How to redirect HTTP to HTTPS?

Upgrade to Latest Version

Introduction

OpenVPN Access Server provides you with two web interfaces, the Admin Web UI and the Client Web UI. This document provides steps to redirect HTTP requests for these interfaces to HTTPS.

OpenVPN Access Server doesn't redirect HTTP requests by default because it doesn't come with an HTTP (insecure) web server daemon. That means if your administrators or end users visit your Access Server’s web address using just HTTP, they get a "page not found" response.

For example, if they enter http://vpn.example.com/, the browser returns the message, "This site can't be reached."

It won't redirect them to https://vpn.example.com/.

Steps to redirect HTTP to HTTPS

To set up a redirect from HTTP to HTTPS for your Access Server web interfaces, we provide an example of one possible setup below.

You can use many different http:// daemons to accomplish this, like Apache2, Nginx, LigHTTPD, and others.

For our example setup, we install Python on the system, run a simple HTTP server listening on port 80 (the default HTTP port), give instructions pointing to the correct address whenever anyone requests anything on that port, and finally, we set the new script to run at startup by modifying the crontab file.

This example assumes you're using Ubuntu (the platform we use for our appliances) and you've signed in as a root user.

Install Python and add a Python script

  1. Sign in via SSH to your server with root privilege and run these commands:
    apt-get update
    apt-get -y install python3 screen
    nano /usr/local/openvpn_as/port80redirect.py
  2. After the text editor (nano) opens, copy and paste the script below and adjust the redirect target:
    import http.server
    import socketserver
    class myHandler(http.server.SimpleHTTPRequestHandler):
      def do_GET(self):
        print("Request received, sending redirect...")
        self.send_response(301)
        self.send_header('Location', 'https://vpn.yourdomain.com')
        self.end_headers()
    PORT = 80
    handler = socketserver.TCPServer(("", PORT), myHandler)
    print("serving at port 80")
    handler.serve_forever()
  3. Save and exit the file (Ctrl+x, y, and Enter).

Note: In step two, ensure you modify the script to redirect to your domain, not the example domain we use.

Set the Python script to run at startup

  1. Open crontab for current user:
    crontab -e
  2. If this is the first time you’ve used this program, choose which editor to use (any is fine, but we assume you use nano for our example).
  3. At the bottom of the crontab file, add this line:
    @reboot /usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py
  4. Save and exit the file (Ctrl+x, y, and Enter).

Now, when you reboot the system, screen automatically starts and runs the Python script port80redirect.py. Screen is a program that runs apps in the background continuously without needing to sign in as a user.

You can see what screen is doing by connecting the screen session:

screen -list

An output like this displays:

There is a screen on:
 700.port80redirect (03/16/2017 05:22:34 PM) (Detached)
1 Socket in /var/run/screen/S-root.

Type screen -r 700.port80redirect (from our example above, but you should use the session number from your output) to see what this specific Python script is doing. It shows you whenever someone makes a request on port 80 and informs you that it gives instructions to go to the correct address.

  • To stop the program, press Ctrl+c.
  • To detach the screen session but leave the program running in the background, press Ctrl+a and then press d.
  • You can sign out, and the program continues to run in the background, redirecting users to the HTTPS address.