Skip to main content

Tutorial: How to Redirect HTTP to HTTPS

Abstract

How to set up a redirect for Access Server web interfaces from HTTP to HTTPS.

Overview

Access Server provides two web interfaces, the Admin Web UI and the Client Web UI. This document provides steps to redirect HTTP requests for these interfaces to HTTPS.

Access Server doesn't redirect HTTP requests by default because it doesn't have an HTTP (insecure) web server daemon. That means if your administrators or end users visit your Access Server’s web address using HTTP, they get a "page not found" response.

For example, if they enter http://vpn.example.com/, the browser returns the message, "This site can't be reached."

It won't redirect them to https://vpn.example.com/.

Follow this tutorial to set up that redirect.

  • An http:// daemon.

    Tip

    Below, we provide an example of one possible setup for redirecting your Access Server web interfaces from HTTP to HTTPS. You can use many different http:// daemons, such as Apache2, Nginx, LigHTTPD, and others, to accomplish this. We run an HTTP server for our example.

  • An installed Access Server.

  • A configured Access Server hostname.

  • An installed SSL cert for your Access Server.

  • Root access to your console.

For our example setup, we install Python on the system, run a simple HTTP server listening on port 80 (the default HTTP port), give instructions pointing to the correct address whenever anyone requests anything on that port, and finally, set the new script to run at startup by modifying the crontab file.

This example assumes you're using Ubuntu (the platform we use for our appliances) and signed in as a root user.

  1. Sign in to your console with root privileges and install Python:

    apt update
    apt -y install python3 screen
    nano /usr/local/openvpn_as/port80redirect.py
    • Python installs, and you create a new file to write a Python script.

  2. After the text editor (nano) opens, copy and paste the script below and adjust the redirect target:

    import http.server
    import socketserver
    class myHandler(http.server.SimpleHTTPRequestHandler):
      def do_GET(self):
        print("Request received, sending redirect...")
        self.send_response(301)
        self.send_header('Location', 'https://vpn.yourdomain.com')1
        self.end_headers()
    PORT = 80
    handler = socketserver.TCPServer(("", PORT), myHandler)
    print("serving at port 80")
    handler.serve_forever()

    1

    Modify this domain to redirect to your domain, not the example domain we use.

  3. Save and exit the file (Ctrl+xy, and Enter).

  1. Open crontab for the current user:

    crontab -e
  2. If this is the first time you’ve used this program, choose which editor to use (any is fine, but we assume you use nano for our example).

  3. At the bottom of the crontab file, add this line:

    @reboot /usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py
  4. Save and exit the file (Ctrl+xy, and Enter).

    • Now, when you reboot the system, screen automatically starts and runs the Python script port80redirect.pyScreen is a program that runs apps in the background continuously without needing to sign in as a user.

Tip

You can see what screen is doing by connecting the screen session:

screen -list

An output like this displays:

There is a screen on:
 700.port80redirect (03/16/2017 05:22:34 PM) (Detached)
1 Socket in /var/run/screen/S-root.

Type screen -r 700.port80redirect (from our example above, but you should use the session number from your output) to see what this specific Python script is doing. It shows you whenever someone makes a request on port 80 and informs you that it gives instructions to go to the correct address.

  • To stop the program, press Ctrl+c.

  • To detach the screen session but leave the program running in the background, press Ctrl+a and then press d.

  • You can sign out, and the program runs in the background, redirecting users to the HTTPS address.