學習陌生的東西,也許最好的辦法就是
熟悉它,玩轉它!
因此從
介面開始,是個不錯的選擇。
在閱讀簡短之
LuCI Essentials
Installing LuCI on uHTTPd
This installs the essentials of the Web User Interface LuCI. See “opkg update && opkg list luci-*
” for all available packages to administer OpenWrt through LuCI.
opkg update opkg install luci
or
opkg install luci-ssl # enable https for luci
In case you are not familiar with a CLI, check out command-line HELP and/or opkg |
Native Language Support
The basic LuCI web user interface is in English. However, it is being actively translated into many languages by volunteers. See https://github.com/openwrt/luci/wiki/i18n and get involved! For a list of available packages, do
opkg list | grep luci-i18n-
You will see a list of the available language packages. To install your native language, do e.g.
opkg install luci-i18n-hungarian
You can also install language packs utilizing the WebInterface and you can install multiple LuCI language packs at the same time and switch between them in the LuCI-WebInterface or by editing the file → /etc/config/luci
Start and Enable the web server (uHTTPd)
The web server software uHTTPd is a dependency of the LuCI package and is automatically installed when you install LuCI. After installation the web server is not running! You need to manually start the web server. You should also enable the web server, so that it automatically starts up whenever you reboot the router. The first command below starts the web server, the second enables it across reboots.
/etc/init.d/uhttpd start /etc/init.d/uhttpd enable
Now you should be able to connect to the web server serving LuCI at http://192.168.1.1.
文本後,可以將 LuCi 中文化︰
【System】【Software】選單
【System】【System】選單
甚至進一步改成 https 存取的網頁︰
opkg update
opkg install luci-ssl
───
root@LEDE:~# nano /etc/config/firewall
修改
#open web on wan interface
config rule
option src wan
option dest_port 80
option target ACCEPT
option proto
成為
#open secure web on wan interface
config rule
option src wan
option dest_port 443
option target ACCEPT
option proto
此時 https://ip_addr 會看到下面訊息︰
如是自能加深
How to get rid of LuCI https certificate warnings
Do you like the security of using LuCi-SSL (or Luci-SSL-OpenSSL), but sick of the security warnings your browser gives you because of an invalid certificate?
With these instructions, you can generate your own self-signed certificate, which your browser will accept as valid.
One new headache was that, browsers usually only look at one key part of a self-signed certificate, the CN (common name). However, starting with Chrome version 58, it not only looks at the CN (common name) in the certificate, but also at the SAN (subject alt name or DNS name), which makes generating a certificate more complicated than before. You might have even had a certificate you made yourself, that worked until recently, stop working when Chrome 58 was released and most likely automatically updated and installed.
So, to get rid of the annoying “Warning, this is an insecure site, do you want to proceed?” warning messages, and other similar messages from other browsers, proceed with the following.
I know it looks long, but it’s easy and goes fast. Should take about 10 minutes tops.
……
Create /etc/ssl/myconfig.conf
with the following content:
[req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no string_mask = utf8only [req_distinguished_name] O = OpenWrt OU = Home Router CN = LuCI WebAdmin [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = luci.openwrt IP.1 = 192.168.1.1
-
You can edit the values for C (country), ST (state), L (location), O (organization), OU (organization unit) to whatever you want.
-
It’s extremely important the values for DNS.1 and IP.1 match whatever you type into the browser to access LuCI.
-
Some of you might have a different IP, or you might access it via a hostname; whatever you key into your browser’s address bar must match all three of those values.
-
-
之內容認識也☆
那麼假設 nslookup 的輸出結果是︰
root@LEDE:~# nslookup 5.168.168.9 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find 9.168.168.5.in-addr.arpa: NXDOMAIN root@LEDE:~# nslookup 5.168.166.88 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 88.166.168.5.in-addr.arpa name = LEDE.lan
如何『依樣畫葫蘆』的呢★