OMV: HTTP redirect to HTTPS

  • Hi all,


    I couldn't find the steps how to enable auto http redirect to https in the forum.
    I currently using SSL connection & force SSL-enabled option is ON.
    I would like it to auto redirect my OMV from HTTP to HTTPS whenever I enter LAN IP or domain name.
    Should I edit the hosts file config or something?


    My http and https are non standard ports.

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    Einmal editiert, zuletzt von tinh_x7 ()

  • *** Make sure you put a check mark in "Force SSL/TLS" at System/Web Administration" before you do this (to stop the Web GUI from listening on port 80) ***


    This is for standard ports. If you changed the ports change the listen 80 to your http port number. For the redirect put a : and the port number after host (e.g. if https port was 444 then the line should be "return 301 https://\$host:444;")


    cd /etc/nginx/sites-enabled
    touch omv-redirect
    chmod 644 omv-redirect
    chown root:root omv-redirect


    Then put these contents in the file:

    Code
    server {
           listen         80;
           server_name openmediavault-webgui;
           return         301 https://\$host;
    }


    Then restart nginx:
    service nginx restart




    PS- If later you decide you don't want it:
    cd /etc/nginx/sites-enabled
    rm omv-redirect
    service nginx restart

    • Offizieller Beitrag

    I think redirecting standard HTTP/HTTPS to a custom port is useless, otherwise you can use the standard ports. You have choosen different ports because of security, but you will redirect standard HTTP or HTTPS calls to your non standard ports? This is somewhat stupid and useless. This will break your security idea.

  • His HTTP is non standard too. But how hard would it be to scan his ports and get what is running on them anyway. Changing the ports might help with some bots that are only trying the normal ports.


    Maybe he does this to save a few keystrokes on machines with no bookmarks... Who knows ???

  • Guys,


    I did put a check mark for "Force SSL/TLS" at System/Web Administration" in OMV web gui.


    My current settings for HTTP and HTTPS are non-standard ports.
    In this case, I believe standard ports are such as 80,443.
    What I want is to enter the local IP or host name with HTTP://domain.com:9443 , then it automatically redirect to HTTPS://domain.com:9443.
    HTTPS working fine if I bookmarked the link.


    For security purpose, Is it easier for me to redirect or to disable my non-standard HTTP port?
    I"m try to do the same to my OwnCloud, too.


    Thanks.

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • If you do it right, no. You just need to make sure you are using correct ports. If you have a bind error nginx will not start. You can edit the redirect file to fix, or delete it, and then start nginx. This is simple stuff man. Only one service can be bound to a given port for nginx to start.

  • I got this error message after I restart nginx.
    I ran sudo netstat -nlp | grep :8080 , but nothing showed up.
    I then restart OMV, but OMV webpage is unable to load regardless if I entered local IP or my hostname.
    So, I removed the omv-redirect, then it working again.


    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    3 Mal editiert, zuletzt von tinh_x7 ()

  • Why is something bound tcp 8080 ???? What did you assign to this port?


    I just added the omv-direct file you have above and here is what I get.


    Code
    root@omv:/etc/nginx/sites-enabled# netstat -aln | grep 80
    tcp        0      0 127.0.0.1:18083         0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN
    tcp6       0      0 :::80                   :::*                    LISTEN
    root@omv:/etc/nginx/sites-enabled#
  • In system/general settings you switch your default http to 8080 ????


    Then yo have check mark in Force SSL/TLS ???


    It is like it is still listening on 8080 and the check mark has no effect... Maybe this check mark is only working when it is on standard port.


    Hold on...

  • Yes, that's correct.


    I'm using http 8080 for OMV b/c OC is using 80.
    Is port 8080 not suitable for OMV?



    Code
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          19019       8326/apache2
    tcp6       0      0 :::8080                 :::*                    LISTEN      0          19630       8275/nginx

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • The check mark is not working for some reason....


    The server config on port 8080 should not be available if the force ssl is checked.


    Give results of this:


    cat /etc/nginx/sites-available/openmediavault-webgui



    PS- It seems it is still listening on 8080. Which is what we check here.

  • Are you saying I can't use nonstandard port while SSL/TLS enforce option is enabled?
    FYI: I'm not re-create omv-redirect file yet.





    Code
    ls -la /etc/nginx/sites-enabled
    total 8
    drwxr-xr-x 2 root root 4096 Sep  2 20:06 .
    drwxr-xr-x 6 root root 4096 Jul 25 16:49 ..
    lrwxrwxrwx 1 root root   39 Sep  2 20:06 openmediavault-nginx -> ../sites-available/openmediavault-nginx
    lrwxrwxrwx 1 root root   40 Jul 17 17:59 openmediavault-webgui -> ../sites-available/openmediavault-webgui

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • If you change the default port to 8080 and then use the ckeck mark to force ssl the 8080 should be disabled because it is http. But that does not seem to be working in the web gui. I am thinking the check mark will only disable if the port for http is the standard port 80.


    If your skill level were higher you could do this all on your own. But I don't want you in situation where you have problems. So I recommend you don't do this.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!