Quick question
Ram
Can someone point me to a place which details how I could run pagekite
on my own domain/servers? For starters I would like to run it on two
servers and one domain name.
Einar Jón
If you use a CNAME, this page explains how to link
domain.<username>.pagekite.me to your own domain.
http://pagekite.net/wiki/Howto/CnamePageKites/
Start with this page to get the servers running if you haven't done so
already.
http://pagekite.net/support/quickstart/
If that's not enough, just give a few more details on what you have
and how you want to set it up and I'm sure that someone who actually
knows something will help you out.
Cheers
Einar Jón
Ram
Thanks Einar. Here is where I'm right now:
I want to first setup a https system (1frontend + multiple backends)
so that anyone going to https://name.mydomain.com is forwarded to the
correct machine/webserver. I can run pagekite.py on the server as a
frontend and have been able to point *.mydomain.com to that server. So
nslookup joe.mydomain.com --> Gives the static ip of my server where
pagekite frontend is running with the following config:
--isfrontend
--ports=443 --protos=https
--domain=https:*.mydomain.com:mypassword
When i try to connect my backend https server running at localhost:
8888, using the following config:
--frontend=name.mydomain.com:443 --
backend=https:name.mydomain.com:localhost:8888:mypassword
I get REJECTED: https:name.mydomain.com (invalid or out of quota)
when I add --fe_certname=name.mydomain.com
I get the following error:
Failed to connect to x.x.x.x (my IP)
I guess I'm doing something wrong with either the configuration or the
certificates. Can anyone please help?
Also, for each name.mydomain.com , I would like to have a unique
secret. How is this done?
Thanks,
--Ram.
On Jan 5, 6:27 am, Einar Jón <tolvupos...@gmail.com> wrote:
> It should be documented on the PageKite site.
>
> If you use a CNAME, this page explains how to link
> Start with this page to get the servers running if you haven't done so
Ram
I also tried it again on a fresh ubuntu system. This time I installed
pagekite using apt-get without problems.
Got a domain name and set its *.mydomain.com --> to point to <my
static ip> Also set mydomain.com to resolve to the same ip.
In /etc/pagekite.d/ --
Removed everything from 10_account.rc and left the file there.Left the
80_* as it is (Note: I am only interested in exposing https
servers)Set --> cat /etc/pagekite.d/
20_frontends.rcisfrontendrunas=nobody:nogroupports=443protos=httpsdomain=https:*.mydomain.com:justa_plain_text_passwordfrontend=mydomain.com:
443fe_certname=mydomain.comca_certs=/etc/pagekite.d/site-cert.pem
Once I start pagekit, here is what the log says:
# cat /var/log/pagekite/pagekite.log
optfile_/etc/pagekite.d/10_account.rc=ok; started=/usr/bin/pagekite;
ll=0; ts=4f068a3d; argv=--pidfile /var/run/pagekite.pid --clean --
runas=daemon:daemon --logfile=/var/log/pagekite/pagekite.log --optdir=/
etc/pagekite.d --noloop; platform=linux2; version=0.4.5a; ca_certs=/
etc/pagekite.d/site-cert.pem; optfile_/etc/pagekite.d/
20_frontends.rc=ok
info=Collecting entropy for a secure secret.; ll=1;
ts=4f068a3ddebug=Seeded signatures using /dev/urandom, hooray!; ll=2;
ts=4f068a3did=s1; ll=3; ts=4f068a3d; listen=:443ts=4f068a3d; ll=4;
uid=65534; gid=65534ts=4f068a3d; ll=5; debug=FIXME: Should try epoll!
ts=4f068a3d; ll=6; accept=~230.76:56953; id=s1ts=4f068a3d; ll=7;
debug=No back-end; on_port=443; proto=http; domain=blib.us; is=FE;
id=s3/~230.76:56953ts=4f068a3d; ll=8; wrote=342; wbps=0; read=0;
eof=1; id=s3/~230.76:56953ts=4f068a3d; ll=9; err=Server response
parsing failed: (503, 'Unavailable'); id=s2ts=4f068a3d; ll=a; eof=1;
id=s2ts=4f068a3d; ll=b; info=Failed to connect; FE=<static ip of my
server>:443#
Any ideas how to fix this? Why is my FE failing to connect to itself?
Also: What should be the configurations for my different backends. Is
there a way to set the password for the different backends separately
and authenticate them on my FE?I guess it will take time to get
pagekite working for one server and multiple clients for starters. I
hope I can get help here.
Thanks,--Ram
Ram
For some reason google messed up my formatting:
This should help:
http://paste.pocoo.org/show/530797/
Thanks,
--Ram
Bjarni Rúnar Einarsson
On Fri, Jan 6, 2012 at 5:51 AM, Ram <mobileb...@gmail.com> wrote:
> 20_frontends.rc
> isfrontend
> runas=nobody:nogroup
> ports=443
> protos=https
> domain=https:*.mydomain.com:justa_plain_text_password
> frontend=mydomain.com:443
> fe_certname=mydomain.com
> ca_certs=/etc/pagekite.d/site-cert.pem
You don't need all those settings, many of those are only useful on the back-end
and the uid/gid stuff is configured in the sysv init script. I would recommend
deleting: runas, frontend, fe_certname and ca_certs. Also make sure
all the other
.rc files in /etc/pagekite.d are empty.
So just leave:
isfrontend
ports=443
protos=https
domain=https:*.mydomain.com:justa_plain_text_password
Then restart the service with `service pagekite restart`.
It doesn't actually matter which .rc file those lines go in, but
20_frontends.rc is
probably a good choice.
For testing, you can also just run it from the command-line, like so:
pagekite --clean --isfrontend --ports=443 --protos=https --domain=...
> Also: What should be the configurations for my different backends. Is
> there a way to set the password for the different backends separately
> and authenticate them on my FE?
Sure, you can have multiple domain= lines, without the wildcard and each
with its own password:
domain=https:foo.mydomain.com:foopassword
domain=https:bar.mydomain.com:barpassword
domain=https:baz.mydomain.com:bazpassword
For the backends, you should be able to connect with a command-line like this:
pagekite --clean \
--frontend=mydomain.com:443 \
--backend=https:foo.mydomain.com:localhost:443:foopassword
(The --clean argument just ignores any configuration files, thus
avoiding confusion.)
You can then put those two arguments in ~/.pagekite.rc for running from the
command line, or if you are using the debian package on the back-end and
want things to start up just delete all lines from all the files and
put a single
frontend=... line in 20_frontends.rc and the backend= line in a new file named
443_httpd.rc.
That should be enough to get you up and running. This setup assumes you have
an HTTPS server with its own certificate on localhost:443, and the pagekite
connections themselves will be unencrypted (which shouldn't matter much as you
are only transporting encrypted HTTPS streams).
Getting HTTPS enabled for the pagekite connection itself is a little
more involved, but
if you like we can go over that once you've got the basics working.
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: https://pagekite.net/
Ram
Thanks for the help. Just tested your suggestion on windows, and it
worked. One more question: At the backed, I'm trying to execute
pagekite.py from inside my python code. How can this be done?
Just a simple import outputs this cryptic message:
>>> import pagekite
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "pagekite.py", line 6529, in <module>
sys.modules["pagekite"].open = __comb_open
AttributeError: 'NoneType' object has no attribute 'modules'
I tried to fix "open = __comb_open" , but it seems there is a cascade
here...
Bjarni Rúnar Einarsson
The pagekite.py as distributed on http://pagekite.net/downloads/ is
not suitable for importing into other python programs. However, if
you either install the .deb/.rpm packages, or check out code from
github (https://github.com/pagekite/PyPagekite), you will get code
that is usable in this way.
Ram
Thanks for all the help. I've gotten both one frontend and backend to
work now. I had a few more questions:
How can I find out which user is using how much bandwidth every day?
Or add a quota to each user?
Is there a way to dynamically add / delete users instead of adding/
deleteing lines like "domain=https:baz.mydomain.com:bazpassword " and
then restarting the daemon? Perhaps from a database? When the daemon
restarts, are the connections between frontend/backend dropped?
Also, if the network (uplink/downlink) seems very slow, how can I
debug it?
It would be nice to add my questions and your answers to the FAQ, just
my thoughts.
Thanks,
--Ram
Bjarni Rúnar Einarsson
>
> Thanks for all the help. I've gotten both one frontend and backend to
> work now. I had a few more questions:
Great, congratulations. :-)
> How can I find out which user is using how much bandwidth every day?
> Or add a quota to each user?
The bandwidth usage can be aggregated by parsing the logs.
Quotas are checked as part of the remote-authentication protocol,
which I'm sorry to say hasn't really been documented yet - you'll
have to read the source. This also handles delegation of user
authentication and kite creation to an external system.
See below for more about on this.
> When the daemon restarts, are the connections between
> frontend/backend dropped?
Yes, but the client should reconnect quite quickly.
> Also, if the network (uplink/downlink) seems very slow, how can I
> debug it?
The --debugio flag turns on full debugging for pagekite - it is very verbose.
I am not sure whether it will help or not, if you are having network troubles
then traditional tools should apply.
...
It sounds to me like you are trying to create your own custom version of
the pagekite.net service! Although this is explicitly allowed by our AGPLv3
license, there are limits to how much free support we will provide to our
competitors. ;-)
Please consider getting in touch with us outside the mailing list and buy a
support contract or become an early adopter of the still-in-development
white-label (using your own domain) version of the service. This will
support the ongoing development of PageKite and give you better access
to our unreleased internal systems and experience - both of which should
make your job a whole lot easier.
Tito Brasolin
Bjarni Rúnar Einarsson
That looks really good, well done. :-)
It might also be worth adding a link to PdnsRedis, which is the basis upon which pagekite.net builds both our dynamic DNS and DNS-based authentication: https://pagekite.net/wiki/Floss/PyPdnsRedis/
(We subclass PdnsChatter and add logic to communicate with our user DB and process the auth requests)
- Bjarni
Hi Bjarni, yesterday in the night I was a bit sleepless playing with your wiki and I published this page: https://pagekite.net/wiki/Howto/DnsBasedAuthentication It's not very technical (I was just trying and figure out how remote authentication works) but maybe it can be helpful for other users?