| Message ID | 20201214090743.14651-1-ynezz@true.cz |
|---|---|
| State | Accepted |
| Delegated to: | Petr Štetiar |
| Headers | show |
| Series | uhttpd: don't redirect to HTTPS by default | expand |
On Mo, Dez 14, 2020 at 10:07, Petr Štetiar <ynezz@true.cz> wrote: > So we can ship px5g-wolfssl by default in the release image, but still > make the HTTPS for LuCI optional. This small change with addition of > `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for > the > next release should provide optional HTTPS in the next release. > > Disabling the current default automatic uhttpd's redirect to HTTPS > should make the HTTPS optional. That's it, user would either need to > switch to HTTPS by manually switching to https:// protocol in the URL > or > by issuing the following commands to make the HTTPS automatic redirect > permanent: > > $ uci set uhttpd.main.redirect_https=1 > $ uci commit uhttpd > $ service uhttpd reload > > Signed-off-by: Petr Štetiar <ynezz@true.cz> > --- Acked-by: Paul Spooren <mail@aparcar.org> > package/network/services/uhttpd/files/uhttpd.config | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/network/services/uhttpd/files/uhttpd.config > b/package/network/services/uhttpd/files/uhttpd.config > index aeded08afc95..40ce67fd010f 100644 > --- a/package/network/services/uhttpd/files/uhttpd.config > +++ b/package/network/services/uhttpd/files/uhttpd.config > @@ -10,7 +10,7 @@ config uhttpd main > list listen_https [::]:443 > > # Redirect HTTP requests to HTTPS if possible > - option redirect_https 1 > + option redirect_https 0 > > # Server document root > option home /www > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Hi, > So we can ship px5g-wolfssl by default in the release image, but still > make the HTTPS for LuCI optional. This small change with addition of > `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the > next release should provide optional HTTPS in the next release. please note that LuCI is currently quite broken using the libustream-wolfssl backend, definitely not in a releasable shape. ~ Jo
Jo-Philipp Wich <jo@mein.io> [2020-12-14 23:24:23]: Hi, > > So we can ship px5g-wolfssl by default in the release image, but still > > make the HTTPS for LuCI optional. This small change with addition of > > `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the > > next release should provide optional HTTPS in the next release. > > please note that LuCI is currently quite broken using the libustream-wolfssl > backend, definitely not in a releasable shape. I'm hearing you, that's why I've proposed this change, to make it opt-in. Without this change the HTTPS would be enabled by default and this is not desired. With this change it's strictly opt-in, so we can mention it in the relase notes, that HTTPS is available if folks want to try it out and send patches with fixes or just file bug reports. Speaking of bug reports, what does it mean "currently quite broken"? Do you've some reproducer or some idea how to trigger that issue(s) you're seeing? It would be nice to have those cases covered in unit tests. BTW I'm using LuCI with HTTPS for some time and apart from that sysauth cookie issue which is not related to libustream-wolfssl backend it seems quite usable to me, no memleaks etc. Cheers, Petr
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index aeded08afc95..40ce67fd010f 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -10,7 +10,7 @@ config uhttpd main list listen_https [::]:443 # Redirect HTTP requests to HTTPS if possible - option redirect_https 1 + option redirect_https 0 # Server document root option home /www
So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar <ynezz@true.cz> --- package/network/services/uhttpd/files/uhttpd.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)