[Feature Request] Allowing LuCI to use the same port with Admin Panel

Starting from 4.7.0, LuCI requires a separate port.
In various situations, this makes management more complex and causing inconvenience and inefficiency.

Adding an option to allow access LuCI on the Admin Panel port, just as before, may be a better approach. (In this case, the separate port could be disabled)

Currently it returns an error when try to set LuCI ports to the same as Admin Panel: {"err_msg":"luci http port occupied","err_code":-3}

As well as on the GUI:

Hello,

We consider that Luci shares the same one password with GL GUI.
In the case of remote access (WAN remote access web UI), Luci security is not as good as GL GUI, so we distinguish different ports from Luci and GL GUI.

Before 4.7.0, Luci is allowed access to the GL GUI port, but we find the Luci had some security issues such as shell injection and low password protection.

After enabling remote access, Luci was easily accessed, which was very dangerous.

The security protection of GL GUI is relatively complete, and there are no similar risk situations above.

Security has a higher priority than efficiency, so we will not consider bring them with one port.

Thank you for your understanding.
Please apologize for the inconvenience caused to you.

All right, basically I agree that it was a right decision.

While I don't think it'd be that harmful if it can only be allowed via shell command or API, still doubt I can expect such a feature.

So I looked into it myself, and found that LuCI-related paths are no longer proxied by nginx. Now uhttpd directly listens any address.

Then it was simple then expected. Resurrect the /etc/nginx/gl-conf.d/luci.conf and restart nginx. That's it. /etc/nginx/gl-conf.d/strip-luci-error-log.conf is optional.

Or enter this single-line shell command:

echo -e "location /cgi-bin/luci/ {\n    proxy_pass http://127.0.0.1:8080;\n}\n\nlocation /ubus/ {\n    proxy_pass http://127.0.0.1:8080;\n    error_log stderr crit;\n}\n\nlocation /luci-static/ {\n    proxy_pass http://127.0.0.1:8080;\n    error_log stderr crit;\n}" > /etc/nginx/gl-conf.d/luci.conf && /etc/init.d/nginx restart

8080 needs to be replaced(three times) if luci_http_port was changed.

I hope this method stays working for futher updates.

1 Like