Captive Portal Login URL
-
Hello
http://192.168.10.1:8002/index.php?zone=xxxxcurrent login address like this
http://aaa.hostname.com:8002/index.php?zone=xxxx
can i do it as hostname
I don't want the ip address to appear -
If the login URL looks like
http://aaa.hostname.com:8002/index.php?zone=xxxxthere is no IP.
Force the login to use "https".
You'll be needing a certificate that contain the host name - as that is what https is all about.
Browser redirect will get redirected to the host name, not the IP. -
I have ssl certificate as https
I tried my login page with domain name
but i had ssl problem on phones, login page did not come on some outdated phones
Can't bring login page with domain name as http ? -
help me.
-
@ahmetakkaya
What's the problem now?
I don't see any need to use https. -
the purpose is not https
my purpose
http://aaa.hostname.com:8002/index.php?zone=xxxx
having an opening url of the shape
-
Not supported out of the box.
But it seems to be possible
Check what you have on line 41 (?) from this file : /var.etc/nginx-xxxxxx-CaptivePortal.conf
I see :if ($http_host ~* aaaa.hostname.com) {Now, open /etc/inc/captiveportal.inc - find the empty line 1800 :
add this at that position :
$ourhostname="aaaa.hostname.com";I've tested it : no more "192.168.2.1", is saw aaaa.hostname.com in the login page URL
-
/var.etc/nginx-xxxxxx-CaptivePortal.conf
- in this way
-
Your nginx config file is not the same as mine.
You've forgot an important thing : you want to use a host name "aaaa.hostname.com" instead of an IP 10.10.200.1 address, right ?In that case : add a host override on the unbound resolver , at the bottom :
Now, your DNS is aware that aaaa.hostname.com is 10.10.200.1 and vis versa.
Add this on the resolver page, save, apply.
Open portal settings, and save also.Now, have a look again at the have a look again at the file
/var/etc/nginx-xxxxxx-CaptivePortal.confYou should see this :
-
-
Sorry.
I've checked how the nginx config file is generated.
This part :
only gets added when https mode is active.
See /etc/inc/system.inc, around line 1340 (look for cp_redirect)
So, still possible, but more needs to be modified to get it working.
Are you sure you can't afford a free certificate from Letsencrypt, and call it a day ? I'm using https captive portal for years now, it's a real set it and forget in thing.
In a close future, browsers will refuse plain 'http' usage anyway.edit : maybe you can abuse the presence of a bug ....
Whe I switched from https to http login, portal settings are not cleaned up :
I still had, in the portal config, this :
Or, https mode was disabled.
Look under <captiveportal><cpzonex> ...... there you find all the portal instance settings.So : set https mode ones with the correct <httpsname> .... </httpsname>
and select whatever (non valid probably) certificate.
Then switch back to http mode.<httpsname>aaaa.hostname.com</httpsname>will still be present and set.
This is, IMHO, a bug.
-
thanks for support
do you have a working example in your build
http://aaa.hostname.com:8002/index.php?zone=xxxx
-
For many years (10 or so ?) now.
I wanted to use the https access so there was no 192.168.2.1 (my portal interface) showing in the URL. https access isn't really needed as there is not really any secret information transmitted over Wifi, the login credentials are shown in the rooms of the hotel.
But, as a 'public' portal of a hotel can't use any SSID encryption, like AES or WEP, it has to be open for easy client use, I shifted to https.I'm not using "hostname.com" as I do not own (== rent) this domain name.
I rented my own domain name with the commercials brand in it, like "my-hotel-in-my-town.net". I picked a registrar that supports some API so I could use the acme.sh pfSense package to handle the certificate details.Now, my clients see "portal.my-hotel-in-my-town.net" when using the captive portal, but ..... who cares, as people don't look at URLs any more anyway.
It works flawlessly.@ahmetakkaya said in Captive Portal Login URL:
http://aaa.hostname.com:8002/index.php?zone=xxxx
People don't see / deal with / have to type in that URL.
All phone, pads and other devices are portal minded these days. -
This post is deleted! -
I made the login screen come up with https and aaa.hostname.com.
but on some devices
Your Connection Is Not Private
I'm getting the warning
how can i solve
-
@ahmetakkaya said in Captive Portal Login URL:
I'm getting the warning
Your Connection Is Not Private
how can i solveWhat device gave that warning ?
You you can't really solve this.
Is your SSID protected with a WPA3 encryption ? (and password) : probably not. So, a captive portal is always considered as a less secure network (like : OMG : everything goes in clear over the air).
But, don't worry, nearly all traffic is https (TLS) protected these days.
Most people will also, after connecting to a captive portal, use a VPN.Or maybe the device is complaining about 'DNS' is open.
-
-
@ahmetakkaya said in Captive Portal Login URL:
Your Connection Is Not Private
That's not a message from pfSense. It's a message shown on your device.
You know that no one on this forum works for Apple, Samsung etc. So why should I know what that message means ?Don't take me wrong : what about 'thinking' a bit before asking a question ??
I don't know what your device means with that message, but, "as they are all the same" it probably means something about the Wifi.
Are you using a Wifi network with a password ?
if it is WPA3 encrypted, god, but then the portal users have also to type in the wifi password first. As said before, that's not needed /wanted on a public network.We both also now that most traffic is TLS (https) encrypted these days.
This means : no one on planet earth can decrypt that. That includes the 3 letter agencies. So who cares that your Wifi network is not encrypted ?!
Most professional portal users even use a VPN as soon as they are connected to a public portal, so now everything is encrypted twice.
True : DNS traffic is visible ....Btw : my iPhone X IOS15.x says : "Not a secured network". It's just a message - not a show stopper. I'm not going to use "WPA3 encrypted" on my captive portal network. Older people won't be able to type that 28 letter password : My public captive portal wouldn't get used any more as it is to much a of hassle.
-
no ssid password only captive portal login available
I think the devices giving error can't get the ssl certificate
I don't know why this is
-
@ahmetakkaya said in Captive Portal Login URL:
I think the devices giving error can't get the ssl certificate
Can't get ? Can't trust ?
How did you set up the https portal access ?
Possible that you state more details ?Your portal works well for :
Apple device ?
Microsoft devices ?
Other brand devices ?
