I only have interest in accessing my Freedombox over my LAN. I’ve no need to expose the Web server to the Internet and would rather not expose it. However, disabling the port redirects in my router to the freedombox ports 80 and 443 result in my not being able to connect to it at all from the browser with a certificate error. Then there is the issue of expired Let’s Encrypted certificates.
I know this will require modifying the Apache config files, but it seems there are so many places where things would need to be changed. All help is appreciated.
That was a start. I also commented the line in the file that is my FQDN.conf that has the line:
Use FreedomBoxTLSSiteMacro FQDN
and verified that apache is only listening on port 80:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1055/apache2
Even after restarting my browser (Firefox ESR in Bullseye) and turning off the HTTPS Everywhere plugin, it still insists on jumping straight to HTTPS protocol despite only typing in http://hostname into the address bar.
I even rebooted the Freedombox with no change.
I also get browser errors that the Web page uses “HSTS” and that cannot be bypassed. Ugh!
Even after clearing the history and using a private window, it immediately redirects to HTTPS.
I found the HSTS configuration in /etc/apache2/conf-available/freedombox.conf and commented out that block and restarted the Apache server.
Maybe my only option is to reenable port 443 and just tell the browsers to accept the certificate although it seems they want to do away with that feature.
I restored everything else but left the HSTS block in /etc/apache2/conf-available/freedombox.conf commented and now I can use the services inside my LAN, albeit with HTTPS which is overkill, IMO, by adding an exception in the browsers. So long as I can do this and not expose the Web server to the Internet I am satisfied.
I went back and restored my previous changes and opened the ports again. It seems the Web services are deeply ingrained with this assumption so I’ve given up on trying to change it.