search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
516 stars 258 forks source link

UAMUISSL, browser show "mixed content" #365

Closed antoniovalenzuela closed 7 years ago

antoniovalenzuela commented 7 years ago

I enabled HS_UAMUISSL works correctly, but the URL /www/login.chi? It also loads non-secure HTTP content (1.jpg). This causes Chrome to notice Mixed Content (2.jpg).

To temporarily resolve this problem, I omitted the variable HS_UAMHOMEPAGE from the /etc/chilli/functions file (3.jpg), now HS_UAMFORMAT loads with https:// without security warnings (4.jpg).

Please help to solve mixed content problem.

Note: HS_UAMHOMEPAGE does not work in SSL mode

Thanks!! 1 2 3 4

antoniovalenzuela commented 7 years ago

Own solution:

Set new var HS_HTTPS HS_HTTPS = hspot.cl

Reeplace $HS_UAMLISTEN HS_UAMFORMAT=https://\\$HS_HTTPS:\$HS_UAMUIPORT/www/login.chi

Replace $HS_UAMLISTEN and $HS_UAMPORT HS_UAMHOMEPAGE=https://\\$HS_HTTPS:\$HS_UAMUIPORT/www/coova.html

Note: In my hotspot system add the "email" field to send automatic notifications to the clients with a single user and the password changes every hour.

Home and Login sites both SSL OK!! 1

cheseremtitus24 commented 2 years ago

You must enable HS_UAMUISSL=on HS_SSLKEYFILE=/path/to/private_key.key HS_SSLCERTFILE=/path/to/certificate.crt

optionally also enable

HS_REDIRSSL=on

oumkuda commented 11 months ago

share full chilli config file, please! need working ssl

cheseremtitus24 commented 11 months ago

HS_LANIF=eth1 # Subscriber Interface for client devices

WAN interface is optional as it will automatically be picked(if it has an internet connection)

HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN) HS_NETMASK=255.255.255.0 # HotSpot Network Netmask HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network) HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network) # you can comment out this as it is not needed thoh i found that it is internally hardcoded in the logout url when "https://$HS_UAMLISTEN:4990/json/status" is evoked evet though you have enabled SSL support. HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal) HS_UAMUISSL=on # Enable SSL on port 4990 HS_SSLKEYFILE=/path/to/private_key.key HS_SSLCERTFILE=/path/to/certificate.crt

optionally also enable

HS_REDIRSSL=on # Enable portal redirection when user is navigating to a https site when connection is "dnat"-chilli_query [will always cause browser warnings] HS_DNS1=$HS_UAMLISTEN HS_UAMFORMAT=https://\$HS_UAMLISTEN:\$HS_UAMUIPORT/www/login.chi HS_TCP_PORTS="80 443 22 23" HS_UDP_PORTS="1701 1812 1813 3799" HS_USE_MAP=on

oumkuda commented 11 months ago

wow great! it works. now i want to it support accessed by domain name. is it posible? i already set working https://example.com for 10.1.0.1 with apache server + letsencrypt but https://example.com:3990/www/coova.html gave me error time out

cheseremtitus24 commented 11 months ago

secure https traffic is only supported on port 4990. 3990 is like port 80(http) 4990 is equiv to 443(https)