Please revert forced https redirect
In your latest update you have specified this bug fix.
5. Bug Fixed
Reduced potential security risks by forcibly redirecting HTTP requests and responses to HTTPS ones.
This is not infact a bug fix. This is forcing people to do something they do not wish to do.
I'm using traefik infront of my omada controller, and it (well cert manager) handles my ssl termination.
I do not need omada to force https traffic with insecure https certificates.
I understand that https is more secure, but as you have the option, i think this should be reverted since this only makes things more difficult.
Cert manager handles my certs just fine, i dont need to worry about them expiring, like i would if i would need to manually update them every 90 days.
As a selfhoster, who enjoys omada controller, do not take the option of http away.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
To reiterate the existing points made in this thread: anyone operating a TLS-terminating reverse proxy that manages certificates automatically would need this function. In my case I have Omada (latest) running in a container on a NAS, via a reverse proxy; the NAS runs Tailscale; the latter handles automatically provisioning valid certificates that cover all the NAS services.
- Copy Link
- Report Inappropriate Content
@Vincent-TP Hi Vincent, its been three months since your last update. Have you given up on addressing this issue?
- Copy Link
- Report Inappropriate Content
Hi @jakeasmith
I won't know the progress on the R&D team's project. I'll check with them later - thanks for your attention!
jakeasmith wrote
@Vincent-TP Hi Vincent, its been three months since your last update. Have you given up on addressing this issue?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Vincent-TP v6 is now out, and the same issue exists.
Any idea as to whether this will ever be resolved?
- Copy Link
- Report Inappropriate Content
This is a major issue preventing my upgrade to v6. Please can we get an ETA for a fix?
FYI, I am using mbentley's docker container image with Traefik reverse proxy performing the TLS termination, using certs from my own private CA.
- Copy Link
- Report Inappropriate Content
@Vincent-TP Any update on the ability to disable the forced https? Like many others, my reverse proxy handles my certs and this is messing everything up.
- Copy Link
- Report Inappropriate Content
I'm running 6.1.0.19 and have the same problem, cannot use Traefik to manage this connection and certificates as I'd like to.
Are there any update?
Thank you and best regards
- Copy Link
- Report Inappropriate Content
FYI, you can still use Traefik. You just need to set insecureskipverify=true in Traefik's static configuration, then in the dynamic service definition for omada, specify that the scheme is https and send traffic to the https port. E.g. using labels on a docker compose service...
# Since Omada controller auto-redirects http to https, we need to specify scheme is https.
# This also requires that we set insecureskipverify=true in Traefik's static configuration.
- "traefik.http.services.omada-svc.loadbalancer.server.scheme=https"
- "traefik.http.services.omada-svc.loadbalancer.server.port=8043"
HTH
- Copy Link
- Report Inappropriate Content
@codersr this is what I ended up doing. Even better, you can do it for one service specifically using serversTransport. Its clunky to set up, though, and really just shouldn't be needed.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 20
Views: 4365
Replies: 30
Voters 2
