How to redirect HTTP to HTTPS?
The OpenVPN Access Server does not come with an HTTP (insecure) web server daemon. So people visiting the address of your server using just http://vpn.yourdomain.com/ will just not get a response. You have to use the full HTTPS address https://vpn.yourdomain.com/ when visiting an Access Server to get the web interface to show up. Sometimes people want the http:// address to automatically redirect the user to https://.
This is possible in a great number of ways, since there are many different http:// daemons out there like Apache2, Nginx, LigHTTPD, and the list goes on. Here’s one option, and not by any means the only option. You could install Python on your system and then run a very simple HTTP server that listens on port 80 (the default HTTP port) and whenever anyone requests anything on this port, simply give an instruction to go to the correct address instead. This Python script example on this page here does just this and nothing more. It is just about the lightest solution you can implement as it literally does nothing other than redirect you to the desired address. You can have it run automatically on startup by for example using the @reboot directive in crontab. We are going to provide a sample script here and instructions on how to implement it.
Please note that we provide no further support on this solution. We provide this simply as a courtesy to our customers asking for this function. We provide no guarantees of any kind on this solution. We assume that you are using Ubuntu as that is the platform we use for our appliances that we provide to people, and that you are logged on as root user. If you use another operating system adjust the apt-get command as needed (perhaps try yum install).
Log on via SSH to your server and obtain root privileges. Then run these commands:
apt-get update apt-get -y install python screen nano /usr/local/openvpn_as/port80redirect.py
A text editor will now open (nano). Copy and paste this script into it. Adjust the redirect target:
import SimpleHTTPServer import SocketServer class myHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): def do_GET(self): print "Request received, sending redirect..." self.send_response(301) self.send_header('Location', 'https://vpn.yourdomain.com') self.end_headers() PORT = 80 handler = SocketServer.TCPServer(("", PORT), myHandler) print "serving at port 80" handler.serve_forever()
Press ctrl+x, then press y, and then press enter, to save and exit the file.
Now we’re going to edit the crontab file for the root user. Crontab is a system service that automatically executes tasks at specific times. It has a special @reboot keyword you can use to indicate you want a task to run when the system has just rebooted. This would a suitable place to call for this script to be started. To do so follow the next steps.
Open crontab for the current user:
If this is the first time you’ve used this program you may be asked which editor you want to use. Any of them is fine but we find nano to be one of the easier ones to work with. We are going to assume you are using nano. If you are using another text editor then saving and exiting the file may be slightly different – adjust as needed.
The crontab file will now open. At the bottom add this line:
@reboot /usr/bin/screen -dmS port80redirect /usr/bin/python /usr/local/openvpn_as/port80redirect.py
If you use nano, press ctrl+x, then press y, and then press enter, to save and exit the file.
Now when you reboot the system, screen will automatically be started and run the Python script port80redirect.py in there. Screen is a program that lets you run programs in the background continuously without the need to be logged on as a user. Additionally, you can see what the program is doing by connecting to the screen session. To see which sessions are active type:
Now you will see output like this:
There is a screen on: 2255.port80redirect (03/16/2017 05:22:34 PM) (Detached) 1 Socket in /var/run/screen/S-root.
Type screen -r 2255.port80redirect in this particular case to see what the Python script is doing. It will show you whenever someone makes a request on port 80, and inform you that it has given this visitor the instruction to go to the correct address (https://vpn.yourdomain.com in the example given). To stop the program press ctrl+c. To detach the screen session but leave the program running in the background press ctrl+a and then press d. You can logout now and the program will still continue running in the background and redirect users to the correct address, in the event they visit http://vpn.yourdomain.com/ instead of https://vpn.yourdomain.com.