每日彙整: 2018-10-05

樹莓派樹莓派之學習樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】LuCi 介面

學習陌生的東西,也許最好的辦法就是

熟悉它,玩轉它!

因此從

 

介面開始,是個不錯的選擇。

在閱讀簡短之

LuCI Essentials

Installing LuCI on uHTTPd

This installs the essentials of the Web User Interface LuCI. See “opkg update && opkg list luci-*” for all available packages to administer OpenWrt through LuCI.

opkg update
opkg install luci

or

opkg install luci-ssl # enable https for luci
In case you are not familiar with a CLI, check out command-line HELP and/or opkg

Native Language Support

The basic LuCI web user interface is in English. However, it is being actively translated into many languages by volunteers. See https://github.com/openwrt/luci/wiki/i18n and get involved! For a list of available packages, do

opkg list | grep luci-i18n-

You will see a list of the available language packages. To install your native language, do e.g.

opkg install luci-i18n-hungarian

You can also install language packs utilizing the WebInterface and you can install multiple LuCI language packs at the same time and switch between them in the LuCI-WebInterface or by editing the file → /etc/config/luci

Start and Enable the web server (uHTTPd)

The web server software uHTTPd is a dependency of the LuCI package and is automatically installed when you install LuCI. After installation the web server is not running! You need to manually start the web server. You should also enable the web server, so that it automatically starts up whenever you reboot the router. The first command below starts the web server, the second enables it across reboots.

/etc/init.d/uhttpd start
/etc/init.d/uhttpd enable

Now you should be able to connect to the web server serving LuCI at http://192.168.1.1.

 

文本後,可以將 LuCi 中文化︰

【System】【Software】選單

 

【System】【System】選單

 

甚至進一步改成 https 存取的網頁︰

opkg update

opkg install luci-ssl

───

root@LEDE:~# nano /etc/config/firewall

修改

#open web on wan interface
config rule
option src wan
option dest_port 80
option target ACCEPT
option proto

成為

#open secure web on wan interface
config rule
option src wan
option dest_port 443
option target ACCEPT
option proto

 

此時 https://ip_addr 會看到下面訊息︰

 

如是自能加深

How to get rid of LuCI https certificate warnings

Do you like the security of using LuCi-SSL (or Luci-SSL-OpenSSL), but sick of the security warnings your browser gives you because of an invalid certificate?

With these instructions, you can generate your own self-signed certificate, which your browser will accept as valid.

One new headache was that, browsers usually only look at one key part of a self-signed certificate, the CN (common name). However, starting with Chrome version 58, it not only looks at the CN (common name) in the certificate, but also at the SAN (subject alt name or DNS name), which makes generating a certificate more complicated than before. You might have even had a certificate you made yourself, that worked until recently, stop working when Chrome 58 was released and most likely automatically updated and installed.

So, to get rid of the annoying “Warning, this is an insecure site, do you want to proceed?” warning messages, and other similar messages from other browsers, proceed with the following.

I know it looks long, but it’s easy and goes fast. Should take about 10 minutes tops.

 

……

Create /etc/ssl/myconfig.conf with the following content:

[req]
distinguished_name  = req_distinguished_name
x509_extensions     = v3_req
prompt              = no
string_mask         = utf8only
 
[req_distinguished_name]
O                   = OpenWrt
OU                  = Home Router
CN                  = LuCI WebAdmin
 
[v3_req]
keyUsage            = keyEncipherment, dataEncipherment
extendedKeyUsage    = serverAuth
subjectAltName      = @alt_names
 
[alt_names]
DNS.1               = luci.openwrt
IP.1                = 192.168.1.1
  1. You can edit the values for C (country), ST (state), L (location), O (organization), OU (organization unit) to whatever you want.
    1. It’s extremely important the values for DNS.1 and IP.1 match whatever you type into the browser to access LuCI.
      • Some of you might have a different IP, or you might access it via a hostname; whatever you key into your browser’s address bar must match all three of those values.

 

之內容認識也☆

那麼假設 nslookup 的輸出結果是︰

root@LEDE:~# nslookup 5.168.168.9
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find 9.168.168.5.in-addr.arpa: NXDOMAIN

root@LEDE:~# nslookup 5.168.166.88
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
88.166.168.5.in-addr.arpa	name = LEDE.lan

 

如何『依樣畫葫蘆』的呢★