LuCI & Foris should be HTTPS by default


why is HTTPS not default for LuCI and Fortis?



It is. There is, however, quite nasty warning of untrusted certificate. That’s why unencrypted connection is also allowed.

As I stated before (see linked post), any ideas how to get rid of such warning are welcome.

Hello Ondrej,

IMHO an unencrypted HTTP session should be disabled by default.
I would prefer an encrypted session with a warning.


You are free to do it like that. But I doubt it is a sensible default for everyone. AFAIK there is no known attack vector that would make use of unencrypted HTTP in default setup – that means access only from LAN side and enforced Wi-Fi encryption.



any idea how to setup SSL only for LuCI and Fortis?

Disabling non SSL connections with

uci delete uhttpd.main.listen_http ; uci commit

does not work.

Regards Jörg


done by myself:

  • delete the file /etc/lighttpd/conf.d/ssl-enable.conf

  • in /etc/lighttpd/lighttpd.conf:

server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd-self-signed.pem"
server.bind = “” # optional

CU Jörg

Would be nice to have the lighttpd-mod-rewrite package so one could redirect the traffic to https.

Feel free to install the module: :wink:

root@kukuzi:~# opkg list lighttpd-mod-rewrite
lighttpd-mod-rewrite - 1.4.42-2 - URL rewriting module
1 Like
opkg list lighttpd*
lighttpd - 1.4.42-2
lighttpd-mod-alias - 1.4.42-2
lighttpd-mod-cgi - 1.4.42-2
lighttpd-mod-fastcgi - 1.4.42-2
lighttpd-mod-setenv - 1.4.42-2

OK, I’ve had to run update first, now it’s available.

opkg list lighttpd-mod-rewrite
lighttpd-mod-rewrite - 1.4.42-2 - URL rewriting module

My bad. Thank you @quietsche.

Edit: The redirect to https finally solved with lighttpd-mod-redirect and adding the following into /etc/lighttpd/conf.d/ssl-enable.conf:

$SERVER["socket"] == ":80" {
	$HTTP["host"] =~ ".*" {
		url.redirect = (".*" => "https://%0$0")

PS: Of course you need to restart the server after doing the changes with /etc/init.d/lighttpd restart


Does not work for me. lighthtpd restarts fine, no error message, but no redirection either.

I use this, which works for me:

# cat /etc/lighttpd/conf.d/https-redirect.conf
$HTTP["scheme"] == "http" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")

Works fine for me. Thanks.


when I try to implement that I get following error while restarting lighttpd:

2017-04-17 12:25:27: (server.c.1295) WARNING: unknown config-key: url.redirect (ignored) 

And of course the redirect doesn’t work. Any Ideas how to fix that? (I have Turris OS version 3.6.2).

EDIT: sorry, problem was the missing module…I just installed: lighttpd-mod-rewrite and not lighttpd-mod-redirect. Now it works just fine.