signed by a certification authority, otherwise the site will be classified as untrustworthy!

Edit PHP /etc/php.ini file:

Summary
doc_root = "/usr/share/htdocs"
cgi.force_redirect = 1
cgi.redirect_status_env = "yes"

and restart the PHP daemon:

/etc/init.d/php7-fastcgi restart

Edit NGINX /etc/nginx/nginx.conf file:

Summary
user nobody nogroup;
worker_processes 1;

error_log /tmp/nginx_error.log;

events {
    worker_connections 1024;
}

http {
	include mime.types;
	index index.php index.html index.htm;
	default_type text/html;

	sendfile on;
	keepalive_timeout 65;
	gzip on;

	gzip_min_length 1k;
	gzip_buffers 4 16k;
	gzip_http_version 1.0;
	gzip_comp_level 2;
	gzip_types text/plain application/x-javascript text/css application/xml;
	gzip_vary on;
	server {
		listen 81;
		
		listen 444 ssl;
		ssl_certificate /etc/cert.crt;
		ssl_certificate_key /etc/cert.key;
		ssl_session_cache shared:SSL:1m;
		ssl_session_timeout 5m;
		ssl_ciphers HIGH:!aNULL:!MD5;
		ssl_prefer_server_ciphers on;

		fastcgi_connect_timeout 300;
		fastcgi_send_timeout 300;
		fastcgi_read_timeout 300;
		fastcgi_buffer_size 32k;
		fastcgi_buffers 4 32k;
		fastcgi_busy_buffers_size 32k;
		fastcgi_temp_file_write_size 32k;
		client_body_timeout 10;
		client_header_timeout 10;
		send_timeout 60;
		output_buffers 1 32k;
		postpone_output 1460;

		root /usr/share/htdocs;

		location ~ \.php$ {
			fastcgi_index  index.php;
			include        fastcgi_params;
			fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

			if (-f $request_filename) {
				fastcgi_pass 127.0.0.1:1026;
			}
		}
	}
}

and restart the NGINX daemon:

/etc/init.d/nginx restart

The errors can be found in the file: /tmp/nginx_error.log

Site availability:
http://192.168.1.1:81/
https://192.168.1.1:444/

1 Like

Wow, thanks so much! I will follow this, when i have some more time at hand =)

easy Debian buster and install apache2 and php5.6

php5.6 is EOL since beginning of this year and isn’t even available for buster any more…

yes, but you can add repo https://packages.sury.org/php buster / main arm64 Packages for php5.6