Hi all,
My Nextcloud installation is running well and I have access via both ports 80 and 443 also from internet. But before I give my family members access to there own accounts I will be sure they can only use SSL. Okay, I can close port 80 on my router but I want let it open, until now Let'sEncrypt Certification renewal only works if my domain will be reachable on this port. Therefore I searched for a solution to configure a redirection from 80 to 443, but any changes under /volume0/usr/builtin/etc/apache2/sites-enabled will be lost after deactivating and activating the web service. And unlikely the admin port 8000 to 8001 there is no checkbox to activate this redirect inside Asustor configuration. Any ideas or solutions? Thanks in advance.
Best regards
Steffen
Port redirect from 80 to 443
-
Stifi21
- Posts: 2
- youtube meble na wymiar Warszawa
- Joined: Mon Apr 17, 2017 6:06 am
-
father.mande
- Posts: 1819
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: Port redirect from 80 to 443
Hi,
For a low to medium simultaneous connection ..
I can suggest you (if you have basic to moderate Linux skills) to use stunnel (available in the Entware-ng APKG as a package)
Stunnel is a simple tools that redirect insecure port to secure port
... ex. port 80 to llocalhost port 443
... so any incoming on port 80 is transparently forwarded to SSL port 443
This imply a not complex configuration ... in this case you can also add your own certificate (from letencrypt's or other ... )
Just remember that if port 80 is listening by stunnel ... you must change it in Apache server to avoid conflict ... (this will be invisible from external) but you keep possibility to accees (as admin) the web server locally using the new port .
In your case stunnel is used only as a ssl proxy to enter in the system, F.Y.I. stunnel can also be used for "client" mode ... so local (NAS) client can be configured to use non ssl ... but through stunnel can output as any SSL client
don't be afraid by the configuration (your mode is easy ... ) but lot of possibility eist (for ex. having a different key for each tunnel (port used)) but in your case it's not need.
Philippe.
NB lot of example and configuration exist in the Web ... "search engine" are your friend ...
For a low to medium simultaneous connection ..
I can suggest you (if you have basic to moderate Linux skills) to use stunnel (available in the Entware-ng APKG as a package)
Stunnel is a simple tools that redirect insecure port to secure port
... ex. port 80 to llocalhost port 443
... so any incoming on port 80 is transparently forwarded to SSL port 443
This imply a not complex configuration ... in this case you can also add your own certificate (from letencrypt's or other ... )
Just remember that if port 80 is listening by stunnel ... you must change it in Apache server to avoid conflict ... (this will be invisible from external) but you keep possibility to accees (as admin) the web server locally using the new port .
In your case stunnel is used only as a ssl proxy to enter in the system, F.Y.I. stunnel can also be used for "client" mode ... so local (NAS) client can be configured to use non ssl ... but through stunnel can output as any SSL client
don't be afraid by the configuration (your mode is easy ... ) but lot of possibility eist (for ex. having a different key for each tunnel (port used)) but in your case it's not need.
Philippe.
NB lot of example and configuration exist in the Web ... "search engine" are your friend ...
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
-
Stifi21
- Posts: 2
- Joined: Mon Apr 17, 2017 6:06 am
Re: Port redirect from 80 to 443
Hi Philippe,
Thanks for your answer, but i'm not sure if this solves my problem. I have some little knowledge about stunnel and we use it in the office to realize a ssl connection to unencrypted software solutions. The forwarding is always local on the server from 443 to the target unencrypted port. But I want that my family members does not login to NextCloud or Asustor unencrypted by mistake. Therefore it should be more a redirect rule inside Apache configuration but I don't know where to implement.
Best regards
Steffen
Thanks for your answer, but i'm not sure if this solves my problem. I have some little knowledge about stunnel and we use it in the office to realize a ssl connection to unencrypted software solutions. The forwarding is always local on the server from 443 to the target unencrypted port. But I want that my family members does not login to NextCloud or Asustor unencrypted by mistake. Therefore it should be more a redirect rule inside Apache configuration but I don't know where to implement.
Best regards
Steffen