Disable HTTPS for LAN only access?

I only have interest in accessing my Freedombox over my LAN. I’ve no need to expose the Web server to the Internet and would rather not expose it. However, disabling the port redirects in my router to the freedombox ports 80 and 443 result in my not being able to connect to it at all from the browser with a certificate error. Then there is the issue of expired Let’s Encrypted certificates.

I know this will require modifying the Apache config files, but it seems there are so many places where things would need to be changed. All help is appreciated.

You could try the following:

  1. Create a copy of “/etc/apache2/sites-available/freedombox-default.conf”. Add or remove the configuration you want in the copy.
  2. Disable the original site: sudo a2dissite freedombox-default.
  3. Enable the new site using sudo a2ensite ....
  4. Reload apache with sudo systemctl reload apache2.

That was a start. I also commented the line in the file that is my FQDN.conf that has the line:

Use FreedomBoxTLSSiteMacro FQDN

and verified that apache is only listening on port 80:

tcp        0      0    *               LISTEN      1055/apache2        

Even after restarting my browser (Firefox ESR in Bullseye) and turning off the HTTPS Everywhere plugin, it still insists on jumping straight to HTTPS protocol despite only typing in http://hostname into the address bar.

I even rebooted the Freedombox with no change.

I also get browser errors that the Web page uses “HSTS” and that cannot be bypassed. Ugh!

Does it work in a private browser window?

You may need to clear the browser history for the site:

Even after clearing the history and using a private window, it immediately redirects to HTTPS.

I found the HSTS configuration in /etc/apache2/conf-available/freedombox.conf and commented out that block and restarted the Apache server.

Maybe my only option is to reenable port 443 and just tell the browsers to accept the certificate although it seems they want to do away with that feature.

I restored everything else but left the HSTS block in /etc/apache2/conf-available/freedombox.conf commented and now I can use the services inside my LAN, albeit with HTTPS which is overkill, IMO, by adding an exception in the browsers. So long as I can do this and not expose the Web server to the Internet I am satisfied.

I suppose this is solved after a fashion.

Hey Nate, I’m a dummy but have you added an entry to the HOST file of the pc your using. Just an idea from one with a smooth brain.

No, I have a functioning DNS server for the LAN.

I went back and restored my previous changes and opened the ports again. It seems the Web services are deeply ingrained with this assumption so I’ve given up on trying to change it.