How to force HTTPS for Luci on omnia 6.2.4?

Hello,
Sometimes, when I connect on Luci my browser is on HTTP. I need to manually indicate HTTPS.

  1. Is there a simple way to force HTTPS?

  2. If not, is it through lighttpd config? like this?

  3. Will it work also for Foris/reForris?

Hi,

i was using option 2 on old turris 3.x
I assume it is still viable, it did a global redirect so it worked for all apps in there - havent tried it on latest turris yet.

$HTTP[“scheme”] == “http” {
# capture vhost name with regex conditiona → %0 in redirect pattern
# must be the most inner block to the redirect rule
$HTTP[“host”] =~ “." {
url.redirect = (".
” => “https://%0$0”)
}
}

Take a look at this:

Thanks for the old thread.

There was a post from Ondrej Caletka asking for any ideas how to get rid of the browser warning.

I have actually implemented a solution few years back on some local webapplication - not turris.
This is a way how to get browser to accept cert without warnings that does not rely on any existing cert authority

I believe a way to fix this for turris team using my approcach would be

  1. generate root ca
  2. generate certificate with hostname as name and subject alternative name matching the IP address (can be multiple)
  3. user must add the root ca to browser
  4. if ip of the router changes, it must regenerate the issued certificate

I would not do this at home, using letsencrypt is better if that is an option

Strange… Solution doesn’t seem to work.

I’ve verified that lighttpd-mod-redirect is installed
I’ve added the redirecting line in a .conf file (I’ve tried the various mentioned in the post)
Then I restarted /etc/init.d/lighttpd

Each time browser indicated that server was refusing connection (both http and https).

Each time I rolled back by removing the lines and restarting, and I had both http and https again.

What step am I missing?

I just set this up using the old conf i shared before -works for me perfectly- check where do you put the config file:

i have /etc/lighttpd/conf.d/something.conf on 6.2.4

there should not be anything special i think

OK. I missed one $ in my copy paste :crazy_face:

Now I did:
verify that lighttpd-mod-redirect is installed
verify or install nano

nano /etc/lighttpd/conf.d/https-redirect.conf`

then insert

$HTTP["scheme"] == "http" {
    # Apply to all vhosts
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")
    }
}

quit and save

/etc/init.d/lighttpd restart

It works on all pages, except for the 1st page where we choose between reForris and Luci, which stays in http during countdown.

1 Like

Does anyone know why the 1st landing page is behaving differently?
Is it because it is constructed in such a way that redirection to https is impossible? Or is it my set-up that is missing it for any reason?