| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:services:webserver:uhttpd [2021/08/27 09:57] – [Server Settings] salexa | docs:guide-user:services:webserver:uhttpd [2024/05/25 18:59] – [Securing uHTTPd] stokito |
|---|
| |
| ==== HTTPS Enable and Certificate Settings and Creation ==== | ==== HTTPS Enable and Certificate Settings and Creation ==== |
| In order to speak HTTPS/TLS, uhttpd needs one of several cryptographic libraries. Such ''libuhttpd-...'' packages can be installed via opkg, e.g. ''libuhttpd-mbedtls'', ''libuhttpd-openssl'' or ''libuhttpd-wolfssl''. | In order to speak HTTPS/TLS, uhttpd needs one of several [[:docs:guide-user:services:tls:libs|cryptographic libraries]]. Such ''libuhttpd-...'' packages can be installed via opkg, e.g. ''libuhttpd-mbedtls'', ''libuhttpd-openssl'' or ''libuhttpd-wolfssl''. |
| |
| In the server configuration, the ''listen_https'' option needs to be defined as explained above. | In the server configuration, the ''listen_https'' option needs to be defined as explained above. |
| uhttpd requires an X.509 certificate and a private key. You can create and copy them manually to the place specified in the configuration. | uhttpd requires an X.509 certificate and a private key. You can create and copy them manually to the place specified in the configuration. |
| |
| There is an alternative: In this case (as of 10.03.1) you'll need to install the ''luci-ssl'' meta-package which in turn will pull also the ''px5g'' script. With this utility the init script will generate the appropriate certificate and key files when the server is started for the first time, either by reboot or by manual restart. | There is an alternative: In this case (as of 10.03.1) you'll need to install the ''luci-ssl'' meta-package which in turn will pull also the ''px5g'' script. With this utility the init script will generate the appropriate self signed certificate and key files when the server is started for the first time, either by reboot or by manual restart. |
| |
| The ''/etc/config/uhttpd'' file contains in the end a section detailing the certificate and key files creation parameters: | The ''/etc/config/uhttpd'' file contains in the end a section detailing the certificate and key files creation parameters: |
| |
| Those will be needed only once, at the next restart. | Those will be needed only once, at the next restart. |
| | |
| | If you are hosting the website to internet you may want to [[:docs:guide-user:services:tls:certs|obtain LetsEncrypt certificates]]. |
| |
| ===== Basic Authentication (httpd.conf) ===== | ===== Basic Authentication (httpd.conf) ===== |
| |
| ===== Securing uHTTPd ===== | ===== Securing uHTTPd ===== |
| | See [[:docs:guide-user:luci:luci.secure]] for more details. |
| | |
| By default, uHTTPd is bind to ''0.0.0.0'' which also includes the WAN port of your router. To bind uHTTPd to the LAN port only you have to change the ''listen_http'' and ''listen_https'' options to your LAN IP address. | By default, uHTTPd is bind to ''0.0.0.0'' which also includes the WAN port of your router. To bind uHTTPd to the LAN port only you have to change the ''listen_http'' and ''listen_https'' options to your LAN IP address. |
| |