On Sep 28, 2016, at 6:48 AM, Michael Keuter <li...@mksolutions.info> wrote:
> >> Am 28.09.2016 um 13:35 schrieb Stefan Ulm <s....@divus.biz>: >> >> Hi all, >> >> for our customers would be easier to access the webinterface for >> configuration over http. >> IN parallel for us from remote and for CLI-usage we require access to https >> in parallel. >> >> Is it possible to access over http and https in parallel to the webinterface? >> We use no internal LAN-Port, so the apu2 is a simple network device in the >> local network (no routing, no firewall over astlinux on apu2 >> >> Best regards >> >> Stefan Ulm >> Technical Department | Research & Development >> stefan....@divus.eu > > Hi Stefan, > > for security reasons I would strongly advise not to use http for accessing > the webinterface. > There might be unkown bugs in the used libraries or applications (client or > server side). > You theoretical could have unkown malware in your internal network as well. > > And all for a bit more comfort … > You should educate your customer instead :-). > > Michael > http://www.mksolutions.info I agree with Michael, without HTTPS the 'admin' credentials are not secure. In this day and age of half-baked (or intentionally malicious) IoT devices, the LAN is not as safe as it once was presumed. Out of curiosity: Is explaining to the user with a web browser how to trust the self-signed certificate in AstLinux the problem ? But to answer your question, you can enable HTTP support for the web interface: Network tab -> -- HTTP Server Directory: /stat/var/www HTTP Server Options: _x_ HTTP CGI -- (reboot to apply) But, if your don't fully qualify URL, ex: http://pbx/ it will redirect you to HTTPS (redirect to HTTPS) pbx ~ # curl -LIk http://pbx/ -- HTTP/1.1 302 Found X-Powered-By: PHP/5.6.25 Location: https://pbx/status.php Content-type: text/html; charset=UTF-8 Date: Wed, 28 Sep 2016 12:43:08 GMT Server: lighttpd/1.4.41 HTTP/1.1 200 OK X-Powered-By: PHP/5.6.25 Content-Type: text/html; charset=utf-8 Date: Wed, 28 Sep 2016 12:43:08 GMT Server: lighttpd/1.4.41 -- (no redirect, uses HTTP) pbx ~ # curl -LIk http://pbx/status.php -- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.25 Content-Type: text/html; charset=utf-8 Date: Wed, 28 Sep 2016 12:43:59 GMT Server: lighttpd/1.4.41 -- Lonnie PS: Since you are using an APU2 with three interfaces, why not (at least as an option) allow your product to also act as a gateway device (firewall enabled and two other NIC's are internal LAN's) so it would protect itself from the pre-existing LAN environment as well as protect other possible DIVUS products. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
