pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[thelonelycoder]

I can't do this now, because I'm away from the router, but I'll do it when I return.

Once you're back in, try the command uiDivStats runs in the SSH terminal:

/usr/sbin/curl -s --retry 3 "http://192.168.1.20/servstats" -o /tmp/psservstats

It should finish within a second. If not then you still have a problem.
If it did work, you could run this command, if pixelserv-tls is up and running it would produce a long string of html code:

[ -f /tmp/psservstats ] && cat /tmp/psservstats && rm /tmp/psservstats

 

[thelonelycoder]

Thank you, I was thinking of the same solution.
The only USB device connected is the one where Entware is installed.

I can't do this now, because I'm away from the router, but I'll do it when I return.

Cheers!

Just tested it, my suggestion to manually assign the pixelserv-tls IP to regain access to the WebUI works.

 

[nick_max]

Just tested it, my suggestion to manually assign the pixelserv-tls IP to regain access to the WebUI works.

Thank you, will do that when I'm back home.
Meanwhile I tried creating a new VM in bridged mode and tried assigning the pixelserv IP - no go because of active IP conflict. For this to work, I need to turn off the router and remove the Entware USB.

Next time I'll pay more attention when changing access rules

 

[Asad Ali]

Next time I'll pay more attention when changing access rules

Specially when you're off site lol. [emoji16]

 

[Asad Ali]

My iPhone updated yesterday to 13

Okay, no harm done, it'll update to 13.1 as well [emoji23]

 

[heysoundude]

Okay, no harm done, it'll update to 13.1 as well [emoji23]

On the 24th when Apple releases it, you mean.


Sent from my iPhone using Tapatalk

 

[Asad Ali]

On the 24th when Apple releases it, you mean.

Yep!

 

[gattaca]

No, there were questions about your script and TLS server certificates. I research that more and ended up using the merlin script that another poster here had modified with the new requirements. I know the EKU flag is enabled. I inspected the new cert and compared it with the new posted Apple requirements.

So I have to catch up here this weekend. RL had me by the @@. So the new release will regen BOTH a new 10 year CA and a new 2 year+ pixel-serv which is signed by the new 10YR CA via the amtm menu? You guys also mention running commands from the Asad and merlin's scripts to create the certs. I'm now a bit confused.

1) Are there pointers somewhere in instructions to the above commands us mortals can easily folllow?
2) I see the discussion about a 10 year CA being used to sign the newly generated pixelserv cert...so we should NOT need to generate a new 10 YR CA each time?
3) So will the the amtm scripting just use your existing CA.crt to sign a newly generated pixelserv-tls cert going forward? (Once it's been regenerated for this whole apple-induced mess? I'm sorry, it's been so long since I first set this up and got it working, I can honestly no longer remember those details. Yeah, aging sux... You've been warned!

Thanks!

 

[elorimer]

@gattaca:

Diversion will allow you to install the new pixelserv compile that will generate iOS compliant scripts. It will also allow you to generate a new 10 year CA cert compliant with the iOS requirements, then purge all the pixelserv certs, which will start to regenerate as compliant pixelserv certs.

The last step is you have to import the new 10 year CA cert into all your browsers/devices.

 

[thelonelycoder]

So I have to catch up here this weekend. RL had me by the @@. So the new release will regen BOTH a new 10 year CA and a new 2 year+ pixel-serv which is signed by the new 10YR CA via the amtm menu? You guys also mention running commands from the Asad and merlin's scripts to create the certs. I'm now a bit confused.

1) Are there pointers somewhere in instructions to the above commands us mortals can easily folllow?
2) I see the discussion about a 10 year CA being used to sign the newly generated pixelserv cert...so we should NOT need to generate a new 10 YR CA each time?
3) So will the the amtm scripting just use your existing CA.crt to sign a newly generated pixelserv-tls cert going forward? (Once it's been regenerated for this whole apple-induced mess? I'm sorry, it's been so long since I first set this up and got it working, I can honestly no longer remember those details. Yeah, aging sux... You've been warned!

Thanks!

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

 

[Delusion]

I have 3 basic questions.
1. Is there a diffrence\does it matter if I download a certificate on my PC to USB disk-on-key (from PIXELSERV-IP\ca.crt) and installing the certificate on each PC from the USB or Download on each PC the ca.crt and install it?

2. on /servstats . Is there a parameter which can tell me how much ads were blocked?

3. Do I need to install\purge+generate certificates everytime I do a dirty upgrade ?

 

[DonnyJohnny]

I was looking at my pixelserv stat and wonder why so many tls 1.2. It seems to be coming from my Windows 10 1903.
By default windows only come with tls 1.2

But after some goggling... I found it!!!
https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Windows 10 with TLS 1.3!
Have fun!!!

Edit:
try to make .net framework to use "SchUseStrongCrypto" & "SystemDefaultTlsVersions"
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

 

[dave14305]

I have 3 basic questions.
1. Is there a diffrence\does it matter if I download a certificate on my PC to USB disk-on-key (from PIXELSERV-IP\ca.crt) and installing the certificate on each PC from the USB or Download on each PC the ca.crt and install it?

No, whatever is more convenient for you. If you use Firefox, it has its own certificate store apart from Windows' certificate store.

2. on /servstats . Is there a parameter which can tell me how much ads were blocked?

req will tell you how many requests were sent to the Pixelserv IP, including your servstats request. slh through slu show the stats on HTTPS requests. The rest tend to be further breakdowns of those main counters for more details of error situations with individual requests.

3. Do I need to install\purge+generate certificates everytime I do a dirty upgrade ?

No. But backup your ca.crt and ca.key files in case your USB drive ever fails (from /opt/var/cache/pixelserv/ca.*).

 

[Makaveli]

I was looking at my pixelserv stat and wonder why so many tls 1.2. It seems to be coming from my Windows 10 1903.
By default windows only come with tls 1.2

But after some goggling... I found it!!!
https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Windows 10 with TLS 1.3!
Have fun!!!

Nice find going to try this tonight at home.

 

[gattaca]

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

The pixelserv upgrade worked PERFECTLY! THANK YOU! I've purged the older cert and imported the new 10 Yr ca.crt file into the browsers. GTG! You made my day guys! Just AWSEOME!

I also did this to use the new CERT to with the ASUS webgui. This part is NOT necessary for everything else to work. https://github.com/kvic-z/pixelserv...ixelserv-CA-to-issue-a-certificate-for-WebGUI

 

[heysoundude]

I was looking at my pixelserv stat and wonder why so many tls 1.2. It seems to be coming from my Windows 10 1903.
By default windows only come with tls 1.2

But after some goggling... I found it!!!
https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Windows 10 with TLS 1.3!
Have fun!!!

Edit:
try to make .net framework to use "SchUseStrongCrypto" & "SystemDefaultTlsVersions"
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

windows hurts my brain every time. but I will make this happen on the two machines that need it.

 

[XIII]

https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Tried this on 1903 (OS Build 18362.387), but it's still the "v12" counter that increases when I surf to the pixelserv statistics page using Edge.

(I normally use Firefox and that already increases the "v13" counter instead)

Do I need to perform additional steps? Which?

 

[DonnyJohnny]

windows hurts my brain every time. but I will make this happen on the two machines that need it.

Tried this on 1903 (OS Build 18362.387), but it's still the "v12" counter that increases when I surf to the pixelserv statistics page using Edge.

(I normally use Firefox and that already increases the "v13" counter instead)

Do I need to perform additional steps? Which?

those configuration made ms edge to have tls 1.3.

It seems like I successfully disable tls 1.0 from what I see in pixelserv stats.
But it seems that some app are still stubbornly using tls 1.2, I suspect it is due to how the program is compiled to do so. One of them for mine is avast antivirus which I block some analysis domain, coz keeping sending stuff out.

with some future goggling, I see that we could modify those .net app behaviour in looking for security protocol without recompiling.
https://kevinchalet.com/2019/04/11/...on-to-support-tls-1-2-without-recompiling-it/
But never try and don’t know where is the config file.

 

[Jumpstarter]

I am trying to compile this to a debian setup.. does anyone have good instructions to do so?
These are my reads from compiling so far

$ make
make  all-am
make[1]: Entering directory '/home/pi/pixelserv-tls'
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-pixelserv.o -MD -MP -MF .deps/pixelserv_tls-pixelserv.Tpo -c -o pixelserv_tls-pixelserv.o `test -f 'pixelserv.c' || echo './'`pixelserv.c
mv -f .deps/pixelserv_tls-pixelserv.Tpo .deps/pixelserv_tls-pixelserv.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-socket_handler.o -MD -MP -MF .deps/pixelserv_tls-socket_handler.Tpo -c -o pixelserv_tls-socket_handler.o `test -f 'socket_handler.c' || echo './'`socket_handler.c
mv -f .deps/pixelserv_tls-socket_handler.Tpo .deps/pixelserv_tls-socket_handler.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-certs.o -MD -MP -MF .deps/pixelserv_tls-certs.Tpo -c -o pixelserv_tls-certs.o `test -f 'certs.c' || echo './'`certs.c
mv -f .deps/pixelserv_tls-certs.Tpo .deps/pixelserv_tls-certs.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-util.o -MD -MP -MF .deps/pixelserv_tls-util.Tpo -c -o pixelserv_tls-util.o `test -f 'util.c' || echo './'`util.c
mv -f .deps/pixelserv_tls-util.Tpo .deps/pixelserv_tls-util.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-logger.o -MD -MP -MF .deps/pixelserv_tls-logger.Tpo -c -o pixelserv_tls-logger.o `test -f 'logger.c' || echo './'`logger.c
mv -f .deps/pixelserv_tls-logger.Tpo .deps/pixelserv_tls-logger.Po
gcc -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -Wl,--gc-sections -s  -o pixelserv-tls pixelserv_tls-pixelserv.o pixelserv_tls-socket_handler.o pixelserv_tls-certs.o pixelserv_tls-util.o pixelserv_tls-logger.o  -lssl -lcrypto -lpthread -lrt -ldl
make[1]: Leaving directory '/home/pi/pixelserv-tls'
 $ sudo make install
make[1]: Entering directory '/home/pi/pixelserv-tls'
 /bin/mkdir -p '/usr/local/bin'
  /usr/bin/install -c pixelserv-tls '/usr/local/bin'
 /bin/mkdir -p '/usr/local/share/man/man1'
 /usr/bin/install -c -m 644 pixelserv-tls.1 '/usr/local/share/man/man1'
make[1]: Leaving directory '/home/pi/pixelserv-tls'

I cannot figure out where i could be going wrong,or if i am successfully compiling I am not sure how to get it to start.

 

[Jumpstarter]

got a little bit further this time...

This package will be built according to these values:

0 -  Maintainer: [ root@raspberrypi ]
1 -  Summary: [ Package created with checkinstall 1.6.2 ]
2 -  Name:    [ pixelserv-tls ]
3 -  Version: [ 2.3.0 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ armhf ]
8 -  Source location: [ pixelserv-tls ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ pixelserv ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Enter a number to change any of them or press ENTER to continue:

Installing with make install...

========================= Installation results ===========================
make[1]: Entering directory '/home/pi/pixelserv-tls'
 /bin/mkdir -p '/usr/local/bin'
  /usr/bin/install -c pixelserv-tls '/usr/local/bin'
 /bin/mkdir -p '/usr/local/share/man/man1'
 /usr/bin/install -c -m 644 pixelserv-tls.1 '/usr/local/share/man/man1'
make[1]: Leaving directory '/home/pi/pixelserv-tls'

======================== Installation successful ==========================

Copying documentation directory...
./
./LICENSE
./ChangeLog
./INSTALL
./README.md

Copying files to the temporary directory...OK

Stripping ELF binaries and libraries...OK

Compressing man pages...OK

Building file list...OK

Building Debian package...OK

Installing Debian package...OK

Erasing temporary files...OK

Writing backup package...OK
OK

Deleting temp dir...OK


**********************************************************************

 Done. The new package has been installed and saved to

 /home/pi/pixelserv-tls/pixelserv-tls_2.3.0-1_armhf.deb

 You can remove it from your system anytime using:

      dpkg -r pixelserv-tls

**********************************************************************

 $ sudo dpkg -i /home/pi/pixelserv-tls/pixelserv-tls_2.3.0-1_armhf.deb
(Reading database ... 161435 files and directories currently installed.)
Preparing to unpack .../pixelserv-tls_2.3.0-1_armhf.deb ...
Unpacking pixelserv-tls (2.3.0-1) over (2.3.0-1) ...
Setting up pixelserv-tls (2.3.0-1) ...
Processing triggers for man-db (2.8.5-2) ...