1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

pixelserv - A Better One-pixel Webserver for Adblock

Discussion in 'Asuswrt-Merlin' started by kvic, Jul 28, 2015.

  1. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    I bet its my system, not pixelserv
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    Healing on its own is applicable to what you initialised reported and regarding the funky "slowness" and "window inside window" problems on SNBforum. It's based on my experience and a few suggestions in this thread after the issue being repeatedly reported here and elsewhere.

    Generally it won't apply to other websites. So if you're seeing issues with Microsoft Store as well as Windows Update, the diagnosis proposed in #2578 will be able to open up the problem and bring it forward.
     
  4. Spydawg

    Spydawg Regular Contributor

    Joined:
    Sep 6, 2014
    Messages:
    91
    Well home now after work.

    Cleared all cache in Google, did a full flush/renew dns on my system and rebooted the router for good measure.
    Reset the network to defaults in windows 10 and ran the windows 10 troubleshooting for networking and reset it to defaults.
    Rebooted the system.

    I'll test it tonight to see if I still have issues.
     
  5. jrmwvu04

    jrmwvu04 Senior Member

    Joined:
    Mar 29, 2016
    Messages:
    469
    Location:
    United States
    If your blocklist is more than just mvps+poyo, you have to be able and willing to use the more verbose logging levels of pixelserv-tls to see what’s being blocked when you run into problems. Or some similar method to detect blocked connections. Pretty much every other public blocklist that people use is too aggressive, with false positives that break functionality. That’s especially the case with windows 10.

    My advice is to just switch to a sane blocklist and, if you insist on going extreme, a browser extension - as that can be toggled off easily.
     
    SMS786 likes this.
  6. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    pixelserv-tls is available on two more platforms.

    Introducing MacOS/Homebrew..

    Homebrew is a very good platform/packager (think of it akin to Entware). It allows people to run a vast amount of Linux tools, utilities, applications and daemons on Apple MacOS.

    If you have a Mac running as an always-on server at home or in office, you could install pixelserv-tls with the following command.

    OpenSSL 1.1.1 is already available. Hence, you get TLS 1.3 support in pixelserv-tls. Also the binary will be compiled on the fly and optimised natively for your hardware.

    Code:
    $ brew install https://kazoo.ga/pixelserv-tls/pixelserv-tls.rb
    
    Introducing Linuxbrew..

    Linuxbrew is a port of Homebrew back to Linux. Homebrew seems become so good that people want it on Linux.

    At the moment, it supports 64-bit x86 or 32-bit ARM machines. I haven't tried it personally but I don't see why it couldn't run on more powerful devices like NAS, Raspberry Pi and other 32-bit SBC's.

    One advantage is you get latest packages almost on everything like OpenSSL 1.1.1 which are hard to come by even on distributions like latest Debian Stretch, Ubuntu 18.x and etc or next to impossible on even powerful Linux appliances.

    Enterprising users could try to get Linuxbrew working on RT-AC68U and RT-AC86U. I don't see how it's not possible. But please don't ask me how as I don't have either devices to experiment.

    To install pixelserv-tls on Linuxbrew:

    Code:
    $ brew install https://kazoo.ga/pixelserv-tls/pixelserv-tls.rb
    
    Both Homebrew/Linuxbrew should configure most things nicely out of box. I've tested briefly on Homebrew and pixelserv-tls works well. Should be same for Linuxbrew though I haven't tried.

    Note that this is more an introduction to interested people to try on your own. It's not an invitation for hand holding tutorials to get it work on your devices. But within my limited time, I'll try best to provide support.
     
  7. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    I saw many people downloaded 2.2.1-rc.1 over the past week. If you haven't, remember to check out kazoo.ga/pixelserv-tls/

    2.2.1-rc.1 is mainly to ensure the porting to MacOS doesn't break anything for ASUS users. You do get one new feature and stability improvement from the effort of porting.

    Going forward only critical releases perhaps may get announced in this thread. If you're interested in trying the latest pixelserv-tls, keep an eye on the above release page instead.

    If you need automatic & reliable email notification, I would suggest creating a GitHub account to "follow" the pixelserv-tls project on GitHub.
     
  8. HardCat

    HardCat Regular Contributor

    Joined:
    Sep 14, 2013
    Messages:
    139
    Location:
    Nova Scotia, Canada
    This morning I attempted to get the latest 2.2.1-rc.1 release with no success. I have done this many times in the past so am not new to the procedure. The entware version of wget is the first to get executed in my path, this did not work at all. After changing to the /usr/sbin/wget version I was able to get the script to execute, however received the following:
    Code:
    Failed to download https://github.com/kvic-z/pixelserv-tls/releases/download/2.2.1-rc.1/pixelserv-tls.2.2.1-rc.1.Entware-3.x.aarch64softfloat.zip.
    Please check your Internet connectivity.
    I checked Internet connectivity and it is fine. Also checked Skynet to make sure it was not blocking. Still no luck. Any suggestions welcome...
     
  9. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    You need to resolve the issue with Entware's wget by 1) getting to the bottom of its error and solve it 2) shortcut if you don't want to spend time: uninstall Entware's version of wget.

    Then try to run install-beta.sh again..
     
  10. HardCat

    HardCat Regular Contributor

    Joined:
    Sep 14, 2013
    Messages:
    139
    Location:
    Nova Scotia, Canada
    That did it! Thanks... (Shortcut solution).
     
  11. JimbobJay

    JimbobJay Occasional Visitor

    Joined:
    Feb 16, 2017
    Messages:
    24
    Hi kvic. I hope you don’t mind me asking on this thread seeing as it’s in relation to running pixelserv-tls on a raspberry pi, not an ASUS router. It’s only because I migrated from running it on my ASUS to my pi and we have spoken about that migration before on this thread, which you also seem to be very active on. (Please let me know if you would rather I delete this post and ask you somewhere else)

    Running the latest 2.2.0 version of pixelserv, I have the flags
    Code:
    flags: tfo tls1_3
    Firstly I was just wondering what the tfo flag means? I couldn’t find it in the GitHub wiki. Would be great - if you manage to find the time, of course - if we could get a list of all the possible flags and their meanings in the wiki.

    Secondly, I have TLS 1.3 enabled, with pixelserv built against OpenSSL 1.1.0 on my pi.

    When I navigate to the servstats page on my iPad, running iOS 12.1, which includes support for TLS 1.3, an app I have called TLS Inspector tells me that the negotiated TLS is 1.3. However, my TLS 1.3 counter is stuck on 0, and no matter how much I browse, only the 1.2 counter is going up. Why is 1.3 not being used?
     
  12. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    This thread means for users of pixelserv-tls on all platforms (which are increasing..). I realise it might not the best place to serve all users. For the time being it could get the job done.

    I love to meet more geeky users and eager to talk to them. So congratulations on your migration to Raspberry Pi!

    "tfo" stands for TCP Fast Open. It's a technology available on newer Linux kernel. It could speed up communication but does require support from both server and client to tango. So here means your pixelserv-tls supports TFO. If you clients happen to support it too, then automagically they will talk faster.

    The flags were mentioned in each release note on the release page kazoo.ga/pixelserv-tls/. Having them in one place on the github's wiki is a good suggestion and is about time to get it done.

    Although you said "OpenSSL 1.1.0", I think you meant v1.1.1. Otherwise, you couldn't get the flag "tls1_3" in pixelserv-tls. So make sure that the openssl library used for building is also the one used for run-time.

    In case, Raspberry Pi doesn't have v1.1.1 as standard installation, you have two options: 1) statically link openssl 1.1.1 to the pixelserv-tls binary. Use "--enable-static" along with the configure script. 2) Perhaps worth installing Linuxbrew that gives you latest versions almost on everything. Instructions to install pixelserv-tls are one or two post above.

    Apple has TLS 1.3 final support built-in in MacOS Mojave 10.14.1 as well as iOS 12.1. But it's disabled by default. You'll need command line to enable it in MacOS. You need an Apple developer profile to enable it iOS. Both perhaps could be found through Google.

    Chrome v70 and Firefox v63 support TLS 1.3 final and will increment counter v13.
     
    Makaveli likes this.
  13. pattiri

    pattiri Senior Member

    Joined:
    Dec 27, 2016
    Messages:
    233
    Location:
    Istanbul, Turkey
    " fonts.googleapis.com" already in whilelist;

    Code:
     Add domain like so: domain.com or www.domain.com
    
     An explanatory comment can be added after this step
    
     Enter domain  [e=Exit] fonts.googleapis.com
    ____________________________________________________
    
     fonts.googleapis.com
     is already in whitelist
    
    But somehow pixelserv blocks it.

    Code:
    Nov  6 19:57:00 pixelserv-tls[1039]: 172.24.5.8 fonts.googleapis.com GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,600&subset=latin,latin-ext HTTP/1.1 secure
    How can I fix this?
     
  14. Protik

    Protik Senior Member

    Joined:
    Oct 31, 2017
    Messages:
    214
    Location:
    /boot
    Try to process the whitelist again. That might solve it.
     
  15. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    Try to whitelist both fonts.googleapis.com and googleadapis.l.google.com.
     
  16. pattiri

    pattiri Senior Member

    Joined:
    Dec 27, 2016
    Messages:
    233
    Location:
    Istanbul, Turkey
    adding "googleadapis.l.google.com" helped. Thanks guys :)
     
  17. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    Glad to see you utilising a powerful feature of pixelserv-tls as shown in your post
    You should preach it to more pixelserv-tls users. A slightly more advanced version in post #2578
     
    quant88 and pattiri like this.
  18. pattiri

    pattiri Senior Member

    Joined:
    Dec 27, 2016
    Messages:
    233
    Location:
    Istanbul, Turkey
    -l 4 option is enabled for me since I've installed pixelserv-tls ;)
     
  19. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    I should enlist you in next major beta testing. '-l 4' is lots of logging. It stresses both pixelserv-tls and your router. I would be really surprised if you tell me pixelserv-tls seldom crash..

    v2.2.0 has sped up logging a lot. Did you actually notice improved tav when compared to previous versions?
     
  20. pattiri

    pattiri Senior Member

    Joined:
    Dec 27, 2016
    Messages:
    233
    Location:
    Istanbul, Turkey
    I can say yes. It was more than 20ms before but since v2.2.0 it's always below 20ms (currently 10 ms)
     
  21. kvic

    kvic Part of the Furniture

    Joined:
    Aug 11, 2014
    Messages:
    2,343
    Location:
    22.4399N 114.2222E
    This is a very good data point. For other readers, this means that beginning with v2.2.0, full-time logging on LEVEL 4 takes up no additional processing time.

    Now if people pair it up with syslog-ng (available from Entware), you could filter all pixelserv-tls logging into its own files..for archival purpose, data mining and etc.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!