frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Updated HTTPS support (markdown)

Bill Zimmerman 2019-07-30 11:00:26 -07:00
parent 5e0c458494
commit c7d9951e1c
1 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
HTTPS--support.md

@ -13,7 +13,7 @@ Read more about mkcert [here](https://blog.filippo.io/mkcert-valid-https-certifi
### How-To
Follow the steps below to generate and install a locally-trusted certificate for RaspAP. The local domain `raspap.local` is used in the examples below. You may substitute this with the default `raspberrypi.local` or your own hostname.
Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi:
1. Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi:
```
sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert
sudo chmod +x /usr/local/bin/mkcert
@ -24,7 +24,7 @@ You should see output like the following:
Using the local CA at "/home/pi/.local/share/mkcert" ✨
The local CA is now installed in the system trust store! ⚡️
```
Generate a certificate for `raspap.local`:
2. Generate a certificate for `raspap.local`:
```
mkcert raspap.local "*.raspap.local" raspap.local
```
@ -38,24 +38,23 @@ Created a new certificate valid for the following names 📜
- "raspap.local"
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.raspap.local
The certificate is at "./raspap.local+2.pem" and the key at "./raspap.local+2-key.pem" ✅
```
Next, combine the private key and certificate:
3. Next, combine the private key and certificate:
```
cd /home/pi
cat raspap.local+2-key.pem raspap.local+2.pem > raspap.local.pem
```
Create a directory for the combined `.pem` file in lighttpd:
4. Create a directory for the combined `.pem` file in lighttpd:
```
sudo mkdir /etc/lighttpd/ssl
```
Set permissions and move the `.pem` file:
5. Set permissions and move the `.pem` file:
```
chmod 400 /home/pi/raspap.local.pem
sudo mv home/pi/raspap.local.pem /etc/lighttpd/ssl
```
Edit the lighttpd configuration:
6. Edit the lighttpd configuration:
```
sudo nano /etc/lighttpd/lighttpd.conf
```
@ -69,11 +68,11 @@ $SERVER["socket"] == ":443" {
server.document-root = "/var/www/html"
}
```
Restart the lighttpd service:
7. Restart the lighttpd service:
```
sudo systemctl restart lighttpd
```
... and verify that lighttpd has restarted without errors:
8. Verify that lighttpd has restarted without errors:
```
sudo systemctl status lighttpd
```
@ -95,11 +94,11 @@ You should see a response like the following:
Jul 01 11:56:15 raspap lighttpd[1433]: Syntax OK
Jul 01 11:56:15 raspap systemd[1]: Started Lighttpd Daemon.
```
Now, copy `rootCA.pem` to your lighttpd web root (**important:** do *NOT* share `rootCA-key.pem`):
9. Now, copy `rootCA.pem` to your lighttpd web root (**important:** do *NOT* share `rootCA-key.pem`):
```
sudo cp /home/pi/.local/share/mkcert/rootCA.pem /var/www/html
```
Open a browser and enter the address: https://raspap.local/rootCA.pem. Accept the unsafe warning in the browser and download the root certificate to your client. Add the root certificate to your system keychain.
10. Open a browser and enter the address: https://raspap.local/rootCA.pem. Accept the unsafe warning in the browser and download the root certificate to your client. Add the root certificate to your system keychain.
![](https://i.imgur.com/RCJJPYL.png)