Stefan, > If I understood right to enable https redirection I have only to enable "http > cgi", set same path for http server as for https server and enable https cgi.
Yes. > I tried it and worked. Do you think this combination can be used without > risking loosing connection to web- interface or creating higher CPU load for > the machine? Yes, this is my personal configuration for many years. No issues. If in addition you need generic HTTP/HTTPS web serving use /mnt/kd/phoneprov/ for the data and http://pbx/phoneprov/ or https://pbx/phoneprov/ URL. Lonnie On Sep 28, 2016, at 8:30 AM, Stefan Ulm <s....@divus.biz> wrote: > Hi Lonnie, > > I agree totally, security first. > Redirection to http will be my choice, because the only thing which sometines > people stuck, is that they try to enter only the IP in the browser, without > leading https. > Means, that if I could define a https redirecting, so that people are > redirected to https, when they enter only the IP in the browser, this will be > the best solution for us. > > If I understood right to enable https redirection I have only to enable "http > cgi", set same path for http server as for https server and enable https cgi. > I tried it and worked. Do you think this combination can be used without > risking loosing connection to web- interface or creating higher CPU load for > the machine? > > > > > > > Best regards > > Stefan Ulm > Technical Department | Research & Development > stefan....@divus.eu > > > > > > DIVUS Headquarters Pillhof 51 . I-39057 Eppan (Südtirol) . Tel. +39 0471 633 > 662 . Fax. +39 0471 631 829 > www.divus.eu . Privacy: http://www.divus.eu/media/DivusPrivacy.pdf > > -----Ursprüngliche Nachricht----- > Von: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Gesendet: Mittwoch, 28. September 2016 15:10 > An: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> > Betreff: Re: [Astlinux-users] Access webinterface over http and https > > > On Sep 28, 2016, at 6:48 AM, Michael Keuter <li...@mksolutions.info> wrote: > >> >>> Am 28.09.2016 um 13:35 schrieb Stefan Ulm <s....@divus.biz>: >>> >>> Hi all, >>> >>> for our customers would be easier to access the webinterface for >>> configuration over http. >>> IN parallel for us from remote and for CLI-usage we require access to https >>> in parallel. >>> >>> Is it possible to access over http and https in parallel to the >>> webinterface? >>> We use no internal LAN-Port, so the apu2 is a simple network device >>> in the local network (no routing, no firewall over astlinux on apu2 >>> >>> Best regards >>> >>> Stefan Ulm >>> Technical Department | Research & Development stefan....@divus.eu >> >> Hi Stefan, >> >> for security reasons I would strongly advise not to use http for accessing >> the webinterface. >> There might be unkown bugs in the used libraries or applications (client or >> server side). >> You theoretical could have unkown malware in your internal network as well. >> >> And all for a bit more comfort . >> You should educate your customer instead :-). >> >> Michael >> http://www.mksolutions.info > > I agree with Michael, without HTTPS the 'admin' credentials are not secure. > > In this day and age of half-baked (or intentionally malicious) IoT devices, > the LAN is not as safe as it once was presumed. > > Out of curiosity: Is explaining to the user with a web browser how to trust > the self-signed certificate in AstLinux the problem ? > > > But to answer your question, you can enable HTTP support for the web > interface: > > Network tab -> > -- > HTTP Server Directory: /stat/var/www > > HTTP Server Options: _x_ HTTP CGI > -- > (reboot to apply) > > But, if your don't fully qualify URL, ex: http://pbx/ it will redirect you to > HTTPS > > (redirect to HTTPS) > pbx ~ # curl -LIk http://pbx/ > -- > HTTP/1.1 302 Found > X-Powered-By: PHP/5.6.25 > Location: https://pbx/status.php > Content-type: text/html; charset=UTF-8 > Date: Wed, 28 Sep 2016 12:43:08 GMT > Server: lighttpd/1.4.41 > > HTTP/1.1 200 OK > X-Powered-By: PHP/5.6.25 > Content-Type: text/html; charset=utf-8 > Date: Wed, 28 Sep 2016 12:43:08 GMT > Server: lighttpd/1.4.41 > -- > > (no redirect, uses HTTP) > pbx ~ # curl -LIk http://pbx/status.php > -- > HTTP/1.1 200 OK > X-Powered-By: PHP/5.6.25 > Content-Type: text/html; charset=utf-8 > Date: Wed, 28 Sep 2016 12:43:59 GMT > Server: lighttpd/1.4.41 > -- > > Lonnie > > PS: Since you are using an APU2 with three interfaces, why not (at least as > an option) allow your product to also act as a gateway device (firewall > enabled and two other NIC's are internal LAN's) so it would protect itself > from the pre-existing LAN environment as well as protect other possible DIVUS > products. > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
