Please revert forced https redirect
In your latest update you have specified this bug fix.
5. Bug Fixed
Reduced potential security risks by forcibly redirecting HTTP requests and responses to HTTPS ones.
This is not infact a bug fix. This is forcing people to do something they do not wish to do.
I'm using traefik infront of my omada controller, and it (well cert manager) handles my ssl termination.
I do not need omada to force https traffic with insecure https certificates.
I understand that https is more secure, but as you have the option, i think this should be reverted since this only makes things more difficult.
Cert manager handles my certs just fine, i dont need to worry about them expiring, like i would if i would need to manually update them every 90 days.
As a selfhoster, who enjoys omada controller, do not take the option of http away.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Vincent-TP 5.15.20.18 of the software controller on Linux as well
Vincent-TP wrote
Hi @sofiaurora @Botlike @tokenize @slfhst @pixielark
and anyone who are concerning about this feature,
We are planning to make corresponding modifications and now need to understand the types and versions of the controllers everyone is using.
We look forward to your replies.
5.15.20.18 of the software controller on Linux as well
- Copy Link
- Report Inappropriate Content
@Vincent-TP that is wonderful news, thank you!
I have downgraded to omadacontroller 5.15.8.2 for the moment but otherwise would plan to stay at the latest version. I run this via docker on a linux amd64 pc. I combine this with a nginx docker container for reverse proxying/ssl termination. Thank you!
- Copy Link
- Report Inappropriate Content
thank you for all the valued feedback.
- Copy Link
- Report Inappropriate Content
@Vincent-TP Hello. Any timeframe on this change? It is just so inconvenient to have it like this.
I have literally updated to the version 5.15.20.20 which is being run on docker and still not reverter.
I have 3 full Omada sites so just imagine the work I have to do with every interaction I need to have with one of the controllers.
I agree with previous approaches on this subject and Tplink's concerns but, I have vlans configured behind Opnsense due to the ACL limitations of Omada, Reverse Proxy with Traefik/Caddy and on top of that I have Authentik for SSO which adds another layer of security. All of this has restricted access to the controller and to the Internet.
As such, this change, is unnecessary for setups that have this type of approach. Forcing this change literally messes up everything I have configured.
How it is configured right now it is even more secure than what i am being forced to use.
Does Tplink has a timeframe for the revert?
I am being deeply affected by this and the latest 5.15.20.20 did not revert it.
Best Regards
- Copy Link
- Report Inappropriate Content
@sofiaurora
I am on 5.15.20.20. Is there any ETA on implementing this change? I have my own domain and currently cannot use public internet to get access to the controller.
- Copy Link
- Report Inappropriate Content
We currently cannot provide an ETA. This change was implemented to fix some known bugs, and reverting it requires us to find alternative solutions to prevent the original issues. Please stay patient while we address this. Thanks for your understanding.
- Copy Link
- Report Inappropriate Content
@sofiaurora Put me in the 'me too' basket.
I want to put my oc300 behind the reverse proxy I already have (HAProxy under Opnsense) as certificate management is a pain.
This is a private network, the oc300 is not exposed. I should be able to https to the proxy and http from the proxy to the controller and let the proxy handle the certs.
- Copy Link
- Report Inappropriate Content
Bump. Also would like to request that this be reverted. I'm running 5.15.20.20 on Linux in a docker container.
- Copy Link
- Report Inappropriate Content
bump. same problem with software 5.15.24.18
- Copy Link
- Report Inappropriate Content
Information
Helpful: 14
Views: 2016
Replies: 23
Voters 2
