Adding self-signed SSL Certificate, no “Services” available in LuCI to upload HTTPS certificate in uHTTPd

Note that I have posted this in the openwrt forums here.

I am trying to add an SSL certificate to my router so that I can access the router securely, and not worry about any browser warnings. Although I only access the router directly via ethernet, I would still like that extra bit of security. I’m also trying to learn.

I attempted to do this using the openwrt documentation here and elsewhere. I came across some issues. In step 7, it says go to LuCI > Services. There is no Services in my interface. I checked everywhere and couldn’t find it. I am using the GL-iNet GL750 “Mudi”. OpenWrt version 19.07.8.

Is there a way to complete the steps in the terminal, not in the interface?

try do https in nginx. nginx regular webserver for glinet devices AFAIK

server {
    listen              443 ssl;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;


I could not find any clear instructions that are relevant to my issue in the link provided. It’s a wall of text that I don’t understand.

I remember copy-pasting code that looked similar to this into my router, using instructions I found elsewhere, but I can’t remember where I got it, and I don’t remember where the file is supposed to go. I removed any new files I made in /etc/ssl. Note that I can no longer access my router in the web UI, but I can ssh into it.

Update: I did a factory reset because I’m pretty sure I borked the software.

To be honest: If you don’t know anything, and you are not familiar with nginx nor basic linux configuration … just stay with the cert that is integrated.

Copy and paste isn’t the solution to your problem.

To be honest: If you don’t know anything, and you are not familiar with nginx nor basic linux configuration … just stay with the cert that is integrated.

Copy and paste isn’t the solution to your problem.

4ever_sunshine disagree. depend scenario. user say know how to factory reset. One need to break device to inform brain on new things. No inform brain if no try

One get excite by copypaste … one take time inform brain

any birds::

Does process here help?

---------------No recommend after steps until one has knowledge-------------------------

To additional security

  1. create the nonroot user

  2. Set cap on port so nginx run non root but also can use port 80/443

another chance::

this one very create I like and my go ahead … allow extra debug position, can route different 80 port traffic to different services for origination characters different

  1. set nginx to run as non root user
  1. set permissions of cert+key to non root user

still is hole because root can achieve cert+key because root but one should be using non-root root up account only by regular. one can fix by running modify root account… not recommend for stable env until one know why happens happen, but here words to inform


  1. better try step 4 attributes and nill root user logins/usage
    chattr(1) - Linux manual page

many more option, more words if interest

That’s a far cry from what I said. I didn’t say I don’t know anything. I said the article linked doesn’t provide any instructions whatsoever and so I cannot intuit how to proceed to fix my issue. I have more than basic Linux knowledge, and I assure you that I actually want to get this done. At the very least I want to learn how to do it. I am in fact studying computer security, and I’ve played around with nginx a little bit in the past.

So it shouldn’t be any problem.

It‘s just nginx. Nothing special at all.

Good lord, are you trying to sound incomprehensible or is that how your normally type?

The article you linked to install an SSL certificate doesn’t seem relevant to me. They’re assuming I received my SSL certificate in zip file, with server, root and intermediate certificates. I’m fairly certain I don’t need those. I’m going with a self signed certificate, I’m guessing they are for domain certificates that you get from say LetsEncrypt. In any case, all of the research I’ve done to create self signed certificates have not involved any of the steps involved in that article. I’ve already done it with my home router.

It’s a problem if I don’t have any instructions. That’s kind of the point of my post.

But you do have access to google and all the other places where people can search for things.

„nginx ssl how“ is enough to get plenty of results.

Play around with it.

And as learning resource: at main · Admonstrator/ · GitHub

words leave keyboard it all same
process all same cert chain or no cert chain

@admon :slightly_smiling_face: good infos