How to preserve Gl-inet router web page and openwrt luci and own hosted sites

Hello.
I want to return to the original GL-Inet firmware and restore 4.7.0-op24 firmware which is based on the new Linux kernel.
In the past, I had migrated to OpenWrt due to crash website and too many dependencies.
after gained some experience I think that some Gl- inet features are useful and I might use them.
Can someone give me advice on a couple question?
First: how GL-Inet website invoke itself and Luci? Mean both use /usr/lib/nginx/modules/ngx_http_ubus_module.so ?
In openwrt I have luci.location which is responsible for loading luci.

location /cgi-bin/luci {
                index  index.html;
                include uwsgi_params;
                uwsgi_param SERVER_ADDR $server_addr;
                uwsgi_modifier1 9;
                uwsgi_pass unix:////var/run/luci-webui.socket;
}
location ~ /cgi-bin/cgi-(backup|download|upload|exec) {
                include uwsgi_params;
                uwsgi_param SERVER_ADDR $server_addr;
                uwsgi_modifier1 9;
                uwsgi_pass unix:////var/run/luci-cgi_io.socket;
}

location /luci-static {
                error_log stderr crit;
}

location /ubus {
        ubus_interpreter;
        ubus_socket_path /var/run/ubus/ubus.sock;
        ubus_parallel_req 2;
}

I suppose that GL-Inet website is invoked propably by cgi-bin scripts as well and luci were reversed proxied by uhttpd web service.
I don't want to use uhttpd because it's not smart , prefer link luci in the location section. Or I might use uhttpd as a spare web service.
second: after restoring firmware what steps do you advise ? mean how to install additional NGiNX modules and features ?
Simply make backup folders install and copy files back ? or do I need something to preserve GL-Inet website ?
I need nginx-full , nginx-mod-headers-more, nginx-mod-rtmp,nginx-mod-stream, nginx-mod-ts, nginx-mod-ubus. I suppose that some come with firmware but not nginx-mod-rtmp which is a module for streaming video.
third :
how to make it safe : here is my router config which load luci and additional locations for ttyd services.

server {
    listen 80 ;
    listen [::]:80;
    server_name router.wojciech.lol;
    return 301 https://$host$request_uri;            
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name router.wojciech.lol;

    # SSL settings
    ssl_certificate /etc/ssl/private/router.wojciech.lol.crt;
    ssl_certificate_key /etc/ssl/private/router.wojciech.lol.key;
    
    access_log /var/log/nginx/router_access.log custom;
    root /www;
    include conf.d/error-pages.location;
    
    location ~ ^/terminal(.*)$ {        
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;

         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 900s;

         proxy_pass http://127.0.0.1:7683/$1;
         proxy_intercept_errors on; 
       }
   location ~ ^/small-pit(.*)$ {        
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;

         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 900s;

         proxy_pass http://192.168.1.5:7683/$1;
         proxy_intercept_errors on; 
       }
       
    location /nginx_metrics {
        access_log off ;
      stub_status;  }
    
    include restrict_locally;
    include conf.d/luci.location;
    include conf.d/deny.location;
    #include conf.d/test.location;
}

In this location, I want to load the GL-Inet webpage and add another location called Luci for openwrt luci webpage
any advice highly appreciated .

Starting all over, since the configs are not exchangeable. No restore.

Dear Aaron you should read my posts more carefully and not only get rid of users. or treat everyone like blondes.
You are a volunteer moderator, great. please pass it to gl-inet staff. Who can give sensible answers.

I would like to mention that in my previous posts I raised the issue of paid support.
Personally, I would gladly pay for a solution of my problem and get it rid off my head. I think many users would do it too, I think that the company should think about it.

there are many solutions.

• first tier free and access to the knowledge base (this forum) and tips on where to look for it (yours for example, thank you for your answers Arron you are very helpful.)
• 2nd tier annual subscription or micropayments (specific tips on solving problems but still on a DIY basis).
• 3rd tier contract for one-time remote access, the user provides ssh login data and after completing the task is obliged to change passwords.

I am a hobbyist and looking for solutions on my own takes me too much time. do something about it.....

In my previous posts, I described why I gave up on GL-inet firmware and migrated to Openwrt and why it is important to me.

I think that I'm not alone, currently many people want to host their resources themselves, e.g. photos 9 Best Self Hosted Photo Backup Alternatives to Google Photos [2025]
On the sidelines - I noticed that Gl-inet wrote an installation script for Home Assistant GitHub - gl-inet/home-assistant-on-openwrt , does it work ( it was last updated 6 years ago ) ? I wonder if the installation is problem-free and what the integration with the web page looks like and whether it is possible to connect home assistant as a subdomain or a new domain in the home network
I think that many customers would pay for HA setup for personalized support.

Ok, but let's get back to my problem.
I have installed Flint 2 4.7.0-op24 firmware, by default in this firmware NGNIX is compiled:

nginx version: nginx/1.26.1 (x86_64-pc-linux-gnu)
built with OpenSSL 3.0.15 3 Sep 2024
TLS SNI support enabled
configure arguments: --target=aarch64-openwrt-linux 
--host=aarch64-openwrt-linux 
--build=x86_64-pc-linux-gnu --disable-dependency-tracking 
--program-prefix= --program-suffix= --prefix=/usr 
--exec-prefix=/usr --bindir=/usr/bin 
--sbindir=/usr/sbin --libexecdir=/usr/lib 
--sysconfdir=/etc 
--datadir=/usr/share --localstatedir=/var 
--mandir=/usr/man --infodir=/usr/info --disable-nls --crossbuild=Linux::aarch64 --prefix=/usr 
--conf-path=/etc/nginx/nginx.conf --modules-path=/usr/lib/nginx/modules --error-log-path=stderr 
--pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock 
--http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body 
--http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--with-cc=aarch64-openwrt-linux-musl-gcc --with-ld-opt='-L/home/jk/workspace/router_mt6000_op/openwrt-24/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.3.0_musl/usr/lib -L/home/jk/workspace/router_mt6000_op/openwrt-24/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.3.0_musl/lib -fuse-ld=bfd -Wl,--gc-sections -flto=auto -fuse-linker-plugin -znow -zrelro' --without-http_upstream_zone_module --with-compat --with-http_ssl_module --without-http-cache --without-http_charset_module --without-http_gzip_module --without-http_ssi_module --without-http_userid_module --without-http_access_module --without-http_auth_basic_module --without-http_autoindex_module --without-http_geo_module --without-http_map_module --without-http_split_clients_module --without-http_referer_module --without-http_scgi_module --without-http_memcached_module --without-http_limit_conn_module --without-http_limit_req_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --with-ipv6 --with-http_gzip_static_module --add-dynamic-module=/home/jk/workspace/router_mt6000_op/openwrt-24/build_dir/target-aarch64_cortex-a53_musl/nginx-ssl/nginx-1.26.1/nginx-mod-lua 
--add-dynamic-module=/home/jk/workspace/router_mt6000_op/openwrt-24/build_dir
/target-aarch64_cortex-a53_musl/nginx-ssl/nginx-1.26.1/nginx-mod-ubus

It's a very limited version of ngnix I don't understand the company's intentions here - security????? bull!!! .
If we're talking about security, then without compiling ngx_http_access_module you can't use the directive allow,deny. Mostly used for security purposes. I use those directives in all internal pages that I want to reserve for only LAN usage:

    allow fc00::/7;
    allow fec0::/10;
    allow fe80::/10;
    allow 127.0.0.0/8;    
    allow 172.16.0.0/12;
    allow 192.168.0.0/16;
    allow 169.254.0.0/16;
    deny all; 

Ok, I removed the deny, allow directives from all of my configuration files to check if I can use NGINX and all the goodness of GL-inet because maybe in the future I will be tempted by astro-warp and it is not worth giving up right away
Here is My Ngnix configuration which was worked :

user  root;
worker_processes  auto;

#include /etc/nginx/module.d/*.module;
#load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
#load_module /usr/lib/nginx/modules/ngx_stream_module.so;
# below orig
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
load_module /usr/lib/nginx/modules/ngx_http_ubus_module.so;

pid /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    lua_package_path "/usr/lib/lua/?.lua;;";
    default_type  application/octet-stream;

    sendfile on;
    keepalive_timeout 5;
    gzip_static on;
    root /www;
    access_log off;
    error_log /var/log/nginx/error.log error;
	# added by wojt 
	log_format openwrt
		'$request_method $scheme://$host$request_uri => $status'
		' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';
	log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
                   'status=$status body_bytes_sent=$body_bytes_sent '
                   '"$http_user_agent" "$http_authorization"';	
        #log_format upstream '$remote_addr - Upstream: $upstream_addr  Cache: $upstream_cache_status | Bytes Sent: $upstream_bytes_sent';           
 
	server_names_hash_bucket_size 64;
	gzip_vary on;
	gzip_proxied any;	
	#gzip_buffers 16 8k;
	
	#---------- SSL-------------
	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
        ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!LOW:!DES:!MD5:!PSK:!RC4:!3DES:!EXP:!SRP:!DSS;
	ssl_session_cache           shared:SSL:10m;	
        ssl_session_timeout       20m;
        ssl_session_tickets on;
        ssl_buffer_size 4k;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 127.0.0.1 valid=300s;
	resolver_timeout 5s;
	ssl_prefer_server_ciphers   on;
	#---------------------------------------- 
	#map $http_accept_language $lang {
	#    default en; # Default language
	#    ~*pl pl;
	#    }
	#--------- buffers  config ------------------
	proxy_buffering on;
	proxy_temp_path /var/cache/nginx 1 2;
	proxy_temp_file_write_size 512k;
	proxy_max_temp_file_size 512k;
	
        proxy_buffer_size 128k;
        proxy_buffers 128 128k;
        proxy_busy_buffers_size 256k;        
        #client_body_buffer_size 128k;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        
	#---------------- end of wojt add 
	client_body_buffer_size 64K;
        client_header_buffer_size 1k;
        client_max_body_size 1G;
	large_client_header_buffers 2 2k;
	lua_shared_dict shmem 12k;
        lua_shared_dict nonces 16k;
        lua_shared_dict sessions 16k;
        init_by_lua_file /usr/share/gl-ngx/oui-init.lua;
    include /etc/nginx/conf.d/*.conf;
}
Here is my  /etc/nginx/conf.d/gl.conf	which as well were worked :

server {	
    listen 80 default_server;
    listen [::]:80 default_server;

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name router.wojciech.lol;

    index gl_home.html;
   # SSL settings
    ssl_certificate /etc/ssl/acme/default.wojciech.lol/fullchain.pem;
    ssl_certificate_key /etc/ssl/acme/default.wojciech.lol/privkey.pem;

    
    access_log /var/log/nginx/router_access.log custom;
    root /www;
    include conf.d/error-pages.location;
    

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SR    P:!DSS:!CAMELLIA:!SEED";
    ssl_session_tickets off;

    #ssl_certificate /etc/nginx/nginx.cer;
    #ssl_certificate_key /etc/nginx/nginx.key;

    resolver 127.0.0.1 ipv6=off;

    rewrite ^/index.html / permanent;

    location = /rpc {
        content_by_lua_file /usr/share/gl-ngx/oui-rpc.lua;
        add_header Content-Type application/json;
        add_header X-Frame-Options DENY;
    }

    location = /ws {
        add_header X-Frame-Options DENY;
        content_by_lua_file /usr/share/gl-ngx/oui-ws.lua;
    }

    location = /upload {
        add_header X-Frame-Options DENY;
        content_by_lua_file /usr/share/gl-ngx/oui-upload.lua;
    }

    location = /download {
        add_header X-Frame-Options DENY;
        content_by_lua_file /usr/share/gl-ngx/oui-download.lua;
    }

    location /cgi-bin/ {
        add_header X-Frame-Options DENY;
        include fastcgi_params;
        fastcgi_read_timeout 300;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }

    location ~.*\.(html|png|jpg|svg)$ {
        add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
        add_header X-Frame-Options DENY;
    }
    # ----------- added-----
      
    location ~ ^/terminal(.*)$ {        
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         #proxy_cache_bypass $http_upgrade;

     proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 900s;

         proxy_pass http://127.0.0.1:7683/$1;
         proxy_intercept_errors on; 
       }
   location ~ ^/small-pit(.*)$ {        
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         #proxy_cache_bypass $http_upgrade;

     proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 900s;

         proxy_pass http://192.168.1.5:7683/$1;
         proxy_intercept_errors on; 
       }       
    #------------------------------
    include /etc/nginx/gl-conf.d/*.conf;
}

Redirection of ttyd service (port 7683) worked and my additional domains movies and gallery as well. Also worked GL-inet android app. That's why I decided to go further because I need a full NGNIX server
to use with proxy caching and in the future rtmp and camera stream integration. this is my router - no compromises...
I decided to install ngnix-full from the same kernel version from the openwrt distribution. GL-inet feeds currently do not allow upgrade NGINX webserver
I added to /etc/opkg/customfeeds.conf the equivalent of GL-inet packages

src/gz openwrt_packages https://downloads.openwrt.org/releases/24.10.0-rc2/packages/aarch64_cortex-a53/packages/

and downloaded:
opkg download package_name
here are list of all downloaded packages :

libubus20250102_2025.01.02~afa57cce-r1_aarch64_cortex-a53.ipk
nginx-full_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-headers-more_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-lua-resty-core_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-lua-resty-lrucache_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-lua_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-njs_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-rtmp_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-stream_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-ts_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-mod-ubus_1.26.1-r1_aarch64_cortex-a53.ipk
nginx-ssl_1.26.1-r1_aarch64_cortex-a53.ipk

I made copies of all replaced binary files.Binaries extracted from the archives were copied into the appropriate source path.
I had problem with dependiences so downloaded and added manually additional global library libubus.so.20250102
I didn't installed lua-resty*, just compared . all sources are the same.
below is dump of ngnix-full config flags :

nginx version: nginx/1.26.1 (x86_64-pc-linux-gnu)
built with OpenSSL 3.0.15 3 Sep 2024
TLS SNI support enabled
configure arguments: --target=aarch64-openwrt-linux --host=aarch64-openwrt-linux 
--build=x86_64-pc-linux-gnu --disable-dependency-tracking --program-prefix= --program-suffix= 
--prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc 
--datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls 
--crossbuild=Linux::aarch64 --prefix=/usr --conf-path=/etc/nginx/nginx.conf --modules-path=/usr/lib/nginx/modules --error-log-path=stderr --pid-path=/var/run/nginx.pid 
--lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body 
--http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--with-cc=aarch64-openwrt-linux-musl-gcc --with-ld-opt='-L/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.3.0_musl/usr/lib -L/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.3.0_musl/lib -fuse-ld=bfd 
-Wl,--gc-sections -flto=auto -fuse-linker-plugin -znow -zrelro' 
--without-http_upstream_zone_module --with-compat 
--with-http_ssl_module --with-ipv6 --with-http_gzip_static_module --with-http_stub_status_module --with-http_flv_module --with-http_dav_module 
--with-http_auth_request_module --with-http_v3_module --with-http_v2_module --with-http_realip_module --with-http_secure_link_module --with-http_sub_module 
--with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-naxsi/naxsi_src 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-njs/nginx 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-geoip2 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-lua 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-rtmp 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-dav-ext 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-brotli 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-headers-more 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-ts 
--add-dynamic-module=/builder/shared-workdir/build/sdk/build_dir/target-aarch64_cortex-a53_musl/nginx-full/nginx-1.26.1/nginx-mod-ubus

Situation after manual NGNIX upgrade
all of my websites works including ttyd redirection but gl-inet main website not works I have http 500 error you can check it typing router.wojciech.lol
In logs I have :

2025/02/16 19:58:23 [error] 2541#0: *125 lua entry thread aborted: runtime error: /usr/lib/lua/resty/core/var.lua:71: no request found
stack traceback:
coroutine 0:
        [C]: in function 'error'
        /usr/lib/lua/resty/core/var.lua:71: in function '__index'
        /usr/share/gl-ngx/oui-access.lua:27: in function </usr/share/gl-ngx/oui-access.lua:1>, client: fdb4:1b76:5d22:0:a0e7:44cf:bb43:c856, server: router.wojciech.lol, request: "GET /favicon.ico HTTP/1.1", host: "router.wojciech.lol", referrer: "https://router.wojciech.lol/"

this error is repeated for every page request.
How to solve it ?
I will describe my comments and thoughts on this situation in another post

Sorry, can't help you. A router is a router, not a web hosting service.
Replacing binaries is not a good idea anyway. Every firmware update will break it.

A GL staff member might be able to, I will ping @bruce

Hello
I currently have a problem installing my WebPages on the Flint2 router, I described my story
https://forum.gl-inet.com/t/how-to-preserve-gl-inet-router-web-page-and-openwrt-luci-and-own-hosted-sites/54365/2?u=wojtrix
Generally, I like the GL-inet router administration webpage for its design, it is intuitive, it also has options, and services for future use.
It seems to me that some mechanisms have been designed exclusively. If so, I consider it a big design error.
I believe that the company can reconcile and even must reconcile this issue of router management to enable the coexistence of user pages and solve the internal security problem (ports)*
I think that the company should release at least 1 version of firmware (developer / experimental) that allows coexistence and setting up self-hosting.
If company don't do this, I think you will lose a lot, my situation seems to me to be not unique.
To make me better understand, I will describe my point of view differently.

In the ADSL era I had internet with BT, NowTV and I never had the opportunity to choose a router, i.e. in (theory - yes but not practical - (some sky user might remember option 51 DHCP used for authentication in company routers if someone replaced sky router had a big problem find router with enabled those options ) )
so, always new contract - new router.

All contract routers have to have one feature: working and that's it, well it can also be idiot-resistant.... for most users this approach is sufficient.
if someone wants more they have to replace the router if possible.

When Full-fibre internet became available in my town. I started looking for a provider that allows you to connect your own router. and I have to say that nothing has changed. To find out if there is a catch or not you have to call the seller.

sellers like sellers, talk about clear sides of the contract, when I ask if you can install your own router . .... there is no clear answer they refer to support and support will answer when there is a contract...

This game lasted with several providers. Plusnet explicitly allows the use of your own router, there are no catches, pure pppoe ,user,password and connected . However, there is no possibility of resigning from the contract router, so my contract router lies in the cabinet unpacked.

I'd bought the GL-inet flint2 router fully consciously after conducting research and familiarizing myself with the technical specifications, features, and comparison of the competition. I think other your users did the same.

GL-inet routers are not given in a package with the ISP providers? You sell them, the user consciously buys them and often it is a second router.
There are enthusiasts/hobbyists level it should generate a different approach, of course router should always work out of the box and be easy to operate.
But there should be a possibility of changing, in my case using the router also as a proxy web server.
Unfortunately, it seems to me that the current GL-inet solutions are exclusive and resembles solutions from contract routers. (which is not bad if you get a router with internet)
Personally, for me it is, I am not afraid to use this word: disgusting

I remember one conversation with an ISP seller who wanted pushed/forced me to choose Best eero router 20 quids more then stock (cheapest router) best eero router and 50 quids voucher .
Why I didn't choose eero router????? the answer is simple freedoom.
Freedom is the most important value in life and paradoxically with choosing router.

Shall I say goodbay GL-inet firmware and migrate to openwrt firmware forever?

yes good idea, can bruce write to me PM ? I have some questions which are valid only when not migrating to openwrt firmware

You might write him first, could be easier. Just click on his name (@bruce) and choose "Message"

Hello,

Thanks for reaching out and interested with GL products.

We do not provide any paid support for the time being and will not accept payment.

Currently, there are no support services for underlying debugging or develop of system-level plug-ins such as nginx/uhttpd/iptables, etc., I'm very sorry.

Since the root permissions of firmware have been opened to users, we will leave the personalized and customized functions to users to develop and debug by themselves.

If you need this depth customization function, you may temporarily need to troubleshoot and debug it yourself, you can search on Google and forums to get some methods. Since this is not the feature request or issue report, we may not help or assist for this.

If the GL firmware part of the code limits your development, only to install the Vanilla OpenWRT firmware.

We will continue to pay attention to this kind of related needs.
If necessary, we may consider adding personalized features for 2C support channel.

Thank you.