How to run on OpenWRT

xmax000 edited this page Apr 12, 2018 · 13 revisions

Setup and run on your OpenWRT router and have https secured management.

Step 1: Install packages

opkg install luci-ssl-openssl curl ca-bundle

Step 2: Configure Web Server

Here we'll tell uhttpd redirect to https

These commands use the OpenWRT uci command, a brilliant way to parse, get, set, and edit values and sections from config files. It makes scripting OpenWRT a breeze.

uci set uhttpd.main.redirect_https=1
uci commit
/etc/init.d/uhttpd restart

Step 3: Configure and get your certificate

On your router:

curl >
chmod a+x ""
./ --install
cd /root/ ## this domain must actually point to your router
iptables -I input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME
./ --issue -d $DOMAIN -w /www
iptables -D input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME

Now if the certificate issue was successful we'll tell the web server to use our new certificate:

uci set uhttpd.main.key="$(pwd)/$DOMAIN/$DOMAIN.key"
uci set uhttpd.main.cert="$(pwd)/$DOMAIN/$DOMAIN.cer"
uci commit uhttpd
/etc/init.d/uhttpd restart

Step 4: Modify crontab (automatic renew)

Run crontab -e to edit your crontab (use something like export EDITOR="/usr/bin/nano" if vim isn't your style). Edit to:

0 0 * * * "/root/"/ --cron --home "/root/" --pre-hook "iptables -I input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME" --post-hook "iptables -D input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME" --reloadcmd "/etc/init.d/uhttpd restart" >> /root/ 2>&1

Step 5: Configure Firewall

Open or Forward LUCI Port for external access. (use Webinterface)

Other stuff which may help you: