Enable HTTPS login for router


#1

Hello,

First off, I really appriciate these routers. They’re small, open sourced and quite durable.

One thing that sits high on my list of things to change is to enable HTTPS for the dashboard and enforce HTTPS when downloading/updating packages and connecting to a vpn.

Could someone point me in the correct direction and or share some info on how to enable https for the dashboard and whatnot? Also, are there any suggestions to help secure this great little tool?

thanks for any time put forth on the topic and have a wonderful day.


HTTPS for GL-AR750 custom Gl-iNet admin portal?
#2

We have whole weeks holiday and will come back to you later. Please do reply again if this is not replied.


#3

Update?


#4

I just got HTTPS and redirect from HTTP to work on the AR750 (v2.27):

  1. ssh into your router with root

  2. create certificate:

mkdir /etc/lighttpd/certs
cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 3650 -nodes
chmod 400 lighttpd.pem

  1. configure lighthttp

/etc/init.d/uhttpd disable
opkg update
opkg install lighttpd-mod-redirect
vi /etc/lighttpd/lighttpd.conf

add to end of file

$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}

$SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "^(.*)$" {
        url.redirect = ( "^/(.*)" => "https://%1/$1" )
    }
}
  1. restart webserver and check if it works

/etc/init.d/lighttpd restart

  1. reboot

reboot


#5

This doesn’t seem to work on the GL-AR750S. Particularly, I noticed that the lighthttpd.conf file gets overwritten with its original contents, post-reboot. Even before rebooting, but after restarting lighthttpd, I couldn’t access the admin portal on https. I also tried changing the default port from 80 to 443.


#6

Check /etc/init.d/lighttpd and remove the two lines with ‘cp’ command.

Then lighttpd.conf will not be overwritten. This is a bug in script actually. The router wants to ensure web server is up but it failed to check correct version


#7

This is broken for me because it can’t load the OpenSSL module.

(plugin.c.229) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so Error loading shared library /usr/lib/lighttpd/mod_openssl.so: No such file or directory

The lighttpd SSL module opkg doesn’t seem to exist so I checked if SSL is compiled in:

root@GL-AR750S:/etc/lighttpd# lighttpd -v
lighttpd/1.4.48 (ssl) - a light and fast webserver

It is compiled in, but activating SSL gives the same error. I have libopenssl installed.


#8

I managed to fix it by downloading the lighttpd package from openwrt.org:

https://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/packages/lighttpd_1.4.48-3_mips_24kc.ipk