OpenWRT LuCI GUI with UHTTPD using HTTPS: Difference between revisions
mNo edit summary |
|||
| Line 88: | Line 88: | ||
</syntaxhighlight>In the above example, of course replace 'source' and 'destination' IP Addresses with proper ones. The port 8080 and 4443 items are shown as a reminder that anyone using OpenWRT as a web server will need to take ports 80 and 443 into consideration when managing a router (IE, can't double up on the ports, as something won't work properly). | </syntaxhighlight>In the above example, of course replace 'source' and 'destination' IP Addresses with proper ones. The port 8080 and 4443 items are shown as a reminder that anyone using OpenWRT as a web server will need to take ports 80 and 443 into consideration when managing a router (IE, can't double up on the ports, as something won't work properly). | ||
=====Configuring SSL with the LuCI GUI===== | =====Configuring SSL (but not with the LuCI GUI)===== | ||
Forget about it | Forget about installing or configuring access to the LuCI GUI with the LuCI GUI. How, oh how can it be configured to work? | ||
* Go back up to the top and read the part about installing the luci-ssl-openssl package. Make sure it is installed. | |||
* Restart the UHTTPD service and it will generate the proper SSL certificate, etc. | |||
* Good to go | |||
Here's why the GUI is a bit misleading: There are two buttons that prompt one to "Select file". What it doesn't say is that the "Remove old certificate and key" Button will not work reliably unless the above information is configured in the /etc/config/uhttpd file. | Here's why the GUI is a bit misleading: There are two buttons that prompt one to "Select file". What it doesn't say is that the "Remove old certificate and key" Button will not work reliably unless the above information is configured in the /etc/config/uhttpd file. | ||
| Line 95: | Line 99: | ||
In fact after an hour of testing the LuCU HTTPD GUI was so wonky and unpredictable, it became pointless to give explicit directions. That combined with a rather curious feature of clicking on the "Remove old certificate and key" Button redirecting to a URL that claims it "can't display this page", but is the exact same as the one can go "back" to, that works. | In fact after an hour of testing the LuCU HTTPD GUI was so wonky and unpredictable, it became pointless to give explicit directions. That combined with a rather curious feature of clicking on the "Remove old certificate and key" Button redirecting to a URL that claims it "can't display this page", but is the exact same as the one can go "back" to, that works. | ||
And the final nail in the coffin is this: "This permanently deletes the cert, key, and configuration to use same." What? What is that? That is a direct copy and paste from the help information available in the LuCI GUI about what will happen if the "Remove configuration for certificate and key" Button. It is not helpful at all. It is confusing. The label on the Button itself is more clear than the help information. And having help information that makes things more confusing is not helpful. That much is obvious. OK, enough bashing. That's easy to do. Understanding is difficult. The best guess as to what happened with the UN-helpful information is that someone familiar with the subject matter, probably the programmer, quickly jotted down a note that made complete sense to them. And there wasn't enough time to proof read it or no one like an editor came behind them and tried to correct anything. So here's my contribution for the "help information"; | |||
- First, the "Remove configuration for certificate file and key" Button label should be changed to DELETE or REMOVE as the text that precedes the Button already says, you guessed it "Remove configuration for certificate and key" | |||
- Second, here's what the "help information" should say: Clicking the "Remove / Delete" Button will permanently delete the certificate and the key files that are required for HTTPS* to function (*HTTPS utilizes what is commonly referred to as SSL, but is now TLS (see https://en.wikipedia.org/wiki/Transport_Layer_Security)). | |||
- Third, a comforting follow up statement should be made: ...but even though those files will be deleted, that's OK. Here's why. We (being the OpenWRT people or the UHTTP people), were smart enough and wise enough to program the UHTTPD service to automatically create a new certificate and key when restarted. So even if you delete the certificate and key file, that's OK, a new one will be created. Below is the output generated if the certificate and key are deleted and the UHTTPD service is then restarted<syntaxhighlight lang="text"> | |||
root@OpenWrt:/etc# service uhttpd restart | |||
4+0 records in | |||
4+0 records out | |||
Generating a RSA private key | |||
..........................+++++ | |||
..................................+++++ | |||
writing new private key to '/etc/uhttpd.key.new' | |||
----- | |||
</syntaxhighlight> | |||
=====Items of Note===== | =====Items of Note===== | ||