Menu
What's new
By:
Filters Better Search

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

nick_max said:
I can't do this now, because I'm away from the router, but I'll do it when I return.
Click to expand...
Once you're back in, try the command uiDivStats runs in the SSH terminal:
Code: 
/usr/sbin/curl -s --retry 3 "http://192.168.1.20/servstats" -o /tmp/psservstats
It should finish within a second. If not then you still have a problem.
If it did work, you could run this command, if pixelserv-tls is up and running it would produce a long string of html code:
Code: 
[ -f /tmp/psservstats ] && cat /tmp/psservstats && rm /tmp/psservstats
 
nick_max said:
Thank you, I was thinking of the same solution.
The only USB device connected is the one where Entware is installed.

I can't do this now, because I'm away from the router, but I'll do it when I return.

Cheers!
Click to expand...
Just tested it, my suggestion to manually assign the pixelserv-tls IP to regain access to the WebUI works.
 
thelonelycoder said:
Just tested it, my suggestion to manually assign the pixelserv-tls IP to regain access to the WebUI works.
Click to expand...
Thank you, will do that when I'm back home.
Meanwhile I tried creating a new VM in bridged mode and tried assigning the pixelserv IP - no go because of active IP conflict. For this to work, I need to turn off the router and remove the Entware USB.

Next time I'll pay more attention when changing access rules :)
 
Butterfly Bones said:
No, there were questions about your script and TLS server certificates. I research that more and ended up using the merlin script that another poster here had modified with the new requirements. I know the EKU flag is enabled. I inspected the new cert and compared it with the new posted Apple requirements.
Click to expand...

So I have to catch up here this weekend. RL had me by the @@. So the new release will regen BOTH a new 10 year CA and a new 2 year+ pixel-serv which is signed by the new 10YR CA via the amtm menu? You guys also mention running commands from the Asad and merlin's scripts to create the certs. I'm now a bit confused.

1) Are there pointers somewhere in instructions to the above commands us mortals can easily folllow?
2) I see the discussion about a 10 year CA being used to sign the newly generated pixelserv cert...so we should NOT need to generate a new 10 YR CA each time?
3) So will the the amtm scripting just use your existing CA.crt to sign a newly generated pixelserv-tls cert going forward? (Once it's been regenerated for this whole apple-induced mess? I'm sorry, it's been so long since I first set this up and got it working, I can honestly no longer remember those details. Yeah, aging sux... :( You've been warned! :)

Thanks!
 
Last edited:
@gattaca:

Diversion will allow you to install the new pixelserv compile that will generate iOS compliant scripts. It will also allow you to generate a new 10 year CA cert compliant with the iOS requirements, then purge all the pixelserv certs, which will start to regenerate as compliant pixelserv certs.

The last step is you have to import the new 10 year CA cert into all your browsers/devices.
 
gattaca said:
So I have to catch up here this weekend. RL had me by the @@. So the new release will regen BOTH a new 10 year CA and a new 2 year+ pixel-serv which is signed by the new 10YR CA via the amtm menu? You guys also mention running commands from the Asad and merlin's scripts to create the certs. I'm now a bit confused.

1) Are there pointers somewhere in instructions to the above commands us mortals can easily folllow?
2) I see the discussion about a 10 year CA being used to sign the newly generated pixelserv cert...so we should NOT need to generate a new 10 YR CA each time?
3) So will the the amtm scripting just use your existing CA.crt to sign a newly generated pixelserv-tls cert going forward? (Once it's been regenerated for this whole apple-induced mess? I'm sorry, it's been so long since I first set this up and got it working, I can honestly no longer remember those details. Yeah, aging sux... :( You've been warned! :)

Thanks!
Click to expand...
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424
 
I have 3 basic questions.
1. Is there a diffrence\does it matter if I download a certificate on my PC to USB disk-on-key (from PIXELSERV-IP\ca.crt) and installing the certificate on each PC from the USB or Download on each PC the ca.crt and install it?

2. on /servstats . Is there a parameter which can tell me how much ads were blocked?

3. Do I need to install\purge+generate certificates everytime I do a dirty upgrade ?
 
I was looking at my pixelserv stat and wonder why so many tls 1.2. It seems to be coming from my Windows 10 1903.
By default windows only come with tls 1.2

But after some goggling... I found it!!!
https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Windows 10 with TLS 1.3!
Have fun!!!

Edit:
try to make .net framework to use "SchUseStrongCrypto" & "SystemDefaultTlsVersions"
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
 
Last edited:
Delusion said:
I have 3 basic questions.
1. Is there a diffrence\does it matter if I download a certificate on my PC to USB disk-on-key (from PIXELSERV-IP\ca.crt) and installing the certificate on each PC from the USB or Download on each PC the ca.crt and install it?
Click to expand...
No, whatever is more convenient for you. If you use Firefox, it has its own certificate store apart from Windows' certificate store.
Delusion said:
2. on /servstats . Is there a parameter which can tell me how much ads were blocked?
Click to expand...
req will tell you how many requests were sent to the Pixelserv IP, including your servstats request. slh through slu show the stats on HTTPS requests. The rest tend to be further breakdowns of those main counters for more details of error situations with individual requests.
Delusion said:
3. Do I need to install\purge+generate certificates everytime I do a dirty upgrade ?
Click to expand...
No. But backup your ca.crt and ca.key files in case your USB drive ever fails (from /opt/var/cache/pixelserv/ca.*).
 
thelonelycoder said:
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424
Click to expand...

The pixelserv upgrade worked PERFECTLY! THANK YOU! I've purged the older cert and imported the new 10 Yr ca.crt file into the browsers. GTG! You made my day guys! Just AWSEOME!

I also did this to use the new CERT to with the ASUS webgui. This part is NOT necessary for everything else to work. https://github.com/kvic-z/pixelserv...ixelserv-CA-to-issue-a-certificate-for-WebGUI
 
Last edited:
DonnyJohnny said:
I was looking at my pixelserv stat and wonder why so many tls 1.2. It seems to be coming from my Windows 10 1903.
By default windows only come with tls 1.2

But after some goggling... I found it!!!
https://naughter.wordpress.com/2019/05/23/tls-v1-3-support-finally-on-windows/
No need restart. By note that only windows 10 v1903 and above.

Windows 10 with TLS 1.3!
Have fun!!!

Edit:
try to make .net framework to use "SchUseStrongCrypto" & "SystemDefaultTlsVersions"
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
Click to expand...

windows hurts my brain every time. but I will make this happen on the two machines that need it.
 
heysoundude said:
windows hurts my brain every time. but I will make this happen on the two machines that need it.
Click to expand...
XIII said:
Tried this on 1903 (OS Build 18362.387), but it's still the "v12" counter that increases when I surf to the pixelserv statistics page using Edge.

(I normally use Firefox and that already increases the "v13" counter instead)

Do I need to perform additional steps? Which?
Click to expand...


those configuration made ms edge to have tls 1.3.

It seems like I successfully disable tls 1.0 from what I see in pixelserv stats.
But it seems that some app are still stubbornly using tls 1.2, I suspect it is due to how the program is compiled to do so. One of them for mine is avast antivirus which I block some analysis domain, coz keeping sending stuff out.

with some future goggling, I see that we could modify those .net app behaviour in looking for security protocol without recompiling.
https://kevinchalet.com/2019/04/11/...on-to-support-tls-1-2-without-recompiling-it/
But never try and don’t know where is the config file.
 
I am trying to compile this to a debian setup.. does anyone have good instructions to do so?
These are my reads from compiling so far
Code: 
$ make
make  all-am
make[1]: Entering directory '/home/pi/pixelserv-tls'
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-pixelserv.o -MD -MP -MF .deps/pixelserv_tls-pixelserv.Tpo -c -o pixelserv_tls-pixelserv.o `test -f 'pixelserv.c' || echo './'`pixelserv.c
mv -f .deps/pixelserv_tls-pixelserv.Tpo .deps/pixelserv_tls-pixelserv.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-socket_handler.o -MD -MP -MF .deps/pixelserv_tls-socket_handler.Tpo -c -o pixelserv_tls-socket_handler.o `test -f 'socket_handler.c' || echo './'`socket_handler.c
mv -f .deps/pixelserv_tls-socket_handler.Tpo .deps/pixelserv_tls-socket_handler.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-certs.o -MD -MP -MF .deps/pixelserv_tls-certs.Tpo -c -o pixelserv_tls-certs.o `test -f 'certs.c' || echo './'`certs.c
mv -f .deps/pixelserv_tls-certs.Tpo .deps/pixelserv_tls-certs.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-util.o -MD -MP -MF .deps/pixelserv_tls-util.Tpo -c -o pixelserv_tls-util.o `test -f 'util.c' || echo './'`util.c
mv -f .deps/pixelserv_tls-util.Tpo .deps/pixelserv_tls-util.Po
gcc -DHAVE_CONFIG_H -I.    -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -MT pixelserv_tls-logger.o -MD -MP -MF .deps/pixelserv_tls-logger.Tpo -c -o pixelserv_tls-logger.o `test -f 'logger.c' || echo './'`logger.c
mv -f .deps/pixelserv_tls-logger.Tpo .deps/pixelserv_tls-logger.Po
gcc -DDROP_ROOT -DIF_MODE -DDEFAULT_PEM_PATH=\"/var/cache/pixelserv\" -O3 -Wall -ffunction-sections -fdata-sections -fno-strict-aliasing  -g -O2 -Wl,--gc-sections -s  -o pixelserv-tls pixelserv_tls-pixelserv.o pixelserv_tls-socket_handler.o pixelserv_tls-certs.o pixelserv_tls-util.o pixelserv_tls-logger.o  -lssl -lcrypto -lpthread -lrt -ldl
make[1]: Leaving directory '/home/pi/pixelserv-tls'
 $ sudo make install
make[1]: Entering directory '/home/pi/pixelserv-tls'
 /bin/mkdir -p '/usr/local/bin'
  /usr/bin/install -c pixelserv-tls '/usr/local/bin'
 /bin/mkdir -p '/usr/local/share/man/man1'
 /usr/bin/install -c -m 644 pixelserv-tls.1 '/usr/local/share/man/man1'
make[1]: Leaving directory '/home/pi/pixelserv-tls'

I cannot figure out where i could be going wrong,or if i am successfully compiling I am not sure how to get it to start.
 
got a little bit further this time...

Code: 
This package will be built according to these values:

0 -  Maintainer: [ root@raspberrypi ]
1 -  Summary: [ Package created with checkinstall 1.6.2 ]
2 -  Name:    [ pixelserv-tls ]
3 -  Version: [ 2.3.0 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ armhf ]
8 -  Source location: [ pixelserv-tls ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ pixelserv ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Enter a number to change any of them or press ENTER to continue:

Installing with make install...

========================= Installation results ===========================
make[1]: Entering directory '/home/pi/pixelserv-tls'
 /bin/mkdir -p '/usr/local/bin'
  /usr/bin/install -c pixelserv-tls '/usr/local/bin'
 /bin/mkdir -p '/usr/local/share/man/man1'
 /usr/bin/install -c -m 644 pixelserv-tls.1 '/usr/local/share/man/man1'
make[1]: Leaving directory '/home/pi/pixelserv-tls'

======================== Installation successful ==========================

Copying documentation directory...
./
./LICENSE
./ChangeLog
./INSTALL
./README.md

Copying files to the temporary directory...OK

Stripping ELF binaries and libraries...OK

Compressing man pages...OK

Building file list...OK

Building Debian package...OK

Installing Debian package...OK

Erasing temporary files...OK

Writing backup package...OK
OK

Deleting temp dir...OK


**********************************************************************

 Done. The new package has been installed and saved to

 /home/pi/pixelserv-tls/pixelserv-tls_2.3.0-1_armhf.deb

 You can remove it from your system anytime using:

      dpkg -r pixelserv-tls

**********************************************************************

Code: 
 $ sudo dpkg -i /home/pi/pixelserv-tls/pixelserv-tls_2.3.0-1_armhf.deb
(Reading database ... 161435 files and directories currently installed.)
Preparing to unpack .../pixelserv-tls_2.3.0-1_armhf.deb ...
Unpacking pixelserv-tls (2.3.0-1) over (2.3.0-1) ...
Setting up pixelserv-tls (2.3.0-1) ...
Processing triggers for man-db (2.8.5-2) ...
 
You must log in or register to reply here.

Similar threads

MegaMango
dnsmasq-surrogate for RT-BE88U: Ad Blocking & Security Enhancement
Replies
2
Views
570
MegaMango
MegaMango
L
pixelserv SOLVED - Is PixelServ WebGui script trustworthy at the moment? Redirects to strange website...
Replies
10
Views
4K
gspannu
gspannu
thelonelycoder
Diversion Need help with selecting new set of filter lists / block lists for Diversion 5.0
2
Replies
21
Views
4K
thelonelycoder
thelonelycoder
blacksheep
pixelserv Does "How to best run Pixelserv tls on asuswrt" still apply?
Replies
3
Views
3K
elorimer
E
garycnew
Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD
Replies
13
Views
3K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
C Diversion Pixelserv replacement Asuswrt-Merlin AddOns 2
L Is Diversion better than NextDNS, PiHole or AdGuard Home? Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 816 (members: 15, guests: 801)
Top