pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[Asad Ali]

If I select a, I am only able to use it to access the web GUI, but not the hostname of the router. Is there a way to get be able to use my router hostname but still show the nice green padlock?

There's still a workaround to somehow do that.

Under Administration->System
Change "Redirect webui access to router.asus.com" to Yes.

After that you can setup the certificate with option "a" and whenever you use the IP address to login, the webui will auto divert you to "router.asus.com" and you'll get a green padlock.

 

[Davidncali001]

Hello,

I just did a clean install of Windows 10 Spring Update and when OneDrive on my PC tried to connect, I got a bad cert warning, stating something about (Pixelserv *.optimizely) is bad or has expired. What is going on? What is optimizley, I looked it up and it seems to be a ad campaign company. Is my router infected? If so what do I do?

 

[quant88]

MEM%=1.4
15 days and still counting
pixelserv-tls 2.1.1 (compiled: Apr 15 2018 13:47:59)
options: -l 2 -c 300

May  1 13:00:30 pixelserv-tls[13925]: 1361020 uts, 2 log, 20 kcc, 85 kmx, 1.57 kvg, 5657 krq, 404149 req, 1771 avg, 81960 rmx, 28 tav, 20009 tmx, 281030 slh, 259 slm, 0 sle, 49969 slc, 35484 slu, 2 uca, 293 uce, 300 sct, 331342 sch, 341 scm, 266 scp, 17 sst, 250590 ssh, 5427 ssm, 0 ssp, 28755 nfe, 462 gif, 60 ico, 9398 txt, 309 jpg, 81 png, 0 swf, 35 sta, 0 stt, 4204 ufe, 39 opt, 257199 pst, 2 hed, 10489 rdr, 1 nou, 2 pth, 0 204, 1247 bad, 5414 tmo, 50705 cls, 1 cly, 0 clt, 3 err

 

[kvic]

Hello,

I just did a clean install of Windows 10 Spring Update and when OneDrive on my PC tried to connect, I got a bad cert warning, stating something about (Pixelserv *.optimizely) is bad or has expired. What is going on? What is optimizley, I looked it up and it seems to be a ad campaign company. Is my router infected? If so what do I do?

Have you re-installed your Pixelserv CA cert? In your browser, goto http://pixelserv ip/ca.crt and follow the prompts to install the CA cert again on your new Windows installation.

Here is more detail: https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices

 

[kvic]

MEM%=1.4
15 days and still counting
pixelserv-tls 2.1.1 (compiled: Apr 15 2018 13:47:59)
options: -l 2 -c 300

SCREENSHOT of my two instances' servstats. On 21st day of the original 2.1.0 (I know it's outdated but it still runs smoothly...).

Memory usage n1: 5MB

Memory usage n2: 4.5MB

 

[Goobi]

When you said "hostname" above, you meant IP address? As-is it's not possible to access webgui by hostname (router.asus.com) as well as IP address (e.g. 192.168.1.1) at the same time.

The reason is that pixelserv-tls has no such usage scenarios. The config-webgui.sh simply leverages pixelserv-tls to generate a server cert for WebGUI.

I meant the name that I have the router the router. Prior to the change I could access the router with either the IP or the custom hostname (ie Kepler). After the change, I am unable to access with those methods.

I was unable to access and had to revert the certs back to regain access. I got a repeater running Merlin in this setup. Would I need to run this on that as well. I may retry this at some point. Thanks.

 

[jrmwvu04]

SCREENSHOT of my two instances' servstats. On 21st day of the original 2.1.0 (I know it's outdated but it still runs smoothly...)

Closing in on 17 days of uptime on the 2.1.1 refresh build with 150 certs cached, still less than 5MB. Running great.

 

[kvic]

I meant the name that I have the router the router. Prior to the change I could access the router with either the IP or the custom hostname (ie Kepler). After the change, I am unable to access with those methods.

Ah, your original question is a perfectly valid one. My answer still applies. I think @Asad Ali 's suggestion may work in this case too. Have you got any time to try?

 

[Goobi]

@kvic I totally missed @Asad Ali post. Did just that and able to access via hostname or IP. Thanks to you both!

If I could trouble you with a related question, I got a an AP in this setup. Can I copy over the pixelserv certs from my main router to my AP? It’s running Merlin and has jffs but nothing custom running on it.

 

[kvic]

If I could trouble you with a related question, I got a an AP in this setup. Can I copy over the pixelserv certs from my main router to my AP? It’s running Merlin and has jffs but nothing custom running on it.

You should be able to run pixelserv-tls on AP.

But if you run ABS on router already, as-is there is no additional benefit in running another instance of pixelserv-tls on AP because ABS cannot work with more than one instance of pixelserv-tls.

 

[bmb]

Having successfully install on the ASUS router I'd now like to install pixelserv-tls on my EdgeRouter-4.

I see there is a deb package for the ER-X, (mipsel), but the ER-4 is 'mips', could you point me in the right direction to get it installed on the ER-4?

 

[kvic]

Having successfully install on the ASUS router I'd now like to install pixelserv-tls on my EdgeRouter-4.

I see there is a deb package for the ER-X, (mipsel), but the ER-4 is 'mips', could you point me in the right direction to get it installed on the ER-4?

I have environment to build for mipsel but not MIPS. So the current deb package for ER-X won't work on ER-4 (or any Cavium based Edgerouters).

In the coming weeks, I'll see if I can get an environment up for MIPS and create a binary package for it. Thanks for your interest in pixelserv-tls for EdgeRouters. And pls be patient..

 

[bmb]

I have environment to build for mipsel but not MIPS. So the current deb package for ER-X won't work on ER-4 (or any Cavium based Edgerouters).

In the coming weeks, I'll see if I can get an environment up for MIPS and create a binary package for it. Thanks for your interest in pixelserv-tls for EdgeRouters. And pls be patient..

That's good news, thank you.

I think those of us that have come to know pixelserv-tls and yourself from this forum have better understanding of it and the use of the client certificate, users on other forums seem nervous about it. The brief discussions about it on the relevant UBNT boards don't really pick up any momentum once 'client certificate' comes up, and given that in many locations a typical EdgeRouter network will possibly have many tens or hundreds of clients I can understand.

Its where they are used in the home/small office that users are looking at DNS based adblocking and pixelserv, so for me pixelserv-tls is the obvious way to go.

Thanks very much for looking after us ER and MIPS users, in due course when you are ready I'll be happy to do any testing.

 

[DonnyJohnny]

I realised if I set -c 300, the preload cert don’t work. Meaning it starts with zero. If I put -c 299, it will preload the cert I have.
Kindly verify.
Thanks.

 

[jrmwvu04]

I realised if I set -c 300, the preload cert don’t work. Meaning it starts with zero. If I put -c 299, it will preload the cert I have.
Kindly verify.
Thanks.

I have been running -c 300 so I was in great position to check. On 9 days uptime, I had 217 certs. Restarted to see all 217 in sct. Appears normal on my end.

 

[DonnyJohnny]

I have been running -c 300 so I was in great position to check. On 9 days uptime, I had 217 certs. Restarted to see all 217 in sct. Appears normal on my end.

Thanks.. I did my test again with 127 sct intact after restart.

Strange it happened on the last time and it starts from zero. Will monitor again.

 

[JaimeZX]

Still looking for a solution to make the pixelserv IP visible to computers on the guest networks. Is this something I could do with an iptables rule maybe? Most of the devices at my place are on guest networks, but unfortunately that means ABS & PS are of limited utility, unless I can get this visibility thing figured out.

something like...

iptables --append INPUT --match tcp --protocol tcp --src 192.168.10.1/24 --dst 192.168.10.3 --jump ACCEPT

 

[Protik]

Have been traveling for a while, so not exactly sure what's cooking around here. But wanted to post this one,

pixelserv-tls 2.1.1 (compiled: Apr 15 2018 13:47:59) options: 192.168.2.2 -c 150 -l 2

uts    36d 03:06    process uptime
log    2    critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc    6    number of active service threads
kmx    50    maximum number of service threads
kvg    1.07    average number of requests per service thread
krq    28    max number of requests by one service thread
req    91514    total # of requests (HTTP, HTTPS, success, failure etc)
avg    1052 bytes    average size of requests
rmx    82042 bytes    largest size of request(s)
tav    35 ms    average processing time (per request)
tmx    8616 ms    longest processing time (per request)
slh    25467    # of accepted HTTPS requests
slm    46    # of rejected HTTPS requests (missing certificate)
sle    0    # of rejected HTTPS requests (certificate available but bad)
slc    30959    # of dropped HTTPS requests (client disconnect without sending any request)
slu    30644    # of dropped HTTPS requests (other TLS handshake errors)
uca    4458    slu break-down: # of unknown CA reported by clients
uce    909    slu break-down: # of unknown cert reported by clients
sct    150    cert cache: # of certs in cache
sch    80603    cert cache: # of reuses of cached certs
scm    67    cert cache: # of misses to find a cert in cache
scp    29    cert cache: # of purges to give room for a new cert
sst    45    sess cache: # of cached TLS sessions (for older non-RFC5077 clients)
ssh    10282    sess cache: # of reuses of cached TLS sessions
ssm    1358    sess cache: # of misses to find a TLS session in cache
ssp    0    sess cache: # of purges to give room for a new TLS session
nfe    11848    # of GET requests for server-side scripting
gif    45    # of GET requests for GIF
ico    2    # of GET requests for ICO
txt    1116    # of GET requests for Javascripts
jpg    0    # of GET requests for JPG
png    10    # of GET requests for PNG
swf    0    # of GET requests for SWF
sta    5    # of GET requests for HTML stats
stt    0    # of GET requests for plain text stats
ufe    106    # of GET requests /w unknown file extension
opt    1    # of OPTIONS requests
pst    7073    # of POST requests
hed    0    # of HEAD requests (HTTP 501 response)
rdr    281    # of GET requests resulted in REDIRECT response
nou    0    # of GET requests /w empty URL
pth    0    # of GET requests /w malformed URL
204    0    # of GET requests (HTTP 204 response)
bad    72    # of unknown HTTP requests (HTTP 501 response)
tmo    36    # of timeout requests (client connect w/o sending a request in 'select_timeout' secs)
cls    31153    # of dropped requests (client disconnect without sending any request)
cly    9077    # of dropped requests (client disconnect before response sent)
clt    0    # of dropped requests (reached maximum service threads)
err    0    # of dropped requests (unknown reason)

 

[martinr]

When running code

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"

to issue a certificate to the webGUI, I see the message that I either don’t have pixelserv installed or running.

I have version 2.1.1 installed and I can obtain servstats in my browser. I can also ping the server (from the router command prompt).

I tried restarting pixelserv and also force updating it (through AMTM), but during the running of the script I still see the message that pixelserv is either not installed or not running.

Any suggestions?

Thanks.

 

[Asad Ali]

When running code

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"

to issue a certificate to the webGUI, I see the message that I either don’t have pixelserv installed or running.

I have version 2.1.1 installed and I can obtain servstats in my browser. I can also ping the server (from the router command prompt).

I tried restarting pixelserv and also force updating it (through AMTM), but during the running of the script I still see the message that pixelserv is either not installed or not running.

Any suggestions?

Thanks.

Run pixelserv-tls -B

And see if it does a benchmark test.


Sent from my iPhone using Tapatalk