Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

0 votes

Hello,

As part of a test for my studies, I would like to block the authentication page on port 443. I think I made a mistake during the initial installation. I specified "https" for the first time, then I crushed the installation by relaunching ./install, and this time I put "http".

The reason for choosing "HTTP" is because I can't get a valid ssl (I don't know how to get one, it was the school that gave me a fixed WAN IP, and a name domain name, which I can't administer!), even though let's encrypt worked on the specified domain name. When configuring in QR CODE, I get an error downloading the application, and if I put your direct link from your server, it works, but the installation of applications automatically, or messages with pager, does not work more.

Therefore, if I type my domain name on a browser, I arrive in "https", and I can authenticate myself. Except that if I want to generate a QR Code, I go back to "http", and I obviously have to regenerate my cookies.

How could I block access to 443 on the authentication page, without causing the MQTT to malfunction, and the rest? And above all, without having to overwrite the installation again?

Thank you so much.smiley

by (890 points)

1 Answer

0 votes
 
Best answer
If I understand your issue correctly, the browser redirects you to https even when you type http://? This is how browser works, I don't think it's possible to override this behavior.

I recommend you reinstalling the software following this manual: https://h-mdm.com/advanced-web-panel-installation/  Make sure port 80 is opened and no web server (like nginx or apache) is running, otherwise LetsEncrypt won't work and cannot issue a certificate.
by (32.7k points)
selected by
Indeed,
When I enter the domain name xxx.mdm.com, I automatically fall into HTTPS. However, if I specify "HTTP", I land on the correct page after clearing my browser caches. Ports 80 and 443 are open correctly.
Obtaining the SSL certificate is given via Let's Encrypt?
Should I allow updating TomCat config during installation? From memory, I had selected no, for fear of seeing my root.xml file overwritten.
Yes, certificate is obtained via Let's Encrypt. I recommend you to allow updating Tomcat config automatically, unless you know how to update it manually to enable SSL and setup the certificate. To avoid possible corruption of the config file, you can make a backup of conf/server.xml prior to installing Headwind MDM.
Thank you very much, I managed to find the solution. Now, conversely, can I block the HTTP connection?

It remains functional, despite an HTTPS configuration.

I uninstalled tomcat9 sudo apt remove tomcat9 --purge, and reinstalled with your script.

Thanks :)
Hello, I tried to find a solution to block access to the control panel in http (port 80) but I can't find anything that works. If I only block the port in my router, I can no longer enroll my devices. Thank you for your expertise
If Headwind MDM works through HTTPS, you can stop HTTP connector by commenting it out in /var/lib/tomcat9/conf/server.xml. It works on port 8080 by the way, I guess the redirect 80 -> 8080 is setup by iptables.
...