• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

nTopNG not working with HTTPS

Scheduled Pinned Locked Moved Traffic Monitoring
5 Posts 2 Posters 358 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    frostyw
    last edited by Dec 5, 2024, 12:49 AM

    After installing nTopNG on pfSense+ 24.11, I am unable to connect to the service. Although it claims to track the system setting for HTTP/HTTPS connectivity, and my gateway is set for HTTPS, port 3000 is responding with HTTP and re-directing to HTTPS on the same port, which fails.

    Screenshot from 2024-12-04 19-46-54.png

    I can see in the ntopng.conf file, that it is set for http-port=0 and https-port=[my IP]:3000. So could this be a regression in the version of nT used by pfSense?

    --http-port=0
--https-port=172.16.1.1:3001,2001:xxx:xxxx:1::1:3001
    F D 2 Replies Last reply Dec 5, 2024, 12:56 AM Reply Quote 0
    • F
      frostyw @frostyw
      last edited by Dec 5, 2024, 12:56 AM

      @frostyw ntopng.pcap

      1 Reply Last reply Reply Quote 0
      • D
        dennypage @frostyw
        last edited by Dec 5, 2024, 4:37 AM

        @frostyw said in nTopNG not working with HTTPS:

        After installing nTopNG on pfSense+ 24.11, I am unable to connect to the service. Although it claims to track the system setting for HTTP/HTTPS connectivity, and my gateway is set for HTTPS, port 3000 is responding with HTTP and re-directing to HTTPS on the same port, which fails.

        Screenshot from 2024-12-04 19-46-54.png

        I can see in the ntopng.conf file, that it is set for http-port=0 and https-port=[my IP]:3000. So could this be a regression in the version of nT used by pfSense?

        --http-port=0
--https-port=172.16.1.1:3001,2001:xxx:xxxx:1::1:3001

        Your screen capture, ntopng config file, and packet capture do not match. Your screen capture shows port 3000, and an error that generally occurs when you attempt to establish a TLS (HTTPS) connection to an HTTP server. Your config file shows HTTPS on port 3001. Your packet capture shows an initial connection attempt to HTTP (on port 3000) rather than HTTPS.

        The ntopng port is hard-coded as 3000, so 3001 should not be in the config file. Did you hand edit the file?

        FWIW, there is no HTTP -> HTTPS redirect. There is a redirect that happens in the context of pfSense to send the connection to port 3000 when accessing Diagnostics -> ntopng, but this is not the same thing as an HTTP -> HTTPS redirect.

        Setting all that aside, there is a new IPv6 / ntopng issue with 24.11 that needs to be looked at. Uncheck the box that says "Server IPv6" in the "HTTP(S) Server Options" section and try again.

        1 Reply Last reply Reply Quote 0
        • D
          dennypage
          last edited by Dec 5, 2024, 5:09 AM

          Confirmed: There is a new bug in ntopng. It can do secure connections on IPv4 or IPv6, but not both. Until it's fixed, you can only have one box checked.

          It also now requires brackets on IPv6 addresses for non wild-card listens (All interfaces). This will require a package update to correct. I'll have that shortly.

          F 1 Reply Last reply Dec 5, 2024, 11:29 AM Reply Quote 0
          • F
            frostyw @dennypage
            last edited by Dec 5, 2024, 11:29 AM

            @dennypage Confirmed that unchecking the IPv6 box allows the page to load securely on IPv4. That's quite a discovery!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received