Last active
March 5, 2019 21:19
-
-
Save ruzickap/10099014 to your computer and use it in GitHub Desktop.
OpenWrt Lighttpd modification to use https and serve transmission, foris, and personal web pages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
opkg install lighttpd-mod-proxy | |
#See the http://192.168.1.1/myadmin/ for main "myadmin" page | |
mkdir -p /www3/myadmin/transmission-web | |
mkdir -p /www3/myadmin/luci | |
cp /etc/foris/foris-lighttpd-inc.conf /etc/foris/foris-lighttpd-inc.conf.orig | |
cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig | |
#Let foris "listen" only on 192.168.1.1 | |
#sed -i "s@\$HTTP\[\"url\"\] !~ \"\^/static\" {.*@\$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {@" /etc/foris/foris-lighttpd-inc.conf | |
sed -i "/\$HTTP\[\"url\"\] !~ .*/i \$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {" /etc/lighttpd/conf.d/foris.conf | |
echo "}" >> /etc/lighttpd/conf.d/foris.conf | |
#Change httpd root to my own | |
sed -i 's/www2/www3/' /etc/lighttpd/lighttpd.conf | |
wget --no-check-certificate https://raw.github.com/ruzickap/medlanky.xvx.cz/gh-pages/index.html -O - | sed 's@facebook.com/medlanky@xvx.cz@g;s/UA-6594742-7/UA-6594742-8/' > /www3/index.html | |
uci add firewall rule | |
uci set firewall.@rule[-1].name=https | |
uci set firewall.@rule[-1].src=wan | |
uci set firewall.@rule[-1].target=ACCEPT | |
uci set firewall.@rule[-1].proto=tcp | |
uci set firewall.@rule[-1].dest_port=443 | |
uci add firewall rule | |
uci set firewall.@rule[-1].name=http | |
uci set firewall.@rule[-1].src=wan | |
uci set firewall.@rule[-1].target=ACCEPT | |
uci set firewall.@rule[-1].proto=tcp | |
uci set firewall.@rule[-1].dest_port=80 | |
#Enable SSL (https) | |
mkdir -p /etc/lighttpd/ssl/xvx.cz | |
chmod 0600 /etc/lighttpd/ssl/xvx.cz | |
SUBJ=" | |
C=CZ | |
ST=Czech Republic | |
O=XvX, Inc. | |
localityName=Brno | |
commonName=gate.xvx.cz | |
" | |
openssl req -new -x509 -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -keyout /etc/lighttpd/ssl/xvx.cz/server.pem -out /etc/lighttpd/ssl/xvx.cz/server.pem -days 3650 -nodes -newkey rsa:2048 -sha256 | |
cat >> /etc/lighttpd/lighttpd.conf << \EOF | |
$SERVER["socket"] == ":443" { | |
ssl.engine = "enable" | |
ssl.pemfile = "/etc/lighttpd/ssl/xvx.cz/server.pem" | |
} | |
server.modules += ( | |
"mod_proxy", | |
) | |
#Access the transmission torrent client using: https://192.168.1.1/myadmin/transmission-web | |
$HTTP["url"] =~ "^/myadmin/transmission*" { | |
# Use proxy for redirection to Transmission's own web interface | |
proxy.server = ( "" => | |
( ( | |
"host" => "127.0.0.1", | |
"port" => 9091 | |
) ) | |
) | |
} | |
$HTTP["url"] =~ "^/myadmin/*" { | |
server.dir-listing = "enable" | |
} | |
alias.url += ( | |
"/myadmin/luci" => "/www/cgi-bin/luci", | |
) | |
EOF |
Kdo chce jen to transmisson a nechce přestěhovat luci, stačí do souboru v /etc/lighttpd/modules.d/40-proxy.load vložit
$HTTP["url"] =~ "^/transmission*" {
server.dir-listing = "enable"
proxy.server = ( "" =>
( (
"host" => "0.0.0.0",
"port" => 9091
) )
)
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
super, kdyby někomu nešlo, nemá balíček transmission-web, lighttpd-mod-alias, lighttpd-mod-proxy. Nebo má v transmission nastavenou jinou IP (například 0.0.0.0).