Recommend enabling HTTPS on first login

1. offizieller Beitrag

    My first POST here and I must first say that OMV looks very good!!


    After installing OMV I switched over to my laptop accessing my OMV server over wifi. Now Wifi isn't fully secure so I think that it's a good idea to enable HTTPS either by default (could confuse users as a self-signed certificate is not trusted by the browser) or at least hint something about HTTPS in the startup instructions? There were recently some updates of the startup texts but no mention of HTTPS as far as I can tell: http://sourceforge.net/p/openmediavault/code/499


    Another minor improvement could be to highlight the required field on the Self-signed SSL certificate page. I think that you only need to set Key Size, Validity, CN and Country. The default key size could also be set to 2048b to align with the current recommendations.

    • Offizieller Beitrag

    The majority of OMV users have their box behind a router (NAT) and don't have port 80 open to the internet. I don't really think https needs to be on by default. It is easy enough to turn on if you want it. Like you said, the self-signed cert would confuse some users.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.6 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    I agree that this is not a major issue but the point was that Wifi is not fully secure so in that respect a firewalling router won't help.


    Another was to secure the communication is to tunnel the http session through ssh (need to allow tunneling in /etc/ssh/sshd_config) - but that is even more work than creating the self-sign certificate :D

    • Offizieller Beitrag
    Zitat von "dragonfish"

    I agree that this is not a major issue but the point was that Wifi is not fully secure so in that respect a firewalling router won't help.


    If wifi (wpa2) is not secure enough, I doubt OMV is what you really want.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.6 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Sorry I was being ignorant! I simply assumed that wpa2 was also broken and didn't even bother to check.. Seems like wpa2 is not that bad after all :) Still think that HTTPS (or other means of securing the communication) is a good idea though.

    I think it is nice that we can create a cert in omv without doing it manually. WPA2 is safe for now. If you want SSL just activate it. I don't think the features you requested above will ever be implemented because they are more whimsical, rather than essential, to OMV's design.

    Features that create more trouble for most users than help should be not the default. HTTPS with the certificat signature and IE9 refusing to work with incorrect signed certificats is a real good candidate that unexperienced users will never see the OMV console. And that will neither help OMV nor the users.

    Everything is possible, sometimes it requires Google to find out how.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden