This repository was archived by the owner on May 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 73
Lighttpd and SSL set up Instructions
Justin Ramos edited this page Jun 27, 2014
·
1 revision
SSL setup:
openssl genrsa -out /etc/lighttpd/ssl/router.key 2048 openssl req -new -key /etc/lighttpd/ssl/router.key -out /etc/lighttpd/ssl/router.csr -subj /CN=gw.home.lan openssl x509 -req -days 1826 -in /etc/lighttpd/ssl/router.csr -signkey /etc/lighttpd/ssl/router.key -out /etc/lighttpd/ssl/router.crt cat /etc/lighttpd/ssl/router.key /etc/lighttpd/ssl/router.crt > /etc/lighttpd/ssl/router.pem
Sources: http://moblog.wiredwings.com/archives/20110323/securing-lighttpd.html http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
To remove uhttpd and Luci:
- opkg remove uhttpd –force-removal-of-dependent-packages
- rm -r /wwww/cgi-bin/luci
- rm -r /wwww/luci-static
- rm /www/index.html
To host from lighttpd and add CSP Headers:
- opkg update
- opkg install lighttpd lighttpd-mod-cgi lighttpd-mod-setenv
- from /etc/lighttpd/lighttpd.conf file
A. uncomment `#server.modules=(`
B. uncomment `# “mod_setenv”,`
C. uncomment `# “mod_cgi”,`
C. uncomment `#)` at the bottom of the block
D. add lines:
- `$HTTP[“url”] =~ “^/cgi-bin” { cgi.assign = ( “” => “” ) }`
- `$SERVER[“socket”] == “:443” { ssl.engine = “enable” ssl.pemfile = “/etc/lighttpd/ssl/router.pem” }`
- `setenv.add-response-header = ( “X-Content-Security-Policy” => “allow ‘self’”, “X-Frame-Options” => “SAMEORIGIN”, “X-Content-Type-Options” => “nosniff” )`