search

mongramosjr / hotspot-login

Hotspot-login is a captive portal login page for CoovaChilli
GNU General Public License v2.0
14 stars 7 forks source link

readme

hotspot-login

Hotspot-login is a login utility for CoovaChilli. hotspot-login is a fork of hotspotlogin in daloRADIUS.

Requirements

In order to integrate the login utility to a captive portal, we will need the following:

Installation

I assume you have been through the installation of captive portal solution.

Download the source and unzip the file

wget -c https://github.com/mongramosjr/hotspot-login/archive/master.zip -O hotspot-login-master.zip

unzip hotspot-login-master.zip

Create webroot folder for the hotspot domain name, copy the hotspot-login in the webroot folder

sudo mkdir /var/www/hotspot.example.com
mv hotspot-login-master /var/www/hotspot.example.com/

Create a server block in nginx

Create the server block file that will tell Nginx on how to process the hotspot login utility.

sudo vim /etc/nginx/sites-available/hotspot.example.com

Copy the following lines and paste it into the server block file

server {
    # Redirect all HTTP traffic to HTTPS since daloRADIUS requires an HTTPS connection
    listen 10.10.10.1:80 default_server; # Change this to match your HotSpot IP address
    server_name hotspot.example.com; # Change this to your domain name
    return 301 https://$server_name$request_uri;
}

server {
    listen 10.10.10.1:443 ssl default_server; # Change this to match your HotSpot IP address
        server_name hotspot.example.com;  # Change this to your domain name

        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        include snippets/snakeoil.conf;

    # Replace your signed ssl certificate 
    # ssl_certificate /etc/ssl/certs/<public_key_of_ssl_certificate_here>.pem;
    # ssl_certificate_key /etc/ssl/private/<private_key_of_ssl_certificate_here>.key;

    root /var/www/hotspot.example.com; # Change this to match the folder of your hotspot app
    index hotspotlogin.php index.php index.phtml index.html index.htm;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.php?$args /hotspotlogin.php?$args $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock; # check the php-fpm.conf configuration listen directive
    }
}

That is all we need for a basic configuration. Save and close the file to exit.

Enable the server block and restart nginx

Now that we have our server block file, we need to enable them. We can do this by creating symbolic links from these files to the sites-enabled directory, which Nginx reads from during startup.

We can create these links by typing:

sudo ln -s /etc/nginx/sites-available/hotspot.example.com /etc/nginx/sites-enabled/

Next, test to make sure that there are no syntax errors in any of your Nginx files:

sudo nginx -t

If no problems were found, restart Nginx to enable your changes:

sudo systemctl restart nginx

Modify configuration in CoovaChilli and in the hotspot-login

Edit /etc/chilli/config.

sudo vi /etc/chilli/config
#   Use HS_UAMFORMAT to define the actual captive portal url.
HS_UAMFORMAT=https://\$HS_UAMLISTEN/hotspotlogin.php

Edit /var/www/hotspot.example.com/hotspotlogin.php

sudo vi /var/www/hotspot.example.com/hotspotlogin.php
# Shared secret used to encrypt challenge with. Prevents dictionary attacks.
# You should change this to your own shared secret.
$uamsecret = "uamtesting123"; # Change this to match the coovachilli config directive HS_UAMSECRET

Restart the captive portal

Let’s now start the hostapd, nginx and CoovaChilli. And try accessing captive portal from our web browser.

sudo systemctl stop hostapd
sudo systemctl stop nginx
sudo systemctl stop chilli

sudo systemctl start chilli
sudo systemctl start nginx
sudo systemctl start hostapd