Nginx and “masquerading”

There are plenty of ways to be doing unconventional and unexpected things with nginx, and something that has gotten my attention lately is the ability to hide both my own usage of a certain site to my browser/computer/network AND my own IP details for the destination at the same time.

728x90 welcomebonus

This is usable in situations where you might be behind a proxy server that is blocking your access to, for example, https://www.aftonbladet.se – or if Aftonbladet has blocked access for your region. It could in theory be used to hide the original site for the actual client and client network, aswell as the client IP/region for the destination – but the most common usage scenario is likely to hide your origin region from the destination server.

What do you need?

  • A VPS in a region that is not blocking your destination.
  • Your own domain (in this example, yourowndomain.com)
  • Your own SSL certificate for the address you want to use to mask the destination – ie xxy.yourowndomain.com
    You can either purchase one, or use LetsEncrypt or StartSSL. I’d recommend purchasing one for higher client compability, but it all depends on your use case.

First, get your SSL certificate in place. It might take some time to get it issued from your chosen CA, so it’s better to start with this so it’s not a show stopper for you.

Then, get the VPS configured and started with the specifications you need – and point xxy.yourdomain.com to the IP of the VPS.

Install Nginx, and use the below configuration as a base, and modify to fit your needs.

server {
 listen 443 ssl spdy;
 server_name xxy.yourdomain.com;

 ssl_certificate "/path/to/xxy.yourdomain.com.crt";
 ssl_certificate_key "/path/to/xxy.yourdomain.com.key";
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!MD5;
 ssl_session_cache shared:SSL:20m;

 access_log "/var/log/xxy.access.log" upstreamlog;

 location / {
 set $protocol https;

 proxy_ssl_session_reuse on; # If the errors “SSL3_GET_FINISHED:digest check failed” appear in the logs, change to OFF
 proxy_set_header Host www.aftonbladet.se;
 proxy_set_header X-Real-IP "";
 proxy_set_header X-Forwarded-For "";
 proxy_set_header X-Forwarded-Proto "";
 proxy_set_header Accept-Encoding "";

 proxy_pass https://www.aftonbladet.se/;
 proxy_read_timeout 90;

 proxy_redirect https://xxy.yourdomain.com https://www.aftonbladet.se;

 # replace page content
 sub_filter_once off;
 sub_filter_types text/html;
 sub_filter "www.aftonbladet.se" "xxy.yourdomain.com";
 }
}

There are tons of other optimisations you can put into place to make Nginx work even better for you – but the configuration here makes use of SPDY aswell, and will make xxy.yourdomain.com to always be used in all instances where you normally would have been referenced to www.aftonbladet.se

The server is a fully legit “man in the middle”, and it works by reading all traffic from the destination server and replacing all text in the HTML code that matches www.aftonbladet.se with xxy.yourdomain.com – it could in theory be equally bad as an malicious attack if your server gets hacked ,so keep security tight. Don’t forget, the user thinks he/she is accessing a fully legit HTTPS end point, but you are intercepting and decodng the traffic to be able to make these changes to the content.

Read up on iptables if you are not used to setting up filtering software on Linux servers! It’s important.

And ofcourse, if this document has helped you in any way, I would be happy with some feedback via mail – and I’m always grateful for donations. I prefer Bitcoin, but will ofcourse be equally grateful for a Paypal donation. ;)

 

phpBB 3.1 News Robot

I’ve gotten involved in a pretty interesting phpBB forum project lately, and have been noticing that several features and functions that I actually would have expected to exist in phpBB 3.1 are lacking. This has made sure I’ve gone back to some very basic fugly PHP hacking to get the job done.

First up for publishing is my quick News Robot hack for this particular News Forum. It fetches posts from a RSS feed, and posts the “Description” tag as the user “News Robot” in a specific forum section – with a link to the source article aswell. All configurable within the PHP code. The Robot also alters the posting time to the time of the original news post.

Dependencies: dedalozzo @ githubs HTML/bbCode converter.

You need to replace some actual PHP code within phpBB, one file. includes/functions_posting.php, but all instructions are availbale over at github.

Now, I would like to ask you a favour. If you decide to use this bot for your forum, or even build your own with this as a base – please donate! Help me stay motivated to actually release my small useful hacks.

https://github.com/engren/phpbb31-newsrobot

Epson Ecotank L355 – courtesy of Buzzador

 

This is a shameless plug that I am enrolled in the Buzzador program, and this is a blog post that I am writing in that role. You could see it as advertisement, even if everything I write might not be exactly what Epson would prefer to see. :-)

As a comparisment, I have my work horse Brother MFC-J5910DW next to the Epson, and for the next couple of weeks, the plan is to print any document I need to print on both printers and compare the result. Expect this post to be updated accordingly!

epsonl355

First of all, the Buzzador packages (!) arrived just a few hours ago. One box with the printer, and one box with some printer paper (regular and photo) and a USB cable that wasn’t even for a printer. Good thing I have a bunch of various cables saved – so not a show stopper, just frustrating when I wanted to get started ASAP.

Now, unpackaging the printer was nothing interesting. It’s a printer, with the usual protective tape holding all lids etc in place. Not even worth doing an unboxing video off to be honest – but I found somebody on Youtube who made one!

The first thing the manual said was to get ink into the ink container. Should be simple, it’s ink in bottles based on colour (C,M,Y and Bk), just pour it into the containers and be happy. Theoretically, this is a great idea. No need to pay alot of extra cash for small ink containers with some built in electronics – just cheap plastic bottles with the ink that Epson prefers us to use.


ink2

In reality, after testing it out, I feel more like I have been playing around with finger paint. The ink bottles are simply not made for clean operation. It’s a simple aluminium/plastic cover on the bottle, and it must be removed with force rather than a user friendly and mess-free opening…  but nothing that isn’t manageable. Just surprised it went through their product testing department without proper feedback.

fingerpainta

Anyway, some fiddling around, and the ink containers are finally filled with the ink .. and neither the floor or table are ruined with printer ink. Don’t forget to make sure you actually have some paper underneath and nearby just in case.. because this could seriously be a pretty colourful mess if you aren’t careful.

epson-ink

It’s actually a bit weird with this loose ink container on the outside. The only thing keeping it in place is gravity. There’s two hooks, one on each side, that you just drop in place. If it falls out, you only have 4 rubber hoses that’s very short connecting to the printer. If you have it like me, with the container hanging in mid air, an accidental bump by a pet or kids would make it jump out of place – so I am going to reconsider the placement of the printer simply based on this. A safety lock or a small chain or something that’s a bit shorter than the rubber hoses for the ink would have been perfect here.

l355

The next step was even more frustrating. I was going to press a button for 3 seconds. So far, so good. The printer is filling itself up with ink from these containers. A bit unsure exactly why this is done, but I guess it’s to eliminate air bubbles so there will be a smooth fill with the ink.

Now, this took 23 minutes. Twenty three minutes.

I am not kidding. If you run out of ink, it’s a 30-40 minute job to fill it up and to be able to print again. I even had to revisit the manual to confirm that this would take forever – and yep, there it is …  “about 20 minutes”.

I am happy the printer is estimated to print 4000+ documents before it’s time to refill it. If that number was any smaller than this, I would debate that no business ever would be looking at this printer – but with the cheap ink price and the large number of prints that one can print, it’s not completely uninteresting.

As a comparisment, it takes me less than 5 minutes to replace all (!) ink cartridges in the Brother MFC-J5910DW – but I also have to pay about three times as much for those, for half the printing capacity.

What about speed and noise levels?

It’s both quick and relatively quiet, but I would say the same about the Brother printer. Not too much difference spotted so far in that aspect. The Brother delivers a bit better in the darkest (and brightest) sections of a printed image – but for “home day-to-day” things, the EcoTank L355 performs quite well. The price tag of over 3000 SEK had me hoping for a bit more though – but this isn’t a photo printer either.

One thing that threw me a bit off guard during my testing tonight was the lack of ability to print without any borders. This leaves a pretty big white area around whatever you are printing. As an example, I based my invoicing system on printing on A4 papers with no borders in regards to placing the address right for C5 envelopes, so this means that this printer can not be used for this particular task. It also means that any photos will have to be manually cropped using scissors or a cutting machine for the best presentation.

faktura2

This printer also prouds itself with what Epson calls “mobile printing” – which requires an app that is only available to iOS and Android units. The common mistake of leaving all Windows Phone users out of the loop presents itself again, and I can only imagine that the flawed argument “our statistics show that there are less than X% WP users” has been used here.

As a side note; Windows Phone 8, 8.1 and 10 browsers on the web (which most companies seem to base their decisions on) presents itself as Android to get a proper mobile page rendering (since devs only add support for iOS/Android with the same flawed logic), and this flaws the statistics most of us are using, and it certainly makes it easy for project managers to take shortcuts and avoid supporting the third largest mobile operating system in the world.

Lets go, Epson. Bring the Epson app to Windows Phone aswell!

I’ll keep updating this post as I discover new great (or not so great) things about this printer – the next test coming up this week is using the photo paper and to see if that makes any quality difference in regards to the colour reproduction. That’s something I’m looking forward to!