How do I redirect http to https for web access

Post Reply
homelabber
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 08, 2017 6:03 pm

How do I redirect http to https for web access

Post by homelabber » Tue Aug 08, 2017 6:31 pm

I have a perfectly functioning OpenVPN AS server setup at https://vpn.

Everything works great, but I want to be able to type http://vpn. and have that redirected to https. This is trivial to do in Apache/Nginx, but I have no idea how to do it on the server. I looked at /var and /etc but didn't find anything that looked like the httpd.conf files.

I tried searching the forum, but it tells me that "https, http, redirect" are very common terms and doesn't let me search, so I have no idea how to search.

I'd appreciate any help.

novaflash
OpenVPN Expert
Posts: 477
Joined: Fri Apr 13, 2012 8:43 pm

Re: How do I redirect http to https for web access

Post by novaflash » Thu Aug 10, 2017 10:45 am

At the moment the OpenVPN Access Server does not have an http only server, so it can't handle connection requests on port 80 TCP, and doesn't do automatic redirection. If you do really want that function though, you could install Apache2 or Nginx and configure that to redirect. Personally I find that approach rather 'heavy' in the sense that it's a lot of software to install just to do redirection. Instead you can also just run a very small and simple Python script that just redirects any incoming requests on its listening port to the correct https:// URL instead.

I don't know if spacing comes across okay when I copy and paste the sample script but here goes;

Code: Select all

sudo su
apt-get update
apt-get -y install python screen
nano /usr/local/openvpn_as/port80redirect.py
That will install the required software for you (on an ubuntu/debian system).

Then the script itself (/usr/local/openvpn_as/port80redirect.py for example):

Code: Select all

import SimpleHTTPServer
import SocketServer
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
   def do_GET(self):
       print "Request received, sending redirect..."
       self.send_response(301)
       self.send_header('Location', 'https://vpn.yourdomain.com')
       self.end_headers()

PORT = 80
handler = SocketServer.TCPServer(("", PORT), myHandler)
print "serving at port 80"
handler.serve_forever()
If you run the above script, it will listen for incoming http requests on default http port 80 TCP, and will send a redirect header that redirects the user to https://vpn.yourdomain.com. Simple and effective.

You can for example run this script in a screen session at startup by adding this to /etc/rc.local before the exit 0 line, and making rc.local executable (again; for a debian/ubuntu system - for centos and stuff you need to use some other method):
/usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py

Then when you reboot, a screen session will be active, with the port80redirect script running in it, and handling requests on port 80 TCP.

I believe eventually a port 80 TCP server will be added to Access Server, and support for Let's Encrypt as well. But that's months away. So for now this could be the solution for you.

Post Reply