Is possible to change https port on captive portal
-
Hello,
I have try to change https captive portal default port is 8003 in file
/var/etc/nginx-captiveportal-CaptivePortal-SSL.conf (CaptivePortal Is my portal name)
I have changed to xxxx number and when I reboot pfesense my port is rollback to 8003
Any ideas please advise.
Thanks!
-
Can you tell why you want to change that port number ?
This port number is a big "don't care" as the portal user never need to know about it.I'll post back here with 'instructions' later on, as I check first if it is even possible by editing just 'one file'.
-
I need to forward them to cloudflare tunnel I have try 8443 port is working but when I try 8003 it doesn't work. I assumed to change to another port that cloudflare are support with.
Any ideas please let me know.
Thanks.
-
A captive portal connection through a (cloudflare ) tunnel ?
If a cloud-flare tunnel is like a VPN tunnel, then there is no issue what so ever.
Policy route the captive portal interface over - not WAN - but another WAN type interface like a VPN tunnel, that can be done - as I do it ones ine a while when I discover that my portal users are doing things with 'my connection' (like downloading "Disney movies").
All this has nothing to do with 'what ports' are used. My OpenVPN tunnel tunnels everything and doesn't care about what IP or port is used.Edit this file : /etc/inc/captiveportal.inc.
Search for the 6 (six) occurrences of "800". It's PHP, so like 'Basic', you'll understand what happens and what is done.
Change all the "800" for (example) "500".
Please don't call help if you discover all kind of side effects. If this "800" value is hard-coded some where else, things will totally break, or worse, work, but you've created a security issue without being avware of it. -
Hello,
Generally, https on pf is a self-signed certificate I have got warn message when access the portal. So I need to pass-through the request to tunnel to use proxy on cloudflare and they accept some port on it e.g. 443, 8443, 2053, 2083...
I'm using cloudflare zero trust I could access 443, 8443 to pf on cf zero trust
When I request to login I got freewifi.abc.com:8003 and the request is not complete so I want to try to change this port to 2053.
Maybe I'm wrong so please advise.
Thanks!
-
@dimsum said in Is possible to change https port on captive portal:
https on pf is a self-signed certificate I have got warn message when access the portal.
https login is somewhat mandatory these days, as browsers are getting picky on classic http web server / site content.
Also : a https web server can't be ** an IP URL like https://192.168.10.1:8003/...... but must be something like "https://freewifi.abc.com:8003/The good news : trusted certificates are free : use the acme pfSense package.
The 'bad' news : you need to own (rent) a domain name like "abc.com" and (check this before you sign up) the registrar needs to be compatible with "acme.sh" - see the check list here.As soon as you 'own' abc.com, you can set up the acme.sh pfSense package to get you a "portal.abc.com" certificate that you have to use for the captive portal web server. From this moment every web browser (captive portal visitor) out will be happy with the certificate from your captive portal : no more warnings messages.
I don't know what "cloudflare zero trus" is, but you can't use that to replace the captive portal's web server, as this web server needs to identify the visiting user, and instruct 'pf', the pfsense firewall, to grant access through the captive portal upon successful identification.
** actually, it can. Some non-free certificate authorities can sign your certificate, and you can add IPs and host names into the certificate. These certificates won't be free, like the ones from Letsencrypt.
But why would you ? It's better to use something like "https://freewifi.abc.com" as "https://192.168.10.1" as a captive portal URL. -
Many thanks!