pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[IT Guy]

Saw this in my routers systemlogg:

Oct 12 03:02:07 pixelserv-tls[27355]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.mopub.com
Oct 12 03:02:07 pixelserv-tls[27355]: tls_servername_cb: fail to create sslctx or cache _.mopub.com

Is something broken?

 

[kvic]

Saw this in my routers systemlogg:

Oct 12 03:02:07 pixelserv-tls[27355]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.mopub.com
Oct 12 03:02:07 pixelserv-tls[27355]: tls_servername_cb: fail to create sslctx or cache _.mopub.com

Is something broken?

yes.

Bring your usb stick offline, and do a disk scan for possible error.

Or purpge certs except ca.key & ca.crt and restart pixelserv-tls.

 

[kvic]

Openssl 1.1.1 and pixelserv-tls 2.2.0 compiled from source on my Raspberry Pi, pixelserv-tls running with 'tls1_3' flag set according to the stats page.

All seems to be running fine, thanks kvic

Sweet news.

Perhaps you could create a raspbian binary package for pixelserv-tls. More raspbian users could benefit.

Just a suggestion. Apparently you should enjoy pixelserv-tls first. lol

 

[IT Guy]

Ok I change my USB to a new one and installed everything fresh.
Is the pixelserv 2.2.0 working correcly when blocking https ads?
It does not show a white pixel but shows this text: "The content was blocked because it has not been signed with a valid security certificate" Im using internet explorer and edge browser. What that meens is that it acctually redirects the https ad to pixelserver that I have on https:\\192.168.2.2 and it reads an ca but I guess its not valid.

I have tried this:
start pixelserver with switch -R (had no effect)
Purge generated certificates (had no effect)

I have read this: https://stackoverflow.com/questions...sl-certificate-for-ip-address-not-domain-name So Im wondering is pixelservers CA only valid when pixel server runs on a specific IP address?

The webpage that gave me "The content was blocked because it has not been signed with a valid security certificate" is:
https://www.file-upload.com/9j2bw0ha3781
Make sure you have "pagead2.googlesyndication.com" in your whitelist or not blocked.
If get a white area, then Im wondering what IP does your pixelserver run on?

 

[Popov]

The error message comes from your browser, not pixelserv.
It just says pixelserv is working as expected, but your browser is missing a setting or an authorisation to accept the certificate deemed invalid until proven otherwise.

Restore from your previous usb key the CA files and place them on your new key, or if you don't care having to do the refresh for each client, connect to http://<your pixelserv ip>/ca.crt to install the current CA on your browser.

 

[jrmwvu04]

Perhaps you could create a raspbian binary package for pixelserv-tls. More raspbian users could benefit.

Seconded. I'm a big fan of binaries.

 

[kvic]

What that meens is that it acctually redirects the https ad to pixelserver that I have on https:\\192.168.2.2 and it reads an ca but I guess its not valid.

The value of "pixelserv ip" is irrelevant in pixelserv-tls' operation. The CA cert matters. The one installed in pixelserv-tls should match the one imported on clients.

As people seem to use routers like a Win95 machine..lol, it's always a good idea to backup ca.crt & ca.key and restore them after you re-install pixelserv-tls.

It saves you hassle from importing a new CA cert on all your clients (and weird issues you might not know how to diagnose..).

 

[IT Guy]

Saw this in my routers syslog:


Oct 12 23:06:42 pixelserv-tls[18241]: pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:44 flags: no_tls1_3) options: 192.168.2.2 -R
Oct 12 23:06:43 pixelserv-tls[18241]: Listening on :192.168.2.2:443
Oct 12 23:06:43 pixelserv-tls[18241]: Listening on :192.168.2.2:80
Oct 12 23:19:23 Diversion: created br0ixelserv-tls 192.168.2.2, from /opt/etc/init.d/S80pixelserv-tls
Oct 12 23:19:23 pixelserv-tls[18241]: 761 uts, 1 log, 1 kcc, 15 kmx, 1.02 kvg, 3 krq, 342 req, 358 avg, 565 rmx, 16 tav, 259 tmx, 0 slh, 55 slm, 0 sle, 202 slc, 60 slu, 0 v13, 0 v12, 0 v10, 0 uca, 0 ucb, 0 uce, 52 ush, 44 sct, 248 sch, 14 scm, 0 scp, 0 sst, 0 ssh, 245 ssm, 0 ssp, 5 nfe, 0 gif, 0 ico, 9 txt, 0 jpg, 2 png, 0 swf, 0 sta, 0 stt, 8 ufe, 0 opt, 0 pst, 0 hed, 0 rdr, 0 nou, 0 pth, 0 204, 0 bad, 0 tmo, 203 cls, 0 cly, 0 clt, 0 err
Oct 12 23:19:25 Entware (armv7sf-k2.6): Started pixelserv-tls (Diversion) from /opt/bin/diversion
Oct 12 23:19:25 pixelserv-tls[19151]: pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:44 flags: no_tls1_3) options: 192.168.2.2 -R
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.g.doubleclick.net
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.google-analytics.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.rubiconproject.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.adnxs.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.google.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.richmetrics.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.blogblog.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.google.se
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.taboola.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.remarketingpixel.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.ts.360.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.urldelivery.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/pushance.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.cloudfront.net
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.adform.net
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.pubmatic.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.codigo.se
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.videoplaza.tv
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.ywxi.net
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/g27zkdvsxl.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.expressen.se
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.polyfill.io
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.rampanel.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.clksite.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.emocore.se
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/ie8eamus.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.betrad.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.crwdcntrl.net
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.exoclick.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.exosrv.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.githubapp.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.googlesyndication.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.googletagmanager.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.mgr.consensu.org
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.msn.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.mydatabankapp.com
Oct 12 23:19:25 pixelserv-tls[19151]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.onesignal.com
Oct 12 23:19:25 pixelserv-tls[19151]: Listening on :192.168.2.2:443
Oct 12 23:19:25 pixelserv-tls[19151]: Listening on :192.168.2.2:80
Oct 12 23:19:56 Diversion: created br0ixelserv-tls 192.168.2.2, from /opt/etc/init.d/S80pixelserv-tls
Oct 12 23:19:57 pixelserv-tls[19151]: 32 uts, 1 log, 0 kcc, 0 kmx, 0.00 kvg, 0 krq, 0 req, 0 avg, 0 rmx, 0 tav, 0 tmx, 0 slh, 0 slm, 0 sle, 0 slc, 0 slu, 0 v13, 0 v12, 0 v10, 0 uca, 0 ucb, 0 uce, 0 ush, 0 sct, 0 sch, 0 scm, 0 scp, 0 sst, 0 ssh, 0 ssm, 0 ssp, 0 nfe, 0 gif, 0 ico, 0 txt, 0 jpg, 0 png, 0 swf, 0 sta, 0 stt, 0 ufe, 0 opt, 0 pst, 0 hed, 0 rdr, 0 nou, 0 pth, 0 204, 0 bad, 0 tmo, 0 cls, 0 cly, 0 clt, 0 err
Oct 12 23:19:57 pixelserv-tls[19418]: pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:44 flags: no_tls1_3) options: 192.168.2.2 -R
Oct 12 23:19:57 pixelserv-tls[19418]: Listening on :192.168.2.2:443
Oct 12 23:19:57 pixelserv-tls[19418]: Listening on :192.168.2.2:80
Oct 12 23:19:59 Entware (armv7sf-k2.6): Started pixelserv-tls

So what does "create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/" is there something wrong and how to fix it?

 

[kvic]

So what does "create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/" is there something wrong and how to fix it?

I believe you perhaps mix & match an old (new) CA cert with new (old) auto generated certs.

If that's the case, to clean up your mess:

• Manually make a backup of ca.crt & ca.key inside CERT_PATH.
• Remove everything inside CERT_PATH.
• Copy the backup of ca.crt & ca.key back into CERT_PATH
• Then restart pixelserv-tls or simply reboot your router.

where CERT_PATH is /opt/var/cache/pixelserv

 

[kvic]

Quick question about latest version..

Do I install the Statically linked pixelserv-tls (support TLS 1.3 and versions <= 1.2) or the Regular pixelserv-tls (support TLS versions <= 1.2)

For ARM routers, people have a choice of a "static" or "dynamic" binary of pixelserv-tls 2.2.0 when you install using my script.

Here is the story. For router users on this forum, you aren't going to get the new OpenSSL 1.1.1 library from anywhere anytime soon on your routers. TLS 1.3 requires v1.1.1. Hence, it means you won't be able to enjoy the faster TLS 1.3 with pixelserv-tls.

The essence of the "static" binary is to include a copy of OpenSSL 1.1.1 in the same binary of pixelserv-tls. So people can start enjoying a snappier browsing experience today or as soon as you get a TLS 1.3 browser in October/November timeframe.

It's purely a service from me to the community on this forum. Enjoy it while it lasts. Appreciate it while it's available for free. History hardly repeats itself in the same way. For people with a choice, there is no reason not to run the "static" binary.

 

[quant88]

I have installed statically linked pixelserv-tls and never look back
Both browser and server sites have to support TLS1.3 to enjoy the faster and more secure benefits.

 

[elorimer]

For people with a choice, there is no reason not to run the "static" binary.

Plus, if I recall correctly, it is compiled with the memory optimization flag, and that wasn't going to happen with the Entware versions.

 

[kvic]

Spot on! @elorimer. One stone two falcons..

 

[XIII]

The provisioning profile has been expired. Can’t be use.

I just tried to download it (but did not install it; probably want to do that on an older device) and it does not seem to be expired?

I see 2 certificates in the profile; one expiring in April 2021 and the other in May 2028.

Might experiment with this later...

 

[DonnyJohnny]

I just tried to download it (but did not install it; probably want to do that on an older device) and it does not seem to be expired?

I see 2 certificates in the profile; one expiring in April 2021 and the other in May 2028.

Might experiment with this later...

https://forums.developer.apple.com/message/312704#312704

 

[XIII]

https://forums.developer.apple.com/message/312704#312704

Ah, too bad...

Thanks for the link!

 

[IT Guy]

Im wondering what command do I use to generate a new ca.crt & ca.key?
I have SSH into the router.

Also one more question, if I change pixelservs IP do I also need to generate new ca.crt and ca.key?

Im on pixelserv 2.2 but I think old cert from previus version message things up...

Thanks for your help =D

 

[Protik]

Im wondering what command do I use to generate a new ca.crt & ca.key?
I have SSH into the router.

Also one more question, if I change pixelservs IP do I also need to generate new ca.crt and ca.key?

Im on pixelserv 2.2 but I think old cert from previus version message things up...

Thanks for your help =D

See here: https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate

 

[XIII]

https://forums.developer.apple.com/message/312704#312704

However for my download of that profile the removal date (as given by the "security" command) is somewhere in 2019; not 2018-01-01...

So I might experiment with this after all!

 

[skeal]

SOLVED: @kvic Can you help me with this command to create webui cert? I use this command:

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"

When I have used this in the past it restarts the webui and then you can log in and test to see the lock icon. The webui never restarts and even though it looks configured the sample https://192.168.14.1:port number shows not https://router.asus.com:port number in the webui at the bottom of the system page. Something not quite right since restoring to factory defaults. Oh I have went to /opt/var/cache/pixelserv and copied the ca.crt and imported it into my browser, so I'm ready to go. Thanks in advance!

EDIT: By the way the script runs with no errors. It says it has done the job, enjoy.