20.xx: postponse LuCI HTTPS per default

TheWerthFam thewerthfam at gmail.com
Thu Nov 19 19:38:13 EST 2020


Given that the first login via LuCI, on a fresh install, is not with a 
password anyway.  What if setting the initial password sets up 
letsencrypt also. Then when letsencrypt's first successful cert install, 
https gets enabled as the default and then requests the user reboot to 
complete the setup and will force their next session to https.

I agree that https with self-signed certs are not good, especially on a 
first boot/install device.

Cheers
  Derek

On 11/19/20 6:09 PM, Paul Spooren wrote:
> Hi,
>
> The current list of release goals for 20.xx states[0] that LuCI should
> use HTTPS per default. This works by creating on-device a self-signed
> certificate. Self-signed certificates result in warnings and may cause
> more harm than good, multiple discussion are found in the mail archive.
>
> As no clean solution seems in reach while 20.xx seems close, I'd like to
> suggest to postponse HTTPS LuCI (`luci-ssl` vs `luci`) per default.
>
> This isn't a vote but a request for developer/user opinions.
>
> Sunshine,
> Paul
>
> [0]: https://openwrt.org/docs/guide-developer/releases/goals/20.xx
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel




More information about the openwrt-devel mailing list