登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

user_8034861 / pixelserv-tls

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 1
标签 17
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
openssl
.gitignore
ChangeLog
LICENSE
Makefile
README.md
build.sh
certs.c
certs.h
pixelserv.c
socket_handler.c
socket_handler.h
util.c
util.h
Loading...
README
LGPL-3.0

pixelserv-tls

pixelserv-tls is a fork of pixelserv with added support for HTTPS - the tiny webserver that responds to all requests with "nothing" and yet particularly useful for whitelisting hosts on troubled websites, and for mining "big data" on adservers and trackers.

Certificates for adserver domains are automatically generated at real-time upon first request. All requests to adserver are optionally written to syslogd. The stats in text format are preserved, good for command line parsing. The same stats in HTML format are revamped to be more legible.

Prepare your Root CA cert

pixelserv-tls requires a Root CA cert to run. Assume OpenSSL already installed in your systems. Execute the following statements in a command shell:

  • cd /opt/var/cache/pixelserv
  • openssl genrsa -out ca.key 1024
  • openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

These create a 1024-bit CA cert with Common Name "Pixelserv CA" in /opt/var/cache/pixelserv.

Import ca.crt into Clients

Note that installation of ca.cert on client OS is not mandatory but recommended. Clients without ca.crt will interact smoothly with pixelserv-tls.

iOS

Multiple ways to get it done. The simplest is to email yourself ca.crt. Go to your iOS device. Click on the attachment and follow the instructions.

Here is a guide by IBM that provides a bit more details.

Android

Email yourself the CA cert as attachment. Double click on the attachment and follow on-screen instructions to import the certificate. I found this way the CA cert will be imported in "User" category instead of "System" category. That's no problem as the CA cert is still properly recognized. If people insist on importing into "System" certificates, try this Android guide.

MacOS

In Terminal, type

  • sudo security add-trusted-cert -d -r trustRoot -k /System/Library/Keychains/SystemRootCertificates.keychain ca.crt

Note: since OS X El Capitan, System Integrity Protection need to be disabled first. Reboot, then run the above command line. System Integrity Protection can be enabled afterward. Here is a SIP tutorial to disable/enable System Integrity Protection. ca.crt need to be re-added after every OS update unfortunately.

Windows

Chrome/IE/Edge uses Root CA certs from Windows system-wide repository. Follow this Windows guide carefully to add ca.cert into the system-wide Root CAs.

Firefox manages its own repository of Root CAs. Follow this Firefox guide only if you also run Firefox.

Launch pixelserv-tls

A few examples of launching pixelserv-tls:

  • pixelserv-tls 192.168.1.1
  • pixelserv-tls 192.168.1.1 -p 80 -p 8080 -k 443 -k 2443 -u admin

The first example runs pixelserv as nobody with non-root privilege. Listens on port 80 for HTTP and 443 for HTTPS. The second example additionally listens on 8080 for HTTP and 2443 for HTTPS, and runs as admin - the root account in ASUSWRT.

Binaries

pixelserv-tls is now (circa April 2016) available on Entware-NG. Use opkg install pixelserv-tls to install on supported platforms including Asuswrt/Merlin.

Going forward binaries for Asuswrt/Merlin in Releases section will be provided only on requests.

New command line switches

$ pixelserv-tls --help
Usage:pixelserv-tls
	ip_addr/hostname (all if omitted)
	-2 (disable HTTP 204 reply to generate_204 URLs)
	-f (stay in foreground - don't daemonize)
	-k https_port (443 if omitted)
	-l (log access to syslog)
	-n i/f (all interfaces if omitted)
	-o select_timeout (10 seconds)
	-p http_port (80 if omitted)
	-r (deprecated - ignored)
	-R (disable redirect to encoded path in tracker links)
	-s /relative_stats_html_URL (/servstats if omitted)
	-t /relative_stats_txt_URL (/servstats.txt if omitted)
	-u user ("nobody" if omitted)
	-z path_to_https_certs (/opt/var/cache/pixelserv if omitted)

-k, -l and -z are new options. -k specifies one https port and use multiple times for more ports.

-l will log all ad requests to syslogd. If we don't specify in the command line, no logging which is the default. Access logging can generate lots of data. Either use it only when troubleshoot a browsing issue or you have a more capable syslog on your router (e.g. syslog-ng + logrotate from Entware).

-z specifies the path to certs storage. Each ad domain and its sub-domain will require one wildcard cert. Generated certs will be stored and re-used from there.

Stats

Stats are viewable by default at http://pixelservip/servstats.txt (for raw text format) or http://pixelservip/servstats for html format), where pixelserv ip is the ip address that pixelserv is listening on.

Mnemonics Example Explanation
uts 2d 17:50 pixelserv uptime
log 1 logging access to syslog (0=disabled 1=enabled)
req 18122 total # of requests (HTTP, HTTPS, success, failure etc)
avg 514 bytes average length of request URL
rmx 25965 bytes maximum length of request URL
tav 12 ms average processing time (per request)
tmx 17036 ms maximum processing time (per request)
slh 8824 # of accepted HTTPS requests
slm 5 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but bad)
slu 14 # of dropped HTTPS requests (unknown error)
nfe 3830 # of GET requests for server-side scripting
gif 165 # of GET requests for GIF
ico 0 # of GET requests for ICO
txt 7895 # of GET requests for Javascripts
jpg 9 # of GET requests for JPG
png 6 # of GET requests for PNG
swf 0 # of GET requests for SWF
sta 7 # of GET requests for HTML stats
stt 0 # of GET requests for plain text stats
ufe 956 # of GET requests /w unknown file extension
rdr 799 # of GET requests resulted in REDIRECT response
nou 1 # of GET requests /w empty URL
pth 0 # of GET requests /w malformed URL
204 0 # of GET requests (HTTP 204 response)
pst 588 # of POST requests (HTTP 501 response)
hed 7 # of HEAD requests (HTTP 501 response)
bad 1 # of unknown HTTP requests (HTTP 501 response)
err 0 # of dropped requests (failed to accept client connection)
tmo 1030 # of dropped requests (client timeout before connection accepted)
cls 2828 # of dropped requests (client disconnect before connection accepted)

Forum Discussion for pixelserv-tls

Other References

  • pixelserv: The thread on LinksysInfo.org where the parent of this fork is produced.
  • pixelserv-ddwrt: An even older thread of an early version of pixelserv.
  • Page load time: Measure page load time in Google Chrome
GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library.
Starred
0
Star
0
Fork
0

简介

Tiny web server for sending empty responses to advertisement and tracking requests. 展开 收起
暂无标签
/oldrivers/pixelserv-tls
C
LGPL-3.0
使用 LGPL-3.0 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
C
1
https://gitee.com/oldrivers/pixelserv-tls.git
git@gitee.com:oldrivers/pixelserv-tls.git
oldrivers
pixelserv-tls
pixelserv-tls
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部