1

I have HTTPS working for a local instance of Lighttpd.

But I'm wanting to redirect:

http://192.168.1.254 -> https://192.168.1.254:123
https://192.168.1.254 -> https://192.168.1.254:123

My config is below.

What I get ATM is https://192.168.1.254/:4430 which shows "This site can’t provide a secure connection" for both HTTP and HTTPS and I'm guess the extra / after 254 is the cause but I can't seem to figure it out.

server.modules += (
        "mod_openssl",
        "mod_alias"
)

setenv.add-environment = ("fqdn" => "true")

$SERVER["socket"] == ":4430" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
        ssl.honor-cipher-order = "enable"
        ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
        ssl.use-sslv2 = "disable"
        ssl.use-sslv3 = "disable"
}

# Redirect HTTP to HTTPS 4430
$HTTP["scheme"] == "http" {
        $HTTP["host"] =~ ".*" {
                url.redirect = (".*" => "https://192.168.1.254:4430")
        }
}

# Redirect HTTPS to HTTPS 4430
$SERVER["socket"] == ":443" {
        $HTTP["host"] =~ ".*" {
                url.redirect = (".*" => "https://192.168.1.254:4430")
        }
}
Sean Delaney
  • 111
  • 2
  • The problem in your current configuration is that it appears you want to run both http and https simultaneously on the same port, port 4430. You can't. (Other software can do protocol identification and separate for example incoming https and ssh connections on the same port and send them to different back-ends, but AFAIK lighthttpd can't.) - Also in the URL the format is `://:/` where the port specification `:80` may be omitted for plain http resp. `:443` for https. Your `https://192.168.1.254/:4430` should probably be: `https://192.168.1.254:4430/` – Bob Jan 11 '22 at 14:04

1 Answers1

0

I do not understand why you are redirecting to 4430 instead of to 443, as that would be more straightforward and more typical, but here is a config for you:

server.modules += (
        "mod_openssl",
        "mod_redirect",
)

setenv.add-environment = ("fqdn" => "true")

ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

$SERVER["socket"] == ":4430" {
        ssl.engine = "enable"
}
# Redirect HTTPS to HTTPS 4430
else $SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        url.redirect = ("" => "https://192.168.1.254:4430${url.path}${qsa}")
}
# Redirect HTTP to HTTPS 4430
else $HTTP["scheme"] == "http" {
        url.redirect = ("" => "https://192.168.1.254:4430${url.path}${qsa}")
}
gstrauss
  • 221
  • 1
  • 5