I have a perfectly functioning OpenVPN AS server setup at https://vpn.
Everything works great, but I want to be able to type http://vpn. and have that redirected to https. This is trivial to do in Apache/Nginx, but I have no idea how to do it on the server. I looked at /var and /etc but didn't find anything that looked like the httpd.conf files.
I tried searching the forum, but it tells me that "https, http, redirect" are very common terms and doesn't let me search, so I have no idea how to search.
I'd appreciate any help.
How do I redirect http to https for web access
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Aug 08, 2017 6:03 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: How do I redirect http to https for web access
At the moment the OpenVPN Access Server does not have an http only server, so it can't handle connection requests on port 80 TCP, and doesn't do automatic redirection. If you do really want that function though, you could install Apache2 or Nginx and configure that to redirect. Personally I find that approach rather 'heavy' in the sense that it's a lot of software to install just to do redirection. Instead you can also just run a very small and simple Python script that just redirects any incoming requests on its listening port to the correct https:// URL instead.
I don't know if spacing comes across okay when I copy and paste the sample script but here goes;
That will install the required software for you (on an ubuntu/debian system).
Then the script itself (/usr/local/openvpn_as/port80redirect.py for example):
If you run the above script, it will listen for incoming http requests on default http port 80 TCP, and will send a redirect header that redirects the user to https://vpn.yourdomain.com. Simple and effective.
You can for example run this script in a screen session at startup by adding this to /etc/rc.local before the exit 0 line, and making rc.local executable (again; for a debian/ubuntu system - for centos and stuff you need to use some other method):
/usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py
Then when you reboot, a screen session will be active, with the port80redirect script running in it, and handling requests on port 80 TCP.
I believe eventually a port 80 TCP server will be added to Access Server, and support for Let's Encrypt as well. But that's months away. So for now this could be the solution for you.
I don't know if spacing comes across okay when I copy and paste the sample script but here goes;
Code: Select all
sudo su
apt-get update
apt-get -y install python screen
nano /usr/local/openvpn_as/port80redirect.py
Then the script itself (/usr/local/openvpn_as/port80redirect.py for example):
Code: Select all
import SimpleHTTPServer
import SocketServer
class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
print "Request received, sending redirect..."
self.send_response(301)
self.send_header('Location', 'https://vpn.yourdomain.com')
self.end_headers()
PORT = 80
handler = SocketServer.TCPServer(("", PORT), myHandler)
print "serving at port 80"
handler.serve_forever()
You can for example run this script in a screen session at startup by adding this to /etc/rc.local before the exit 0 line, and making rc.local executable (again; for a debian/ubuntu system - for centos and stuff you need to use some other method):
/usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py
Then when you reboot, a screen session will be active, with the port80redirect script running in it, and handling requests on port 80 TCP.
I believe eventually a port 80 TCP server will be added to Access Server, and support for Let's Encrypt as well. But that's months away. So for now this could be the solution for you.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 11
- Joined: Tue Jul 11, 2023 1:29 pm
Re: How do I redirect http to https for web access
Given your specific scenario with OpenVPN Access Server, it seems that you'll need to take a slightly different approach to achieve the HTTP to HTTPS redirection. Anyway here is an example how you can do it.homelabber wrote: ↑Tue Aug 08, 2017 6:31 pmI have a perfectly functioning OpenVPN AS server setup at https://vpn.
Everything works great, but I want to be able to type http://vpn. and have that redirected to https. This is trivial to do in Apache/Nginx, but I have no idea how to do it on the server. I looked at /var and /etc but didn't find anything that looked like the httpd.conf files.
I tried searching the forum, but it tells me that "https, http, redirect" are very common terms and doesn't let me search, so I have no idea how to search.
I'd appreciate any help.
Connect to your OpenVPN Access Server and Run below to create a custom redirection script:
Code: Select all
nano /usr/local/openvpn_as/scripts/redirect_http_to_https.sh
Code: Select all
#!/bin/bash
# Redirect HTTP to HTTPS for OpenVPN AS
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 443
now run the script..
Code: Select all
chmod +x /usr/local/openvpn_as/scripts/redirect_http_to_https.sh
Code: Select all
nano /etc/systemd/system/redirect-http-to-https.service
Code: Select all
[Unit]
Description=Redirect HTTP to HTTPS for OpenVPN AS
After=openvpnas.service
[Service]
Type=oneshot
ExecStart=/usr/local/openvpn_as/scripts/redirect_http_to_https.sh
[Install]
WantedBy=multi-user.target
Code: Select all
systemctl enable redirect-http-to-https.service
systemctl start redirect-http-to-https.service
sudo reboot
Now verify all incoming HTTP requests to http://vpn should be automatically redirected to HTTPS. You can manually check browser developer tools to inspect network requests and redirects or use any online tool such redirect checker This can help you identify if any rdirection issue or http/https www-non www issue.
-
- OpenVpn Newbie
- Posts: 11
- Joined: Tue Jul 11, 2023 1:29 pm
Re: How do I redirect http to https for web access
If anyone is having this problem, here is the official document in detail.
https://openvpn.net/vpn-server-resource ... -to-https/
https://openvpn.net/vpn-server-resource ... -to-https/