I have just bought my first GL.inet router, a GL-AXT1800.
So far it works well.
I am reasonably familiar with openwrt and have been using the Luci interface
to make some changes that weren’t available from your nice interface.
How do I change the default https port for access and block http access to the GL.inet interface?
I did, in the command line, by modifying /etc/config/uhttpd
change the https port and block http access.
However this only works for access to the Luci interface.
Your gl.inet interface can still be reached by http and https on the default ports.
I guess you are using a different server for this access.
I can block access to ports 80 and 443 with the firewall
however this also completely blocks access to your gl.inet interface.
So, how do I allow https access to your gl.inet interface,
but on a different port
and redirect http access to https?
Notes
Admin panel v4.0.0
Firmware Type release3
Firmware Version OpenWrt 21.02-SNAPSHOT r16273+114-378769b555 /
LuCI openwrt-22.03 branch git-21.284.67084-e4d24f0
I tested it today but couldn’t get it to work.
In fact it made things worse:
Test 1
Edited /etc/nginx/conf.d/gl.conf to 10 # listen 80; 11 # listen [::]:80; 12 13 listen 20999 ssl; 14 listen [::]:20999 ssl; Result
→ unable to connect
192.168.119.1 refused to connect.
ERR_CONNECTION_REFUSED
Test 2
Edited /etc/nginx/conf.d/gl.conf to: 13 listen 20999 ssl; 14 listen [::]:20999 ssl; Result
→ unable to connect
192.168.119.1 refused to connect.
ERR_CONNECTION_REFUSED
Test 3
Edited /etc/nginx/conf.d/gl.conf to the same listing port as uhttpd: 13 listen 21999 ssl; 14 listen [::]:21999 ssl; Result
I can connect, but it goes straight to Luci - the GL interface is still not reachable.
Test 4 - very strange
I restored /etc/nginx/conf.d/gl.conf from backup copy
(made before I edited it) Result
Same result!!
192.168.119.1 refused to connect.
ERR_CONNECTION_REFUSED
Same when trying to connect on the lan or wan side.
I checked the firewall rules - there is nothing changed there.
I can connect to the Luci interface - no problems, and via ssh.
The only explanation I can think of is that nginx now refuses to start.
I did a htop to see running processes,
and I can see uhttpd but not nginx.
If you have modified the port, you should use https://192.168.119.1:20999 to access.
I try to use the config and it worked fine. But I don’t have uhttpd installed and running. Maybe you can use cat /var/log/nginx/error.log to check nginx log?
Thanks Yuxin for the quick reply,
and I found the problem.
Your suggestion to check the nginx log found the answer:
Here is a cat of the nginx log,
2022/08/03 11:05:08 [emerg] 3606#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
2022/08/03 11:05:41 [emerg] 5946#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
2022/08/03 11:05:46 [emerg] 6755#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
2022/08/03 11:05:51 [emerg] 7224#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
2022/08/03 11:05:56 [emerg] 7486#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
2022/08/03 11:06:01 [emerg] 7695#0: lua_shared_dict “shmem” is already defined as “shmem” in /etc/nginx/con
f.d/gl-220803c.conf:3
The problem was I put the backups of my gl.conf files
(gl-orig.conf, gl-220802a.conf, gl-220803a.conf etc)
in the same directory,
/etc/nginx/conf.d/
I have been keeping backup config files in the same directory for all other system components in Linux for many years with no problems,
but it seems nginx reads the backup files also,
and then has an emergency and exits.
And the reason is that at the bottom of gl.conf it has an include statement:
include /etc/nginx/gl-conf.d/*.conf;
which included all the backup files!!
I moved the backup files to a separate directory, and now nginx starts and listens on 20999 correctly.