pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[Spydawg]

Well home now after work.

Cleared all cache in Google, did a full flush/renew dns on my system and rebooted the router for good measure.
Reset the network to defaults in windows 10 and ran the windows 10 troubleshooting for networking and reset it to defaults.
Rebooted the system.

I'll test it tonight to see if I still have issues.

 

[jrmwvu04]

If your blocklist is more than just mvps+poyo, you have to be able and willing to use the more verbose logging levels of pixelserv-tls to see what’s being blocked when you run into problems. Or some similar method to detect blocked connections. Pretty much every other public blocklist that people use is too aggressive, with false positives that break functionality. That’s especially the case with windows 10.

My advice is to just switch to a sane blocklist and, if you insist on going extreme, a browser extension - as that can be toggled off easily.

 

[kvic]

pixelserv-tls is available on two more platforms.

Introducing MacOS/Homebrew..

Homebrew is a very good platform/packager (think of it akin to Entware). It allows people to run a vast amount of Linux tools, utilities, applications and daemons on Apple MacOS.

If you have a Mac running as an always-on server at home or in office, you could install pixelserv-tls with the following command.

OpenSSL 1.1.1 is already available. Hence, you get TLS 1.3 support in pixelserv-tls. Also the binary will be compiled on the fly and optimised natively for your hardware.

$ brew install https://kazoo.ga/pixelserv-tls/pixelserv-tls.rb

Introducing Linuxbrew..

Linuxbrew is a port of Homebrew back to Linux. Homebrew seems become so good that people want it on Linux.

At the moment, it supports 64-bit x86 or 32-bit ARM machines. I haven't tried it personally but I don't see why it couldn't run on more powerful devices like NAS, Raspberry Pi and other 32-bit SBC's.

One advantage is you get latest packages almost on everything like OpenSSL 1.1.1 which are hard to come by even on distributions like latest Debian Stretch, Ubuntu 18.x and etc or next to impossible on even powerful Linux appliances.

Enterprising users could try to get Linuxbrew working on RT-AC68U and RT-AC86U. I don't see how it's not possible. But please don't ask me how as I don't have either devices to experiment.

To install pixelserv-tls on Linuxbrew:

$ brew install https://kazoo.ga/pixelserv-tls/pixelserv-tls.rb

Both Homebrew/Linuxbrew should configure most things nicely out of box. I've tested briefly on Homebrew and pixelserv-tls works well. Should be same for Linuxbrew though I haven't tried.

Note that this is more an introduction to interested people to try on your own. It's not an invitation for hand holding tutorials to get it work on your devices. But within my limited time, I'll try best to provide support.

 

[kvic]

I saw many people downloaded 2.2.1-rc.1 over the past week. If you haven't, remember to check out kazoo.ga/pixelserv-tls/

2.2.1-rc.1 is mainly to ensure the porting to MacOS doesn't break anything for ASUS users. You do get one new feature and stability improvement from the effort of porting.

Going forward only critical releases perhaps may get announced in this thread. If you're interested in trying the latest pixelserv-tls, keep an eye on the above release page instead.

If you need automatic & reliable email notification, I would suggest creating a GitHub account to "follow" the pixelserv-tls project on GitHub.

 

[HardCat]

I saw many people downloaded 2.2.1-rc.1 over the past week. If you haven't, remember to check out kazoo.ga/pixelserv-tls/

2.2.1-rc.1 is mainly to ensure the porting to MacOS doesn't break anything for ASUS users. You do get one new feature and stability improvement from the effort of porting.

Going forward only critical releases perhaps may get announced in this thread. If you're interested in trying the latest pixelserv-tls, keep an eye on the above release page instead.

If you need automatic & reliable email notification, I would suggest creating a GitHub account to "follow" the pixelserv-tls project on GitHub.

This morning I attempted to get the latest 2.2.1-rc.1 release with no success. I have done this many times in the past so am not new to the procedure. The entware version of wget is the first to get executed in my path, this did not work at all. After changing to the /usr/sbin/wget version I was able to get the script to execute, however received the following:

Failed to download https://github.com/kvic-z/pixelserv-tls/releases/download/2.2.1-rc.1/pixelserv-tls.2.2.1-rc.1.Entware-3.x.aarch64softfloat.zip.
Please check your Internet connectivity.

I checked Internet connectivity and it is fine. Also checked Skynet to make sure it was not blocking. Still no luck. Any suggestions welcome...

 

[kvic]

The entware version of wget is the first to get executed in my path, this did not work at all. After changing to the /usr/sbin/wget version I was able to get the script to execute, however received the following:

You need to resolve the issue with Entware's wget by 1) getting to the bottom of its error and solve it 2) shortcut if you don't want to spend time: uninstall Entware's version of wget.

Then try to run install-beta.sh again..

 

[HardCat]

You need to resolve the issue with Entware's wget by 1) getting to the bottom of its error and solve it 2) shortcut if you don't want to spend time: uninstall Entware's version of wget.

Then try to run install-beta.sh again..

That did it! Thanks... (Shortcut solution).

 

[JimbobJay]

Hi kvic. I hope you don’t mind me asking on this thread seeing as it’s in relation to running pixelserv-tls on a raspberry pi, not an ASUS router. It’s only because I migrated from running it on my ASUS to my pi and we have spoken about that migration before on this thread, which you also seem to be very active on. (Please let me know if you would rather I delete this post and ask you somewhere else)

Running the latest 2.2.0 version of pixelserv, I have the flags

flags: tfo tls1_3

Firstly I was just wondering what the tfo flag means? I couldn’t find it in the GitHub wiki. Would be great - if you manage to find the time, of course - if we could get a list of all the possible flags and their meanings in the wiki.

Secondly, I have TLS 1.3 enabled, with pixelserv built against OpenSSL 1.1.0 on my pi.

When I navigate to the servstats page on my iPad, running iOS 12.1, which includes support for TLS 1.3, an app I have called TLS Inspector tells me that the negotiated TLS is 1.3. However, my TLS 1.3 counter is stuck on 0, and no matter how much I browse, only the 1.2 counter is going up. Why is 1.3 not being used?

 

[kvic]

Hi kvic. I hope you don’t mind me asking on this thread seeing as it’s in relation to running pixelserv-tls on a raspberry pi, not an ASUS router. It’s only because I migrated from running it on my ASUS to my pi and we have spoken about that migration before on this thread, which you also seem to be very active on. (Please let me know if you would rather I delete this post and ask you somewhere else)

This thread means for users of pixelserv-tls on all platforms (which are increasing..). I realise it might not the best place to serve all users. For the time being it could get the job done.

I love to meet more geeky users and eager to talk to them. So congratulations on your migration to Raspberry Pi!

Firstly I was just wondering what the tfo flag means?

"tfo" stands for TCP Fast Open. It's a technology available on newer Linux kernel. It could speed up communication but does require support from both server and client to tango. So here means your pixelserv-tls supports TFO. If you clients happen to support it too, then automagically they will talk faster.

The flags were mentioned in each release note on the release page kazoo.ga/pixelserv-tls/. Having them in one place on the github's wiki is a good suggestion and is about time to get it done.

I have TLS 1.3 enabled, with pixelserv built against OpenSSL 1.1.0 on my pi.

Although you said "OpenSSL 1.1.0", I think you meant v1.1.1. Otherwise, you couldn't get the flag "tls1_3" in pixelserv-tls. So make sure that the openssl library used for building is also the one used for run-time.

In case, Raspberry Pi doesn't have v1.1.1 as standard installation, you have two options: 1) statically link openssl 1.1.1 to the pixelserv-tls binary. Use "--enable-static" along with the configure script. 2) Perhaps worth installing Linuxbrew that gives you latest versions almost on everything. Instructions to install pixelserv-tls are one or two post above.

When I navigate to the servstats page on my iPad, running iOS 12.1, which includes support for TLS 1.3

Apple has TLS 1.3 final support built-in in MacOS Mojave 10.14.1 as well as iOS 12.1. But it's disabled by default. You'll need command line to enable it in MacOS. You need an Apple developer profile to enable it iOS. Both perhaps could be found through Google.

Chrome v70 and Firefox v63 support TLS 1.3 final and will increment counter v13.

 

[pattiri]

" fonts.googleapis.com" already in whilelist;

 Add domain like so: domain.com or www.domain.com

 An explanatory comment can be added after this step

 Enter domain  [e=Exit] fonts.googleapis.com
____________________________________________________

 fonts.googleapis.com
 is already in whitelist

But somehow pixelserv blocks it.

Nov  6 19:57:00 pixelserv-tls[1039]: 172.24.5.8 fonts.googleapis.com GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,600&subset=latin,latin-ext HTTP/1.1 secure

How can I fix this?

 

[Protik]

" fonts.googleapis.com" already in whilelist;

 Add domain like so: domain.com or www.domain.com

 An explanatory comment can be added after this step

 Enter domain  [e=Exit] fonts.googleapis.com
____________________________________________________

 fonts.googleapis.com
 is already in whitelist

But somehow pixelserv blocks it.

Nov  6 19:57:00 pixelserv-tls[1039]: 172.24.5.8 fonts.googleapis.com GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,600&subset=latin,latin-ext HTTP/1.1 secure

How can I fix this?

Try to process the whitelist again. That might solve it.

 

[kvic]

" fonts.googleapis.com" already in whilelist;

Try to whitelist both fonts.googleapis.com and googleadapis.l.google.com.

 

[pattiri]

Try to whitelist both fonts.googleapis.com and googleadapis.l.google.com.

adding "googleadapis.l.google.com" helped. Thanks guys

 

[kvic]

adding "googleadapis.l.google.com" helped. Thanks guys

Glad to see you utilising a powerful feature of pixelserv-tls as shown in your post

Nov 6 19:57:00 pixelserv-tls[1039]: 172.24.5.8 fonts.googleapis.com GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,600&subset=latin,latin-ext HTTP/1.1 secure

You should preach it to more pixelserv-tls users. A slightly more advanced version in post #2578

 

[pattiri]

Glad to see you utilising a powerful feature of pixelserv-tls as shown in your post

-l 4 option is enabled for me since I've installed pixelserv-tls

 

[kvic]

-l 4 option is enabled for me since I've installed pixelserv-tls

I should enlist you in next major beta testing. '-l 4' is lots of logging. It stresses both pixelserv-tls and your router. I would be really surprised if you tell me pixelserv-tls seldom crash..

v2.2.0 has sped up logging a lot. Did you actually notice improved tav when compared to previous versions?

 

[pattiri]

v2.2.0 has sped up logging a lot. Did you actually notice improved tav when compared to previous versions?

I can say yes. It was more than 20ms before but since v2.2.0 it's always below 20ms (currently 10 ms)

 

[kvic]

I can say yes. It was more than 20ms before but since v2.2.0 it's always below 20ms (currently 10 ms)

This is a very good data point. For other readers, this means that beginning with v2.2.0, full-time logging on LEVEL 4 takes up no additional processing time.

Now if people pair it up with syslog-ng (available from Entware), you could filter all pixelserv-tls logging into its own files..for archival purpose, data mining and etc.

 

[quant88]

2.2.1-rc.1 is as smooth as butter

 

[Clark Griswald]

2.2.1-rc.1 is as smooth as butter
View attachment 15049

+1