Menu
What's new
By:
Filters Better Search

Merlin + entware + owncloud + lighttpd with https (solved)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Carlos M.

Carlos M.

Regular Contributor
Hi all,

I'm finally geting under control my N66u with Merlin and installing some functions.
With owncloud everything looks nice but I need to set up SSL access (https) to the web gui.

I have been looking for info in this forum but no luck.

Please, could you explain how can I configure my server to force https and use a selfsigned certificate?

I used this tutorial but don't explain the last steps.

https://www.hqt.ro/owncloud-through-lighttpd-entware/

Thanks in advance
 
Hi, while somebody answer my question... I found the way to activate HTTPS access.

This example will create a cert which is valid for 3 years:
Code: 
mkdir -p /etc/lighttpd/certs
cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 1095 -nodes

With the terminal, fill in the gaps:
Code: 
Country Name (2 letter code) [AU]:ZZ
State or Province Name (full name) [Some-State]:Sunny-Place
Locality Name (eg, city) []:Nice-Town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:private
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:your servername here
Email Address []:

Make sure the file can't be read by enyone except root:
Code: 
chmod 400 lighttpd.pem

edit /etc/lighttpd/lighttpd.conf and add the following lines:
Code: 
$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"

    # enforce strong cypher
    ssl.use-sslv2 = "disable"
    ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"
}

$HTTP["scheme"] == "http" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
    # enable if you want to "enforce" https
    #$HTTP["host"] == "your servername here" {url.redirect = (".*" => "https://%0$0")}
}

Restart web server to honor new config:
Code: 
/opt/etc/init.d/S80lighttpd restart

Source:

https://forum.owncloud.org/viewtopic.php?t=20358

Now I just need find the way to access from WAN with DDNS ;) any idea?
 
Carlos M. said:
Hi, while somebody answer my question... I found the way to activate HTTPS access.

This example will create a cert which is valid for 3 years:
Code: 
mkdir -p /etc/lighttpd/certs
cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 1095 -nodes

With the terminal, fill in the gaps:
Code: 
Country Name (2 letter code) [AU]:ZZ
State or Province Name (full name) [Some-State]:Sunny-Place
Locality Name (eg, city) []:Nice-Town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:private
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:your servername here
Email Address []:

Make sure the file can't be read by enyone except root:
Code: 
chmod 400 lighttpd.pem

edit /etc/lighttpd/lighttpd.conf and add the following lines:
Code: 
$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"

    # enforce strong cypher
    ssl.use-sslv2 = "disable"
    ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"
}

$HTTP["scheme"] == "http" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
    # enable if you want to "enforce" https
    #$HTTP["host"] == "your servername here" {url.redirect = (".*" => "https://%0$0")}
}

Restart web server to honor new config:
Code: 
/opt/etc/init.d/S80lighttpd restart

Source:

https://forum.owncloud.org/viewtopic.php?t=20358

Now I just need find the way to access from WAN with DDNS ;) any idea?
Click to expand...
https://ddnsaddress/owncloud
 
thanks, just remark that editing before the config.php file of owncloud and adding the ddnsaddress as a trusted domain.
 
I left my owncloud project with my Asus router. I moved to Raspberry Pi 2, Debian, Apache, MySQL, ARM and 1Gb of RAM
Faster... ;)

Thanks
 
You must log in or register to reply here.

Similar threads

ArashT
Issue with tun interface
Replies
6
Views
810
singledog
S
A
Upgraded my ASUS, issues with NordVPN via OpenVPN
Replies
4
Views
749
asusface
A
XIYO
Question on Setting up Scheduler for Wildcard Certificates and DDNS in Asuswrt-Merlin
Replies
5
Views
830
Jeffrey Young
J
JA93
DuckDNS with LetsEncrypt
Replies
9
Views
4K
XIYO
XIYO
R
Help with Avahi mDNS redirector, please
Replies
8
Views
1K
device
D
Similar threads
Thread starter Title Forum Replies Date
W Band steering in Asus Merlin Asuswrt-Merlin 33
F Solved RT-AX58U flashing Merlin failed Asuswrt-Merlin 3
K Solved How to insert a startup script for Merlin custom scripts Asuswrt-Merlin 16
GreyHawkz Asus RT-AX82U Stock vs Merlin Advantage? Asuswrt-Merlin 1
A Question about Asus Merlin Router behind a firewalla? Asuswrt-Merlin 8
RMerlin Release Asuswrt-Merlin 3004.388.7 is now available Asuswrt-Merlin 263
RMerlin Beta Asuswrt-Merlin 3004.388.7 beta is now available Asuswrt-Merlin 123
Z Solved Accidentally flashed XT12 latest merlin on a ET12 Asus Zenwifi Pro. Can't flash back stock FW. Asuswrt-Merlin 11
S Use Zram in Merlin Asuswrt-Merlin 4
PaulA Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 598 (members: 29, guests: 569)
Top