Project

General

Profile

[Solved] Trying to get locahost status without HTTPS cert failure

Added by jello almost 4 years ago

Hello,

I have followed the instructions at HowToRedirectHttpToHttps, and created /etc/lighttpd/conf-enabled/95-force-https.conf with the following content:

$HTTP["scheme"] == "http" {
    $SERVER["socket"] != "127.0.0.1:80" {
      $SERVER["socket"] != "[::1]:80" {
        url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
      }
    }
}

However, when I try to access the server status page, mod_status, it DOES redirect my connection to https, and then fails because localhost is not on the SSL cert:

$ wget -O- http://localhost/server-status?auto
--2020-06-02 00:30:31--  http://localhost/server-status?auto
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://localhost/server-status?auto [following]
--2020-06-02 00:30:31--  https://localhost/server-status?auto
Connecting to localhost (localhost)|::1|:443... connected.
The certificate's owner does not match hostname ‘localhost’

If I bypass the cert name mismatch, I do get the status output; however, I'd really like to get my config working so that localhost doesn't use https (seems unnecessary to me). I am running lighttpd 1.4.53 on Debian 10.4, full config attached. Any help appreciated!

Thanks,
--Joe


Replies (2)

RE: Trying to get locahost status without HTTPS cert failure - Added by gstrauss almost 4 years ago

$SERVER["socket"] is for lighttpd listening sockets, and works if you have separate listening sockets, not also listening to "*"

For remote IPs, use $HTTP["remote-ip"]

$HTTP["scheme"] == "http" {
    $HTTP["remote-ip"] != "127.0.0.1" {
      $HTTP["remote-ip"] != "[::1]" {
        url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
      }
    }
}

I'll update HowToRedirectHttpToHttps as remote-ip is probably easier to understand.

RE: Trying to get locahost status without HTTPS cert failure - Added by jello almost 4 years ago

That fixed it. Thanks very much for the help here and for lighttpd in general!
--Joe

    (1-2/2)