Knowledge Base (Posts about proxy)https://bgstack15.ddns.net/blog/enContents © 2025 <a href="mailto:bgstack15@gmail.com">bgstack15</a> <a rel="license" href="https://www.gnu.org/licenses/gpl-3.0.html"> <img alt="GNU General Public License v3.0" style="border-width:0; margin-bottom:12px;" src="https://bgstack15.ddns.net/.images/gplv3-127x51.png"></a>Mon, 29 Dec 2025 14:15:36 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rssowntracks with reverse proxyhttps://bgstack15.ddns.net/blog/posts/2025/12/29/owntracks-with-reverse-proxy/bgstack15<p>I recently improved my <a href="https://bgstack15.ddns.net/blog/posts/2025/11/11/trying-owntracks-to-track-my-mobile-devices/">owntracks deployment</a> to put the frontends behind a reverse proxy! It took me some time to research, because I got distracted with websockets and CORS rabbit trails.</p> <p>What ended up working was the following process.</p> <p>Add these values to the <code>config.js</code>.</p> <div class="code"><pre class="code literal-block"><span class="nt">window</span><span class="p">.</span><span class="nc">owntracks</span><span class="p">.</span><span class="nc">config</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span><span class="w"></span> <span class="w"> </span><span class="n">api</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="w"></span> <span class="w"> </span><span class="n">baseUrl</span><span class="o">:</span><span class="w"> </span><span class="s2">"https://storage3.ipa.example.com/owntracks-map/"</span><span class="p">,</span><span class="w"></span> <span class="w"> </span><span class="p">}</span><span class="o">,</span><span class="w"></span> <span class="w"> </span><span class="nt">router</span><span class="o">:</span><span class="w"> </span><span class="p">{</span><span class="w"></span> <span class="w"> </span><span class="n">basePath</span><span class="p">:</span><span class="w"> </span><span class="s2">"/owntracks-map"</span><span class="p">,</span><span class="w"></span> <span class="w"> </span><span class="p">}</span><span class="o">,</span><span class="w"></span> <span class="err">}</span><span class="o">;</span><span class="w"></span> </pre></div> <p>Add to the Apache httpd reverse proxy virtual host(s) these configs. I bet some of this is redundant.</p> <div class="code"><pre class="code literal-block">ProxyPreserveHost On ProxyPass /owntracks-map http://server4.ipa.example.com:8085 upgrade=websocket ProxyPassReverse /owntracks-map http://server4.ipa.example.com:8085/ upgrade=websocket ProxyPass /owntracks-internal http://server4.ipa.example.com:8083 upgrade=websocket ProxyPassReverse /owntracks-internal http://server4.ipa.example.com:8083/ upgrade=websocket <span class="nt">&lt;Location</span> <span class="err">"/owntracks-internal/ws"</span><span class="nt">&gt;</span> RequestHeader append X-Forwarded-Prefix "/owntracks" RequestHeader append X-Script-Name "/owntracks" <span class="nt">&lt;/Location&gt;</span> <span class="nt">&lt;Location</span> <span class="err">"/owntracks-internal"</span><span class="nt">&gt;</span> RequestHeader append X-Forwarded-Prefix "/owntracks" RequestHeader append X-Script-Name "/owntracks" <span class="nt">&lt;/Location&gt;</span> <span class="nt">&lt;Location</span> <span class="err">"/owntracks-internal/view/"</span><span class="nt">&gt;</span> RequestHeader append X-Forwarded-Prefix "/owntracks" RequestHeader append X-Script-Name "/owntracks" <span class="nt">&lt;/Location&gt;</span> <span class="nt">&lt;Location</span> <span class="err">"/owntracks-internal/static/"</span><span class="nt">&gt;</span> RequestHeader append X-Forwarded-Prefix "/owntracks" RequestHeader append X-Script-Name "/owntracks" <span class="nt">&lt;/Location&gt;</span> <span class="nt">&lt;Location</span> <span class="err">"/owntracks-map/ws"</span><span class="nt">&gt;</span> ProxyPass http://server4.ipa.example.com:8085/ retry=3 connectiontimeout=5 timeout=8 upgrade=websocket ProxyPassReverse http://server4.ipa.example.com:8085/ RequestHeader append X-Forwarded-Prefix "/owntracks-map/ws" RequestHeader append X-Script-Name "/owntracks-map/ws" <span class="nt">&lt;/Location&gt;</span> <span class="nt">&lt;Location</span> <span class="err">"/owntracks-map/"</span><span class="nt">&gt;</span> ProxyPass http://server4.ipa.example.com:8085/ retry=3 connectiontimeout=5 timeout=8 upgrade=websocket ProxyPassReverse http://server4.ipa.example.com:8085/ RequestHeader append X-Forwarded-Prefix "/owntracks-map" RequestHeader append X-Script-Name "/owntracks-map" <span class="nt">&lt;/Location&gt;</span> </pre></div> <p>Please note that this <code>/owntracks-internal</code> is not the path used by the owntracks android clients. It is for the web view of the app with different authentication, and not the per-device auth used by owntracks.</p> <p>And then the directory listing for these frontend paths is as follows.</p> <div class="code"><pre class="code literal-block"><span class="nt">&lt;li&gt;&lt;a</span> <span class="na">href=</span><span class="s">"/owntracks-map/"</span><span class="nt">&gt;</span>/owntracks-map/<span class="nt">&lt;/a&gt;</span> Location tracking (<span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"/owntracks-internal/"</span><span class="nt">&gt;</span>bare app<span class="nt">&lt;/a&gt;</span>)<span class="nt">&lt;/li&gt;</span> </pre></div> <h2>References</h2> <ol> <li>Sticking the frontend behind a virtual path <a href="https://bgstack15.ddns.net/blog/outbound/https:/github.com/owntracks/frontend/blob/main/docs/config.md#apibaseurl">frontend/docs/config.md at main · owntracks/frontend</a></li> <li>Second part of reverse proxy <a href="https://bgstack15.ddns.net/blog/outbound/https:/github.com/owntracks/frontend/blob/main/docs/config.md#routerbasepath">frontend/docs/config.md at main · owntracks/frontend</a></li> </ol>owntracksproxywebhttps://bgstack15.ddns.net/blog/posts/2025/12/29/owntracks-with-reverse-proxy/Mon, 29 Dec 2025 14:07:00 GMTNovel project: Luanti Web Services Proxyhttps://bgstack15.ddns.net/blog/posts/2025/09/20/novel-project-luanti-web-services-proxy/bgstack15<p>I wrote in 10 hours a small project that makes it easy to use multiple instances of <a href="https://bgstack15.ddns.net/blog/outbound/https:/content.luanti.org/">ContentDB</a> and <a href="https://bgstack15.ddns.net/blog/outbound/https:/servers.luanti.org">Serverlist</a> in Luanti. Because the official ContentDB is very picky about what mods are allowed (under the laws where they are hosted, among other reasons), there might be other places to get packages, i.e., games, mods, and texture packs. I'm not aware of any other public ContentDB instances, but my internal network has a private ContentDB instance and I want to use it as well as the public ContentDB.</p> <p>This new project is named <a href="https://bgstack15.ddns.net/blog/cgit/luanti/lwsp">lwsp</a> and runs in docker or else with python3/flask.</p> <p>Use LWSP for ContentDB and Serverlist when you want your Luanti client to easily access multiple ContentDB instances, or multiple Serverlist instances, or both.</p> <p>Because of the way a ContentDB instance enforces mod dependencies to be resolvable within that instance, any dependencies for a package will be resolvable from that one instance only.</p> <p>This is not designed for a general-purpose website to manage multiple ContentDB instances' packages; it is only a shim for Luanti clients to use.</p> <h2>Using LWSP</h2> <h3>Running the proxy server locally</h3> <p>Set up a python3 virtual environment and install any dependencies.</p> <div class="code"><pre class="code literal-block">python3 -m venv ~/venv-cdbp source ~/venv-cdbp pip3 install -r requirements.txt </pre></div> <p>Adjust config.cfg from <a href="https://bgstack15.ddns.net/blog/cgit/luanti/lwsp/tree/config.cfg.example">config.cfg.example</a>. In this file, you can set the default backend servers, for when the client uses "default." You can even force the usage of only these backends (ignoring any that the client might send) in the configuration. You can also configure packages to ignore by tag, author name, or regular expression matching the name or title.</p> <p>Start the development server.</p> <div class="code"><pre class="code literal-block">./start.sh </pre></div> <h3>Running proxy server in docker or docker-compose</h3> <p>See the example <a href="https://bgstack15.ddns.net/blog/cgit/luanti/lwsp/tree/docker-compose.yml">docker-compose.yml</a>.</p> <h3>Configuring Luanti client to use the proxy server</h3> <p>Any mods installed before configuring a client to use the proxy can be upgraded, but at the time of upgrade, the mod's <code>mod.conf</code> field <code>author</code> will be updated with the hostname+protocol as part of the author name. This change will make it harder to disable the usage of the LWSP for <code>contentdb_url</code>, and will require manual updates to each mod.conf before then being able to update them when pointing directly to the canonical ContentDB.</p> <h4>Using multiplexer for ContentDB</h4> <p>Set <code>contentdb_url</code> in <code>minetest.conf</code> to a string similar to the following. The top of the virtual path is a <a href="https://meyerweb.com/eric/tools/dencoder/">url-encoded</a> representation of space-delimited connection strings (protocol, hostname, and optionally port).</p> <div class="code"><pre class="code literal-block">http://localhost:5124/https%3A%2F%2Fcontent.luanti.org%2F+http%3A%2F%2Fvm4%3A5123%2F </pre></div> <p>For example, to list <code>https://content.luanti.org/</code> and <code>http://vm4:5123/</code> you would place this into a url encoder utility.</p> <div class="code"><pre class="code literal-block">https://content.luanti.org/ http://vm4:5123/ </pre></div> <p>Optionally, you can set the list to "default" to use the backends configured by the proxy server, or even just omit the "default" virtual path.</p> <div class="code"><pre class="code literal-block">http://localhost:5124/default/ http://localhost:5124/ </pre></div> <h4>Using multiplexer for Serverlist</h4> <p>Set <code>serverlist_url</code> in <code>minetest.conf</code> to a line formatted in the same way, but with serverlist urls.</p> <div class="code"><pre class="code literal-block">http://localhost:5124/https%3A%2F%2Fservers.luanti.org+http%3A%2F%2Fvm4%3Aserverlist </pre></div> <p>Like contentdb config, you can omit the top virtual directory of the path, and use the default configured in the server.</p> <div class="code"><pre class="code literal-block">http://localhost:5124/ </pre></div> <p><a href="https://bgstack15.ddns.net/blog/2025/scrot-luanti-browsing-content-with-contentdbproxy.png">Screenshot of browsing available packages in Luanti<br><img alt="" src="https://bgstack15.ddns.net/blog/2025/scrot-luanti-browsing-content-with-contentdbproxy.png"></a></p> <h2>Author</h2> <p>bgstack15</p> <h2>Alternatives</h2> <p>None. This is novel on the www.</p> <h2>Further reading</h2> <ol> <li><a href="https://github.com/luanti-org/contentdb/blob/master/docs/luanti_client.md">https://github.com/luanti-org/contentdb/blob/master/docs/luanti_client.md</a></li> </ol>gameluantiproxyhttps://bgstack15.ddns.net/blog/posts/2025/09/20/novel-project-luanti-web-services-proxy/Sat, 20 Sep 2025 12:36:00 GMTUse Apache httpd as a reverse proxy for Minetest Mapserverhttps://bgstack15.ddns.net/blog/posts/2025/05/11/use-apache-httpd-as-a-reverse-proxy-for-minetest-mapserver/bgstack15<p>I use the <a href="https://bgstack15.ddns.net/blog/outbound/https:/github.com/minetest-mapserver/mapserver">Luanti Mapserver</a> project for my various worlds, one instance per world. And because I'm old-school, I'm still rocking <a href="https://bgstack15.ddns.net/blog/outbound/https:/httpd.apache.org/">Apache httpd</a> and still call it httpd like the old Enterprise Linux days and not "apache2" like the Devuanites. And I use httpd as a reverse proxy (for TLS termination, for one thing) for the mapserver.</p> <p>The webpage works without the websocket upgrade, but the mapserver throws a stack trace complaining about the lack of the upgrade token in the Connection header.</p> <blockquote> <p>level=error msg=ws-upgrade err="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"</p> </blockquote> <p>After enough Internet research I found the answer! So here is my snippet for mapserver in my httpd config (inside the virtual host) that makes the magic happen.</p> <div class="code"><pre class="code literal-block"><span class="n">RewriteEngine</span><span class="w"> </span><span class="k">on</span><span class="w"></span> <span class="n">ProxyPreserveHost</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="n">mapserver</span><span class="w"></span> <span class="n">RewriteRule</span><span class="w"> </span><span class="o">^/</span><span class="n">games</span><span class="o">/</span><span class="n">luanti</span><span class="o">/</span><span class="n">world3</span><span class="o">/</span><span class="k">map</span><span class="err">$</span><span class="w"> </span><span class="o">/</span><span class="n">games</span><span class="o">/</span><span class="n">luanti</span><span class="o">/</span><span class="n">world3</span><span class="o">/</span><span class="k">map</span><span class="o">/</span><span class="w"> </span><span class="o">[</span><span class="n">R,L</span><span class="o">]</span><span class="w"></span> <span class="o">&lt;</span><span class="n">Location</span><span class="w"> </span><span class="ss">"/games/luanti/world3/map/"</span><span class="o">&gt;</span><span class="w"></span> <span class="w"> </span><span class="n">ProxyPreserveHost</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="w"> </span><span class="n">ProxyPass</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="nl">server4</span><span class="p">:</span><span class="mi">30011</span><span class="o">/</span><span class="w"> </span><span class="n">retry</span><span class="o">=</span><span class="mi">20</span><span class="w"> </span><span class="n">connectiontimeout</span><span class="o">=</span><span class="mi">300</span><span class="w"> </span><span class="n">timeout</span><span class="o">=</span><span class="mi">300</span><span class="w"> </span><span class="n">upgrade</span><span class="o">=</span><span class="n">websocket</span><span class="w"></span> <span class="w"> </span><span class="n">ProxyPassReverse</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="nl">server4</span><span class="p">:</span><span class="mi">30011</span><span class="o">/</span><span class="w"></span> <span class="w"> </span><span class="n">RequestHeader</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">X</span><span class="o">-</span><span class="n">Script</span><span class="o">-</span><span class="n">Name</span><span class="w"> </span><span class="o">/</span><span class="n">games</span><span class="o">/</span><span class="n">luanti</span><span class="o">/</span><span class="n">world3</span><span class="o">/</span><span class="k">map</span><span class="w"></span> <span class="w"> </span><span class="n">RewriteEngine</span><span class="w"> </span><span class="k">on</span><span class="w"></span> <span class="w"> </span><span class="n">RewriteCond</span><span class="w"> </span><span class="o">%</span><span class="err">{</span><span class="nl">HTTP</span><span class="p">:</span><span class="k">Connection</span><span class="err">}</span><span class="w"> </span><span class="n">Upgrade</span><span class="w"> </span><span class="o">[</span><span class="n">NC</span><span class="o">]</span><span class="w"></span> <span class="w"> </span><span class="n">RewriteCond</span><span class="w"> </span><span class="o">%</span><span class="err">{</span><span class="nl">HTTP</span><span class="p">:</span><span class="n">Upgrade</span><span class="err">}</span><span class="w"> </span><span class="n">websocket</span><span class="w"> </span><span class="o">[</span><span class="n">NC</span><span class="o">]</span><span class="w"></span> <span class="w"> </span><span class="n">RewriteRule</span><span class="w"> </span><span class="o">/</span><span class="p">(.</span><span class="o">*</span><span class="p">)</span><span class="w"> </span><span class="nl">ws</span><span class="p">:</span><span class="o">//</span><span class="nl">server4</span><span class="p">:</span><span class="mi">30011</span><span class="o">/</span><span class="err">$</span><span class="mi">1</span><span class="w"> </span><span class="o">[</span><span class="n">P,L</span><span class="o">]</span><span class="w"></span> <span class="o">&lt;/</span><span class="n">Location</span><span class="o">&gt;</span><span class="w"></span> </pre></div> <p>Because not the whole world uses that new-fangled nginx.</p> <h2>References</h2> <p>The secret sauce came from <a href="https://bgstack15.ddns.net/blog/outbound/https:/stackoverflow.com/questions/60475454/apache2-cant-set-headers-connection-and-upgrade/60475533#60475533">apache - Apache2 can't set headers "Connection" and "Upgrade" - Stack Overflow</a></p>apachegamehttpdproxyhttps://bgstack15.ddns.net/blog/posts/2025/05/11/use-apache-httpd-as-a-reverse-proxy-for-minetest-mapserver/Sun, 11 May 2025 12:42:00 GMTFirefox proxy noteshttps://bgstack15.ddns.net/blog/posts/2023/12/05/firefox-proxy-notes/bgstack15<h2>Run SOCKS proxy</h2> <p>I normally use Firefox with a SOCKS proxy, which I run with:</p> <div class="code"><pre class="code literal-block">ssh -D 8880 <span class="cp">${</span><span class="n">USER</span><span class="cp">}</span>@proxyserver -n -f -N </pre></div> <h2>Configure firefox proxy</h2> <p>Visit <code>about:preferences</code>, search proxy (tab General -&gt; heading Network Settings -&gt; button Settings...), and choose <code>Manual proxy configuration</code>.</p> <ul> <li>SOCKS host: localhost, port 8880</li> </ul> <p>My <code>No proxy for</code> box includes:</p> <div class="code"><pre class="code literal-block"><span class="mf">192.168.1.0</span><span class="o">/</span><span class="mf">24</span><span class="p">,</span><span class="w"> </span><span class="mf">10.35.0.0</span><span class="o">/</span><span class="mf">16</span><span class="p">,</span><span class="w"> </span><span class="n">server1</span><span class="p">,</span><span class="w"> </span><span class="n">server4</span><span class="p">,</span><span class="w"> </span><span class="n">server1</span><span class="p">,</span><span class="w"> </span><span class="n">server2</span><span class="p">,</span><span class="w"> </span><span class="n">server3</span><span class="p">,</span><span class="w"> </span><span class="n">server3</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="mf">.</span><span class="n">ipa</span><span class="mf">.</span><span class="n">example</span><span class="mf">.</span><span class="n">com</span><span class="w"></span> </pre></div> <h2>Firefox extension to make it easier</h2> <p>If I want to use an extension that adds the setting to the toolbar, I use <a href="https://bgstack15.ddns.net/blog/outbound/https:/addons.mozilla.org/en-US/firefox/addon/simple-proxy-toggle/">Simple Proxy Toggle – Get this Extension for Firefox (en-US)</a> by Strega. It doesn't manage its own settings; it merely lets you switch easily between the high-level Firefox settings.</p> <p>I had to temporarily modify my chrome/userChrome.css file to the following:</p> <div class="code"><pre class="code literal-block"><span class="c1">#unified-extensions-button, #unified-extensions-button &gt; .toolbarbutton-icon{</span><span class="w"></span> <span class="n">width</span><span class="p">:</span><span class="w"> </span><span class="mi">60</span><span class="n">px</span><span class="w"> </span><span class="o">!</span><span class="n">important</span><span class="p">;</span><span class="w"></span> <span class="n">padding</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="n">px</span><span class="w"> </span><span class="o">!</span><span class="n">important</span><span class="p">;</span><span class="w"></span> <span class="p">}</span><span class="w"></span> </pre></div> <p>So that that annoying puzzle piece button would appear, so I could then right-click the extension icon and make it apepar on the toolbar.</p> <h2>References</h2> <h3>Weblinks</h3> <ol> <li><a href="https://bgstack15.ddns.net/blog/outbound/https:/addons.mozilla.org/en-US/firefox/addon/simple-proxy-toggle/">Simple Proxy Toggle – Get this Extension for Firefox (en-US)</a></li> </ol> <h3>My blog</h3> <ol> <li><a href="https://bgstack15.ddns.net/blog/posts/2023/03/01/socks-proxy-command/">socks-proxy-command</a></li> <li><a href="https://bgstack15.ddns.net/blog/posts/2023/04/10/firefox-111.0-fix-puzzle-piece-in-toolbar/">firefox-111.0-fix-puzzle-piece-in-toolbar</a></li> </ol> <h3>Internal</h3> <ol> <li>file:///mnt/public/Support/Programs/Browsers/firefox-proxy-notes.md</li> </ol>configextensionsfirefoxproxyhttps://bgstack15.ddns.net/blog/posts/2023/12/05/firefox-proxy-notes/Tue, 05 Dec 2023 13:35:32 GMTNewspipe support for reverse proxyhttps://bgstack15.ddns.net/blog/posts/2023/09/04/newspipe-support-for-reverse-proxy/bgstack15<p>I submitted this patch <a href="https://bgstack15.ddns.net/blog/outbound/https:/lists.sr.ht/~cedric/newspipe/%3CCABSMGamXhBxjER1gCu6CZ+9OVViBw76uLk-Bm-OV5P7K1x6tcA%40mail.gmail.com%3E">upstream</a>.</p> <p>I added a new option in the config, named <code>prefix</code>. If you set this, all the internal urls will add it. We use a <a href="https://bgstack15.ddns.net/blog/outbound/https:/wlog.viltstigen.se/articles/2021/09/13/flask-application-behind-a-reverse-proxy/">ReverseProxy</a> trick to add the prefix. This solves the generated urls, but for the hardcoded urls built throughout the jinja2 templates, I had to just manually update those. We use a <a href="https://bgstack15.ddns.net/blog/outbound/https:/stackoverflow.com/questions/60990119/how-to-use-a-python3-custom-function-within-a-template-file-of-flask/60990564#60990564">neat trick</a> to add a custom function to the template-parsing context which we can use to get the prefix (which safely returns the empty string if we had not set it, because we initialize the variable as empty).</p> <p>Most of the lines of this patch are just adjusting all the templates to add the function call to <code>{{</code> <code>prefix()</code> <code>}}</code></p> <div class="code"><pre class="code literal-block"><span class="gh">diff --git a/instance/config.py b/instance/config.py</span><span class="w"></span> <span class="gh">index 42e624c..af7617a 100644</span><span class="w"></span> <span class="gd">--- a/instance/config.py</span><span class="w"></span> <span class="gi">+++ b/instance/config.py</span><span class="w"></span> <span class="gu">@@ -10,6 +10,9 @@ PORT = 5000</span><span class="w"></span> <span class="w"> </span>DEBUG = True<span class="w"></span> <span class="w"> </span>API_ROOT = "/api/v2.0"<span class="w"></span> <span class="gi">+# Optional, and useful if you are using a reverse proxy with this virtual path prefix</span><span class="w"></span> <span class="gi">+#PREFIX = "/newspipe"</span><span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="w"> </span>CSRF_ENABLED = True<span class="w"></span> <span class="w"> </span>SECRET_KEY = "LCx3BchmHRxFzkEv4BqQJyeXRLXenf"<span class="w"></span> <span class="w"> </span>SECURITY_PASSWORD_SALT = "L8gTsyrpRQEF8jNWQPyvRfv7U5kJkD"<span class="w"></span> <span class="gh">diff --git a/instance/sqlite.py b/instance/sqlite.py</span><span class="w"></span> <span class="gh">index 1f8d620..c6eaa46 100644</span><span class="w"></span> <span class="gd">--- a/instance/sqlite.py</span><span class="w"></span> <span class="gi">+++ b/instance/sqlite.py</span><span class="w"></span> <span class="gu">@@ -10,6 +10,9 @@ PORT = 5000</span><span class="w"></span> <span class="w"> </span>DEBUG = True<span class="w"></span> <span class="w"> </span>API_ROOT = "/api/v2.0"<span class="w"></span> <span class="gi">+# Optional, and useful if you are using a reverse proxy with this virtual path prefix</span><span class="w"></span> <span class="gi">+#PREFIX = "/newspipe"</span><span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="w"> </span>CSRF_ENABLED = True<span class="w"></span> <span class="w"> </span>SECRET_KEY = "LCx3BchmHRxFzkEv4BqQJyeXRLXenf"<span class="w"></span> <span class="w"> </span>SECURITY_PASSWORD_SALT = "L8gTsyrpRQEF8jNWQPyvRfv7U5kJkD"<span class="w"></span> <span class="gh">diff --git a/newspipe/bootstrap.py b/newspipe/bootstrap.py</span><span class="w"></span> <span class="gh">index 1204491..1c5c967 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/bootstrap.py</span><span class="w"></span> <span class="gi">+++ b/newspipe/bootstrap.py</span><span class="w"></span> <span class="gu">@@ -44,6 +44,14 @@ def set_logging(</span><span class="w"></span> <span class="w"> </span> handler.setLevel(log_level)<span class="w"></span> <span class="w"> </span> logger.setLevel(log_level)<span class="w"></span> <span class="gi">+class ReverseProxied(object):</span><span class="w"></span> <span class="gi">+ def __init__(self, app, script_name):</span><span class="w"></span> <span class="gi">+ self.app = app</span><span class="w"></span> <span class="gi">+ self.script_name = script_name</span><span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="gi">+ def __call__(self, environ, start_response):</span><span class="w"></span> <span class="gi">+ environ['SCRIPT_NAME'] = self.script_name</span><span class="w"></span> <span class="gi">+ return self.app(environ, start_response)</span><span class="w"></span> <span class="w"> </span># Create Flask application<span class="w"></span> <span class="w"> </span>application = Flask(__name__, instance_relative_config=True)<span class="w"></span> <span class="gu">@@ -63,6 +71,11 @@ else:</span><span class="w"></span> <span class="w"> </span>set_logging(application.config["LOG_PATH"])<span class="w"></span> <span class="gi">+_prefix = ""</span><span class="w"></span> <span class="gi">+if "PREFIX" in application.config:</span><span class="w"></span> <span class="gi">+ application.wsgi_app = ReverseProxied(application.wsgi_app, script_name=application.config["PREFIX"])</span><span class="w"></span> <span class="gi">+ _prefix = application.config["PREFIX"]</span><span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="w"> </span>db = SQLAlchemy(application)<span class="w"></span> <span class="w"> </span>migrate = Migrate(application, db)<span class="w"></span> <span class="gu">@@ -100,3 +113,9 @@ application.jinja_env.filters["datetime"] = format_datetime</span><span class="w"></span> <span class="w"> </span>application.jinja_env.filters["datetimeformat"] = datetimeformat<span class="w"></span> <span class="w"> </span># inject application in Jinja env<span class="w"></span> <span class="w"> </span>application.jinja_env.globals["application"] = application<span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="gi">+@application.context_processor</span><span class="w"></span> <span class="gi">+def utility_processor():</span><span class="w"></span> <span class="gi">+ def prefix():</span><span class="w"></span> <span class="gi">+ return _prefix.rstrip("/")</span><span class="w"></span> <span class="gi">+ return dict(prefix=prefix)</span><span class="w"></span> <span class="gh">diff --git a/newspipe/controllers/user.py b/newspipe/controllers/user.py</span><span class="w"></span> <span class="gh">index 00ffb96..d2c5bc0 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/controllers/user.py</span><span class="w"></span> <span class="gi">+++ b/newspipe/controllers/user.py</span><span class="w"></span> <span class="gu">@@ -138,7 +138,7 @@ class LdapuserController:</span><span class="w"></span> <span class="w"> </span> namelist = []<span class="w"></span> <span class="w"> </span> try:<span class="w"></span> <span class="w"> </span> query = dns.resolver.query(f"_ldap._tcp.{domain}", "SRV")<span class="w"></span> <span class="gd">- except dns.resolver.NXDOMAIN:</span><span class="w"></span> <span class="gi">+ except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):</span><span class="w"></span> <span class="w"> </span> # no records exist that match the request, so we were probably<span class="w"></span> <span class="w"> </span> # given a specific hostname, and an empty query will trigger<span class="w"></span> <span class="w"> </span> # the logic below that will add the original domain to the list.<span class="w"></span> <span class="gh">diff --git a/newspipe/static/js/articles.js b/newspipe/static/js/articles.js</span><span class="w"></span> <span class="gh">index f1cee6e..29ebac2 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/static/js/articles.js</span><span class="w"></span> <span class="gi">+++ b/newspipe/static/js/articles.js</span><span class="w"></span> <span class="gu">@@ -86,7 +86,7 @@ Array.prototype.map.call(nodes, function(node) {</span><span class="w"></span> <span class="w"> </span> }<span class="w"></span> <span class="w"> </span> // sends the updates to the server<span class="w"></span> <span class="gd">- fetch(API_ROOT + "article/" + article_id, {</span><span class="w"></span> <span class="gi">+ fetch(prefix + API_ROOT + "article/" + article_id, {</span><span class="w"></span> <span class="w"> </span> method: "PUT",<span class="w"></span> <span class="w"> </span> headers: {<span class="w"></span> <span class="w"> </span> 'Content-Type': 'application/json',<span class="w"></span> <span class="gu">@@ -157,7 +157,7 @@ Array.prototype.map.call(nodes, function(node) {</span><span class="w"></span> <span class="w"> </span> }<span class="w"></span> <span class="w"> </span> // sends the updates to the server<span class="w"></span> <span class="gd">- fetch(API_ROOT + "article/" + article_id, {</span><span class="w"></span> <span class="gi">+ fetch(prefix + API_ROOT + "article/" + article_id, {</span><span class="w"></span> <span class="w"> </span> method: "PUT",<span class="w"></span> <span class="w"> </span> headers: {<span class="w"></span> <span class="w"> </span> 'Content-Type': 'application/json',<span class="w"></span> <span class="gu">@@ -189,7 +189,7 @@ Array.prototype.map.call(nodes, function(node) {</span><span class="w"></span> <span class="w"> </span> data = JSON.stringify(data);<span class="w"></span> <span class="w"> </span> // sends the updates to the server<span class="w"></span> <span class="gd">- fetch(API_ROOT + "articles", {</span><span class="w"></span> <span class="gi">+ fetch(prefix + API_ROOT + "articles", {</span><span class="w"></span> <span class="w"> </span> method: "DELETE",<span class="w"></span> <span class="w"> </span> headers: {<span class="w"></span> <span class="w"> </span> 'Content-Type': 'application/json',<span class="w"></span> <span class="gh">diff --git a/newspipe/static/js/config.js b/newspipe/static/js/config.js</span><span class="w"></span> <span class="w">new file mode 100644</span> <span class="gh">index 0000000..7fad438</span><span class="w"></span> <span class="gd">--- /dev/null</span><span class="w"></span> <span class="gi">+++ b/newspipe/static/js/config.js</span><span class="w"></span> <span class="gu">@@ -0,0 +1,7 @@</span><span class="w"></span> <span class="gi">+/*</span><span class="w"></span> <span class="gi">+ * Set variables here for the javascript used by newspipe.</span><span class="w"></span> <span class="gi">+ */</span><span class="w"></span> <span class="gi">+var prefix = "/newspipe";</span><span class="w"></span> <span class="gi">+</span><span class="w"></span> <span class="gi">+/* Set exactly one trailing slash on prefix. */</span><span class="w"></span> <span class="gi">+prefix = prefix.replace(/\/+$/,"/");</span><span class="w"></span> <span class="gh">diff --git a/newspipe/templates/article.html b/newspipe/templates/article.html</span><span class="w"></span> <span class="gh">index c62e3f0..d9cf9a6 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/article.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/article.html</span><span class="w"></span> <span class="gu">@@ -4,7 +4,7 @@</span><span class="w"></span> <span class="w"> </span> &lt;div class="row" data-article="{{ article.id }}" id="filters" data-filter="{{ filter_ }}"&gt;<span class="w"></span> <span class="w"> </span> &lt;div class="col"&gt;<span class="w"></span> <span class="w"> </span> &lt;h2&gt;&lt;a href="{{ article.link }}" target="_blank"&gt;{{ article.title|safe }}&lt;/a&gt;&lt;/h2&gt;<span class="w"></span> <span class="gd">- &lt;h3&gt;{{ _('from') }} &lt;a href="/feed/{{ article.source.id }}"&gt;{{ article.source.title }}&lt;/a&gt;&lt;/h3&gt;</span><span class="w"></span> <span class="gi">+ &lt;h3&gt;{{ _('from') }} &lt;a href="{{ prefix() }}/feed/{{ article.source.id }}"&gt;{{ article.source.title }}&lt;/a&gt;&lt;/h3&gt;</span><span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for("article.delete", article_id=article.id) }}"&gt;&lt;i class="fa fa-times delete" aria-hidden="true" title="{{ _('Delete this article') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> {% if article.like %}<span class="w"></span> <span class="w"> </span> &lt;a href="#"&gt;&lt;i class="fa fa-star like" aria-hidden="true" title="{{ _('One of your favorites') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/duplicates.html b/newspipe/templates/duplicates.html</span><span class="w"></span> <span class="gh">index 38dc52b..d138226 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/duplicates.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/duplicates.html</span><span class="w"></span> <span class="gu">@@ -1,7 +1,7 @@</span><span class="w"></span> <span class="w"> </span>{% extends "layout.html" %}<span class="w"></span> <span class="w"> </span>{% block content %}<span class="w"></span> <span class="w"> </span>&lt;div class="container"&gt;<span class="w"></span> <span class="gd">- &lt;p&gt;&lt;h1&gt;{{ _('Duplicates in the feed') }} &lt;a href="/feed/{{ feed.id }}"&gt;{{ feed.title }}&lt;/a&gt;.&lt;/h1&gt;&lt;p&gt;</span><span class="w"></span> <span class="gi">+ &lt;p&gt;&lt;h1&gt;{{ _('Duplicates in the feed') }} &lt;a href="{{ prefix() }}/feed/{{ feed.id }}"&gt;{{ feed.title }}&lt;/a&gt;.&lt;/h1&gt;&lt;p&gt;</span><span class="w"></span> <span class="w"> </span> &lt;div class="table-responsive"&gt;<span class="w"></span> <span class="w"> </span> &lt;table class="table table-striped"&gt;<span class="w"></span> <span class="w"> </span> &lt;thead&gt;<span class="w"></span> <span class="gu">@@ -19,8 +19,8 @@</span><span class="w"></span> <span class="w"> </span> {% for pair in duplicates %}<span class="w"></span> <span class="w"> </span> &lt;tr&gt;<span class="w"></span> <span class="w"> </span> &lt;td&gt;{{ loop.index }}&lt;/td&gt;<span class="w"></span> <span class="gd">- &lt;td id="{{ pair[0].id }}"&gt;&lt;a href="{{ url_for("article.delete", article_id=pair[0].id) }}"&gt;&lt;i class="fa fa-times" aria-hidden="true" title="{{ _('Delete this article') }}"&gt;&lt;/i&gt;&lt;/a&gt;&amp;nbsp;&lt;a href="/article/{{ pair[0].id }}"&gt;{{ pair[0].title }}&lt;/a&gt; ({{ pair[0].retrieved_date }})&lt;/td&gt;</span><span class="w"></span> <span class="gd">- &lt;td id="{{ pair[1].id }}"&gt;&lt;a href="{{ url_for("article.delete", article_id=pair[1].id) }}"&gt;&lt;i class="fa fa-times" aria-hidden="true" title="{{ _('Delete this article') }}"&gt;&lt;/i&gt;&lt;/a&gt;&amp;nbsp;&lt;a href="/article/{{ pair[1].id }}"&gt;{{ pair[1].title }}&lt;/a&gt; ({{ pair[1].retrieved_date }})&lt;/td&gt;</span><span class="w"></span> <span class="gi">+ &lt;td id="{{ pair[0].id }}"&gt;&lt;a href="{{ url_for("article.delete", article_id=pair[0].id) }}"&gt;&lt;i class="fa fa-times" aria-hidden="true" title="{{ _('Delete this article') }}"&gt;&lt;/i&gt;&lt;/a&gt;&amp;nbsp;&lt;a href="{{ prefix() }}/article/{{ pair[0].id }}"&gt;{{ pair[0].title }}&lt;/a&gt; ({{ pair[0].retrieved_date }})&lt;/td&gt;</span><span class="w"></span> <span class="gi">+ &lt;td id="{{ pair[1].id }}"&gt;&lt;a href="{{ url_for("article.delete", article_id=pair[1].id) }}"&gt;&lt;i class="fa fa-times" aria-hidden="true" title="{{ _('Delete this article') }}"&gt;&lt;/i&gt;&lt;/a&gt;&amp;nbsp;&lt;a href="{{ prefix() }}/article/{{ pair[1].id }}"&gt;{{ pair[1].title }}&lt;/a&gt; ({{ pair[1].retrieved_date }})&lt;/td&gt;</span><span class="w"></span> <span class="w"> </span> &lt;/tr&gt;<span class="w"></span> <span class="w"> </span> {% endfor %}<span class="w"></span> <span class="w"> </span> &lt;/tbody&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/history.html b/newspipe/templates/history.html</span><span class="w"></span> <span class="gh">index 153c2f1..00e22ef 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/history.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/history.html</span><span class="w"></span> <span class="gu">@@ -43,7 +43,7 @@</span><span class="w"></span> <span class="w"> </span> &lt;ul class="list-group"&gt;<span class="w"></span> <span class="w"> </span> {% for date in articles_counter | sort(reverse = True) %}<span class="w"></span> <span class="w"> </span> {% for article in articles %}<span class="w"></span> <span class="gd">- &lt;li class="list-group-item"&gt;{{ article.date | datetime }} - &lt;a href="/article/{{ article.id }}"&gt;{{ article.title | safe }}&lt;/a&gt;&lt;/li&gt;</span><span class="w"></span> <span class="gi">+ &lt;li class="list-group-item"&gt;{{ article.date | datetime }} - &lt;a href="{{ prefix() }}/article/{{ article.id }}"&gt;{{ article.title | safe }}&lt;/a&gt;&lt;/li&gt;</span><span class="w"></span> <span class="w"> </span> {% endfor %}<span class="w"></span> <span class="w"> </span> {% endfor %}<span class="w"></span> <span class="w"> </span> &lt;/ul&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/home.html b/newspipe/templates/home.html</span><span class="w"></span> <span class="gh">index 631b769..5feb18d 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/home.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/home.html</span><span class="w"></span> <span class="gu">@@ -42,7 +42,7 @@</span><span class="w"></span> <span class="w"> </span> {% if feed_id == feed.id %}&lt;/b&gt;{% endif %}<span class="w"></span> <span class="w"> </span> &lt;/a&gt;&lt;/li&gt;<span class="w"></span> <span class="w"> </span> &lt;li class="nav-item feed-commands {% if in_error.get(fid, 0) &gt; 0 %}d-none{% endif %}" data-bs-feed="{{ feed.id }}"&gt;&lt;span class="nav-link"&gt;<span class="w"></span> <span class="gd">- &lt;a href="/feed/{{ feed.id }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a href="{{ prefix() }}/feed/{{ feed.id }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('feed.form', feed_id=feed.id) }}"&gt;&lt;i class="fa fa-pencil-square-o" aria-hidden="true" title="{{ _('Edit this feed') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='unread', feed_id=feed.id) }}"&gt;&lt;i class="fa fa-square-o" aria-hidden="true" title="{{ _('Mark this feed as unread') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='read', feed_id=feed.id) }}"&gt;&lt;i class="fa fa-check-square-o" aria-hidden="true" title="{{ _('Mark this feed as read') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="gu">@@ -73,7 +73,7 @@</span><span class="w"></span> <span class="w"> </span> {% if feed_id == fid %}&lt;/b&gt;{% endif %}<span class="w"></span> <span class="w"> </span> &lt;/a&gt;&lt;/li&gt;<span class="w"></span> <span class="w"> </span> &lt;li class="nav-item feed-commands {% if in_error.get(fid, 0) &gt; 0 %}d-none{% endif %}" data-bs-feed="{{ fid }}"&gt;&lt;span class="nav-link"&gt;<span class="w"></span> <span class="gd">- &lt;a href="/feed/{{ fid }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a href="{{ prefix() }}/feed/{{ fid }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('feed.form', feed_id=fid) }}"&gt;&lt;i class="fa fa-pencil-square-o" aria-hidden="true" title="{{ _('Edit this feed') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='unread', feed_id=fid) }}"&gt;&lt;i class="fa fa-square-o" aria-hidden="true" title="{{ _('Mark this feed as unread') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='read', feed_id=fid) }}"&gt;&lt;i class="fa fa-check-square-o" aria-hidden="true" title="{{ _('Mark this feed as read') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="gu">@@ -102,7 +102,7 @@</span><span class="w"></span> <span class="w"> </span> {% if feed_id == fid %}&lt;/b&gt;{% endif %}<span class="w"></span> <span class="w"> </span> &lt;/a&gt;&lt;/li&gt;<span class="w"></span> <span class="w"> </span> &lt;li class="nav-item feed-commands {% if in_error.get(fid, 0) &gt; 0 %}d-none{% endif %}" data-bs-feed="{{ fid }}"&gt;&lt;span class="nav-link"&gt;<span class="w"></span> <span class="gd">- &lt;a href="/feed/{{ fid }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a href="{{ prefix() }}/feed/{{ fid }}"&gt;&lt;i class="fa fa-info" aria-hidden="true" title="{{ _('Details') }}"&gt;&lt;/i&gt;&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('feed.form', feed_id=fid) }}"&gt;&lt;i class="fa fa-pencil-square-o" aria-hidden="true" title="{{ _('Edit this feed') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='unread', feed_id=fid) }}"&gt;&lt;i class="fa fa-square-o" aria-hidden="true" title="{{ _('Mark this feed as unread') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for('article.mark_as', new_value='read', feed_id=fid) }}"&gt;&lt;i class="fa fa-check-square-o" aria-hidden="true" title="{{ _('Mark this feed as read') }}"&gt;&lt;/i&gt;&lt;/a&gt;<span class="w"></span> <span class="gu">@@ -174,11 +174,11 @@</span><span class="w"></span> <span class="w"> </span> {% if not feed_id %}<span class="w"></span> <span class="w"> </span> &lt;td class="d-none d-md-block"&gt;<span class="w"></span> <span class="w"> </span> &lt;img src="{{ url_for('icon.icon', url=feeds[article.source.id].icon_url) }}" width="16px"&gt;<span class="w"></span> <span class="gd">- &lt;a href="/article/redirect/{{ article.id}}" target="_blank"&gt;{{ article.source.title | safe }}&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a href="{{ prefix() }}/article/redirect/{{ article.id}}" target="_blank"&gt;{{ article.source.title | safe }}&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;/td&gt;<span class="w"></span> <span class="w"> </span> {% endif %}<span class="w"></span> <span class="w"> </span> &lt;td {%if filter_ == 'all' and article.readed == False %}style='font-weight:bold'{% endif %}&gt;<span class="w"></span> <span class="gd">- &lt;a href="/article/{{ article.id }}" title="{{ article.title }}"&gt;{{ article.title | truncate(100, False, '...') }}&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a href="{{ prefix() }}/article/{{ article.id }}" title="{{ article.title }}"&gt;{{ article.title | truncate(100, False, '...') }}&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;/td&gt;<span class="w"></span> <span class="w"> </span> &lt;td class="date d-none d-lg-block"&gt;{{ article.date | datetime(format='short') }}&lt;/td&gt;<span class="w"></span> <span class="w"> </span> &lt;/tr&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/layout.html b/newspipe/templates/layout.html</span><span class="w"></span> <span class="gh">index 2464040..466ff4e 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/layout.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/layout.html</span><span class="w"></span> <span class="gu">@@ -21,7 +21,7 @@</span><span class="w"></span> <span class="w"> </span> {% block menu %}<span class="w"></span> <span class="w"> </span> &lt;nav class="navbar navbar-expand-lg navbar-dark bg-newspipe-blue"&gt;<span class="w"></span> <span class="w"> </span> &lt;div class="container-fluid"&gt;<span class="w"></span> <span class="gd">- &lt;a class="navbar-brand" href="/"&gt;Newspipe&lt;/a&gt;</span><span class="w"></span> <span class="gi">+ &lt;a class="navbar-brand" href="{{ prefix() }}/"&gt;Newspipe&lt;/a&gt;</span><span class="w"></span> <span class="w"> </span> &lt;button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"&gt;<span class="w"></span> <span class="w"> </span> &lt;span class="navbar-toggler-icon"&gt;&lt;/span&gt;<span class="w"></span> <span class="w"> </span> &lt;/button&gt;<span class="w"></span> <span class="gu">@@ -150,6 +150,7 @@</span><span class="w"></span> <span class="w"> </span> {% block content %}{% endblock %}<span class="w"></span> <span class="w"> </span> &lt;!-- Placed at the end of the document so the pages load faster --&gt;<span class="w"></span> <span class="gi">+ &lt;script type="text/javascript" src="{{ url_for('static', filename = 'js/config.js') }}"&gt;&lt;/script&gt;</span><span class="w"></span> <span class="w"> </span> &lt;script type="text/javascript" src="{{ url_for('static', filename = 'js/articles.js') }}"&gt;&lt;/script&gt;<span class="w"></span> <span class="w"> </span> &lt;script type="text/javascript" src="{{ url_for('static', filename = 'js/feed.js') }}"&gt;&lt;/script&gt;<span class="w"></span> <span class="w"> </span> &lt;/body&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/login.html b/newspipe/templates/login.html</span><span class="w"></span> <span class="gh">index b995230..78af3c4 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/login.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/login.html</span><span class="w"></span> <span class="gu">@@ -19,7 +19,7 @@</span><span class="w"></span> <span class="w"> </span> &lt;div class="alert alert-warning" role="alert"&gt;{{ message }}&lt;/div&gt;<span class="w"></span> <span class="w"> </span> {% endfor %}<span class="w"></span> <span class="w"> </span> {{ form.submit(class_="btn btn-primary") }}<span class="w"></span> <span class="gd">- {% if self_registration %}&lt;a href="/signup" class="btn btn-info"&gt;{{ _('Sign up') }}&lt;/a&gt;{% endif %}</span><span class="w"></span> <span class="gi">+ {% if self_registration %}&lt;a href="{{ prefix() }}/signup" class="btn btn-info"&gt;{{ _('Sign up') }}&lt;/a&gt;{% endif %}</span><span class="w"></span> <span class="w"> </span> &lt;/form&gt;<span class="w"></span> <span class="w"> </span> &lt;/div&gt;<span class="w"></span> <span class="w"> </span> &lt;/div&gt;<span class="w"></span> <span class="gh">diff --git a/newspipe/templates/management.html b/newspipe/templates/management.html</span><span class="w"></span> <span class="gh">index 4e977f8..19dbded 100644</span><span class="w"></span> <span class="gd">--- a/newspipe/templates/management.html</span><span class="w"></span> <span class="gi">+++ b/newspipe/templates/management.html</span><span class="w"></span> <span class="gu">@@ -6,7 +6,7 @@</span><span class="w"></span> <span class="w"> </span> &lt;div class="row"&gt;<span class="w"></span> <span class="w"> </span> &lt;div class="col"&gt;<span class="w"></span> <span class="w"> </span> &lt;h2&gt;{{ _('Your subscriptions') }}&lt;/h2&gt;<span class="w"></span> <span class="gd">- &lt;p&gt;{{ _('You are subscribed to') }} {{ nb_feeds }} &lt;a href="/feeds"&gt;{{ _('feeds') }}&lt;/a&gt;. &lt;a href="{{ url_for("feed.form") }}"&gt;{{ _('Add') }}&lt;/a&gt; {{ _('a feed') }}.&lt;/p&gt;</span><span class="w"></span> <span class="gi">+ &lt;p&gt;{{ _('You are subscribed to') }} {{ nb_feeds }} &lt;a href="{{ prefix() }}/feeds"&gt;{{ _('feeds') }}&lt;/a&gt;. &lt;a href="{{ url_for("feed.form") }}"&gt;{{ _('Add') }}&lt;/a&gt; {{ _('a feed') }}.&lt;/p&gt;</span><span class="w"></span> <span class="w"> </span> &lt;p&gt;{{ nb_articles }} {{ _('articles are stored in the database with') }} {{ nb_unread_articles }} {{ _('unread articles') }}.&lt;/p&gt;<span class="w"></span> <span class="w"> </span> &lt;p&gt;{{ _('You have') }} {{ nb_categories }} &lt;a href="{{ url_for("categories.list_")}}"&gt;{{ _('categories') }}&lt;/a&gt;.&lt;/p&gt;<span class="w"></span> <span class="w"> </span> &lt;a href="{{ url_for("articles.expire", weeks=10) }}" class="btn btn-primary" onclick="return confirm('{{ _('You are going to delete old articles.') }}');"&gt;{{ _('Delete articles older than 10 weeks') }}&lt;/a&gt;<span class="w"></span> </pre></div>flasknewspipeproxyhttps://bgstack15.ddns.net/blog/posts/2023/09/04/newspipe-support-for-reverse-proxy/Tue, 05 Sep 2023 02:30:40 GMTComing soon to newspipe: reverse proxy supporthttps://bgstack15.ddns.net/blog/posts/2023/08/31/coming-soon-to-newspipe-reverse-proxy-support/bgstack15<p>I have taken it upon myself to add reverse-proxy with prefix support to my <a href="https://bgstack15.ddns.net/blog/posts/2023/06/25/newspipe-docker-image/">docker image for newspipe</a>.</p> <p>So far I have written some basic parts such as a config option for specifying the expected prefix. See the commits in both the <a href="https://bgstack15.ddns.net/blog/cgit/newspipe/log/?h=reverse-proxy">newspipe</a> and <a href="https://bgstack15.ddns.net/blog/cgit/newspipe-docker/log/?h=reverse-proxy">newspipe-docker</a> repos.</p> <p>What I haven't done yet is update the <code>url_for</code> function to also add the prefix to the generated urls for most links in the app. Once I do that, I'll send a pull request to <a href="https://bgstack15.ddns.net/blog/outbound/https:/lists.sr.ht/~cedric/newspipe">upstream</a>.</p> <h2>References</h2> <h3>Weblinks</h3> <ol> <li><a href="https://bgstack15.ddns.net/blog/outbound/https:/wlog.viltstigen.se/articles/2021/09/13/flask-application-behind-a-reverse-proxy/">Flask application behind a reverse proxy - Wolfblog</a></li> <li><a href="https://bgstack15.ddns.net/blog/outbound/https:/dlukes.github.io/flask-wsgi-url-prefix.html">How to mount a Flask app under a URL prefix (or really, any WSGI app) - Little Umbrellas</a></li> <li><a href="https://bgstack15.ddns.net/blog/outbound/https:/radicale.org/v3.html#reverse-proxy">Radicale v3 Documentation</a></li> </ol> <h3>My previous related work</h3> <ol> <li><a href="https://bgstack15.ddns.net/blog/cgit/fifconfig/tree/fifconfig.py">automatically detect X-Forwarded-Prefix</a></li> <li><a href="https://bgstack15.ddns.net/blog/cgit/stackbin/tree/stackbin.py">Set the configured prefix with a custom endpoint</a></li> </ol>flasknewspipeproxyhttps://bgstack15.ddns.net/blog/posts/2023/08/31/coming-soon-to-newspipe-reverse-proxy-support/Thu, 31 Aug 2023 12:47:51 GMTdisabling webrtc temporarilyhttps://bgstack15.ddns.net/blog/posts/2023/03/17/disabling-webrtc-temporarily/bgstack15<p>To facilitate a proxy setting to prevent IP address leakage, disable WebRTC with <code>about:config</code> setting:</p> <div class="code"><pre class="code literal-block">media.peerconnection.enabled = false </pre></div> <p>You can check with <a href="https://bgstack15.ddns.net/blog/outbound/https:/whoer.net/">https://whoer.net</a></p>browserproxywebwebrtchttps://bgstack15.ddns.net/blog/posts/2023/03/17/disabling-webrtc-temporarily/Fri, 17 Mar 2023 12:43:42 GMTImproving radicale kerberos authhttps://bgstack15.ddns.net/blog/posts/2023/03/13/improving-radicale-kerberos-auth/bgstack15<p>My current setup for <a href="https://bgstack15.ddns.net/blog/outbound/https:/radicale.org/">Radicale</a> and <a href="https://bgstack15.ddns.net/blog/cgit/radicaleinfcloud/">Infcloud</a> for my web interface to my calendars depends on ldap authentication at the reverse-proxy level.</p> <p>I hacked the frontend in my branch of infcloud to use the browser localStorage javascript/devtools feature so I don't have to enter my username and password every time. Yes, it's insecure, and yes, I don't care.</p> <p>Using my web calendar works very well. However, when I go to download an event (usually to email it to someone to invite them), I get prompted with the browser basic auth prompt. So I got tired of having to do that, at least the first time in every session, and I wanted to find a better way. I use kerberos (gssapi) authentication in other places on my web server, and I wanted to bring that here.</p> <p>So I spent a bunch of time experimenting, and I learned that I didn't need to change the infcloud or radicale apps at all! Configuration of the apache httpd reverse proxy, and also my radicale rights file was all I needed.</p> <h2>Changes to apache httpd config</h2> <p>I only needed to change one line in my main config file: which auth.cnf file to include:</p> <div class="code"><pre class="code literal-block">RewriteEngine On RewriteRule ^/radicale$ /radicale/ [R,L] <span class="nt">&lt;Location</span> <span class="err">"/radicale/"</span><span class="nt">&gt;</span> ProxyPreserveHost On Include conf.d/auth-gssapi.cnf Require valid-user AuthName "GSSAPI protected" ProxyPass http://localhost:5232/ retry=20 connectiontimeout=300 timeout=300 ProxyPassReverse http://localhost:5232/ RequestHeader set X-Script-Name /radicale <span class="nt">&lt;/Location&gt;</span> </pre></div> <h2>Changes to auth-gssapi.cnf</h2> <p>I added entries to auth-gssapi.cnf, which was mostly complete.</p> <div class="code"><pre class="code literal-block"><span class="n">AuthType</span><span class="w"> </span><span class="n">GSSAPI</span><span class="w"></span> <span class="n">GssapiUseSessions</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="k">Session</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">SessionCookieName</span><span class="w"> </span><span class="n">s1_session</span><span class="w"> </span><span class="k">path</span><span class="o">=/</span><span class="p">;</span><span class="w"></span> <span class="n">GssapiCredStore</span><span class="w"> </span><span class="nl">keytab</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">httpd</span><span class="o">/</span><span class="n">keytab</span><span class="w"></span> <span class="n">GssapiCredStore</span><span class="w"> </span><span class="nl">ccache</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">httpd</span><span class="o">/</span><span class="n">krb5</span><span class="p">.</span><span class="n">cache</span><span class="w"></span> <span class="n">SessionHeader</span><span class="w"> </span><span class="n">S1SESSION</span><span class="w"></span> <span class="n">GssapiSessionKey</span><span class="w"> </span><span class="k">file</span><span class="err">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">httpd</span><span class="o">/</span><span class="n">gssapisession</span><span class="p">.</span><span class="k">key</span><span class="w"></span> <span class="n">GssapiImpersonate</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">GssapiDelegCcacheDir</span><span class="w"> </span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">httpd</span><span class="o">/</span><span class="n">ccache</span><span class="w"></span> <span class="n">GssapiDelegCcachePerms</span><span class="w"> </span><span class="nl">mode</span><span class="p">:</span><span class="mi">0660</span><span class="w"> </span><span class="nl">gid</span><span class="p">:</span><span class="n">apache</span><span class="w"></span> <span class="n">GssapiUseS4U2Proxy</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">GssapiAllowedMech</span><span class="w"> </span><span class="n">krb5</span><span class="w"></span> <span class="n">GssapiBasicAuth</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">GssapiBasicAuthMech</span><span class="w"> </span><span class="n">krb5</span><span class="w"></span> <span class="n">GssapiLocalName</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">GssapiNameAttributes</span><span class="w"> </span><span class="n">json</span><span class="w"></span> <span class="n">AuthBasicProvider</span><span class="w"> </span><span class="n">ldap</span><span class="w"></span> <span class="n">AuthLDAPGroupAttribute</span><span class="w"> </span><span class="k">member</span><span class="w"></span> <span class="n">AuthLDAPSubGroupClass</span><span class="w"> </span><span class="k">group</span><span class="w"></span> <span class="n">AuthLDAPGroupAttributeIsDN</span><span class="w"> </span><span class="k">On</span><span class="w"></span> <span class="n">AuthLDAPURL</span><span class="w"> </span><span class="ss">"ldaps://dns1.ipa.internal.com:636 dns2.ipa.internal.com:636/cn=users,cn=accounts,dc=ipa,dc=internal,dc=com?uid,memberof,gecos?sub?(objectClass=person)"</span><span class="w"></span> <span class="n">#GSS_NAME</span><span class="w"> </span><span class="k">returns</span><span class="w"> </span><span class="n">username</span><span class="nv">@IPA</span><span class="p">.</span><span class="n">EXAMPLE</span><span class="p">.</span><span class="n">COM</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">merely</span><span class="w"> </span><span class="n">needs</span><span class="w"> </span><span class="n">additional</span><span class="w"> </span><span class="n">rules</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">radicale</span><span class="o">/</span><span class="n">rights</span><span class="w"></span> <span class="n">RequestHeader</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">X_REMOTE_USER</span><span class="w"> </span><span class="ss">"%{GSS_NAME}e"</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="n">Does</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="k">work</span><span class="w"></span> <span class="n">#RequestHeader</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">X_GROUPS</span><span class="w"> </span><span class="ss">"%{AUTHENTICATE_memberOf}e"</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="n">mostly</span><span class="w"> </span><span class="n">useless</span><span class="w"> </span><span class="k">values</span><span class="w"></span> <span class="n">#RequestHeader</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">X_REMOTE_GSS</span><span class="w"> </span><span class="ss">"%{GSS_NAME_ATTRS_JSON}e"</span><span class="w"></span> </pre></div> <h2>Changes to radicale rights file</h2> <p>My radicale setup uses <code>/etc/radicale/rights</code> to define the ACLS. The examples in the file are very useful. I merely needed to repeat entries and add the domain name.</p> <div class="code"><pre class="code literal-block"><span class="err">#</span><span class="w"> </span><span class="k">default</span><span class="p">,</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">already</span><span class="w"> </span><span class="n">here</span><span class="w"></span> <span class="o">[</span><span class="n">principal</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="p">.</span><span class="o">+</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="k">user</span><span class="err">}</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">RW</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">entry</span><span class="w"></span> <span class="o">[</span><span class="n">principal-domain</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="p">(.</span><span class="o">+</span><span class="p">)</span><span class="nv">@IPA</span><span class="p">.</span><span class="n">INTERNAL</span><span class="p">.</span><span class="n">COM</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="mi">0</span><span class="err">}</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">RW</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="k">default</span><span class="w"></span> <span class="o">[</span><span class="n">calendars</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="p">.</span><span class="o">+</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="k">user</span><span class="err">}</span><span class="o">/[</span><span class="n">^/</span><span class="o">]+</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">rw</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">entry</span><span class="w"></span> <span class="o">[</span><span class="n">calendars-domain</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="p">(.</span><span class="o">+</span><span class="p">)</span><span class="nv">@IPA</span><span class="p">.</span><span class="n">INTERNAL</span><span class="p">.</span><span class="n">COM</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="mi">0</span><span class="err">}</span><span class="o">/[</span><span class="n">^/</span><span class="o">]+</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">rw</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="k">Specific</span><span class="w"> </span><span class="n">calendars</span><span class="w"></span> <span class="o">[</span><span class="n">user8-read-bgstack15-1</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="n">user8</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="n">bgstack15</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">R</span><span class="w"></span> <span class="o">[</span><span class="n">user8-read-bgstack15-2</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="n">user8</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="n">bgstack15</span><span class="o">/</span><span class="n">c86bcd9f</span><span class="o">-</span><span class="mi">7526</span><span class="o">-</span><span class="mi">8083</span><span class="o">-</span><span class="n">ca5c</span><span class="o">-</span><span class="n">c68bc664ae03</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">rwi</span><span class="w"></span> <span class="err">#</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">entries</span><span class="w"></span> <span class="o">[</span><span class="n">user8-read-bgstack15-1-domain</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="n">user8</span><span class="nv">@IPA</span><span class="p">.</span><span class="n">INTERNAL</span><span class="p">.</span><span class="n">COM</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="n">bgstack15</span><span class="w"></span> <span class="nl">permissionsS</span><span class="p">:</span><span class="w"> </span><span class="n">R</span><span class="w"></span> <span class="o">[</span><span class="n">user8-read-bgstack15-2-domain</span><span class="o">]</span><span class="w"></span> <span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="n">user8</span><span class="nv">@IPA</span><span class="p">.</span><span class="n">INTERNAL</span><span class="p">.</span><span class="n">COM</span><span class="w"></span> <span class="nl">collection</span><span class="p">:</span><span class="w"> </span><span class="n">bgstack15</span><span class="o">/</span><span class="n">c86bcd9f</span><span class="o">-</span><span class="mi">7526</span><span class="o">-</span><span class="mi">8083</span><span class="o">-</span><span class="n">ca5c</span><span class="o">-</span><span class="n">c68bc664ae03</span><span class="w"></span> <span class="nf">permissions</span><span class="err">:</span><span class="w"> </span><span class="n">rwi</span><span class="w"></span> </pre></div> <p>I find it worth duplicating entries, to accomplish my goal of being able to seamlessly download calendar events in my browser.</p>gssapihttpdkerberosproxyradicalehttps://bgstack15.ddns.net/blog/posts/2023/03/13/improving-radicale-kerberos-auth/Mon, 13 Mar 2023 13:12:45 GMTssh_config: new option in Devuan, March 2023https://bgstack15.ddns.net/blog/posts/2023/03/05/ssh-config-new-option-in-devuan-march-2023/bgstack15<p>From the apt-listchanges message for this month:</p> <div class="code"><pre class="code literal-block"><span class="n">openssh</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="err">:</span><span class="mf">9.2</span><span class="n">p1</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">unstable</span><span class="p">;</span><span class="w"> </span><span class="n">urgency</span><span class="o">=</span><span class="n">medium</span><span class="w"></span> <span class="w"> </span><span class="n">OpenSSH</span><span class="w"> </span><span class="mf">9.2</span><span class="w"> </span><span class="n">includes</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">number</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">changes</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">affect</span><span class="w"> </span><span class="n">existing</span><span class="w"></span> <span class="w"> </span><span class="nl">configurations</span><span class="p">:</span><span class="w"></span> <span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">ssh</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="err">:</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">EnableEscapeCommandline</span><span class="w"> </span><span class="n">ssh_config</span><span class="p">(</span><span class="mi">5</span><span class="p">)</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="n">that</span><span class="w"></span> <span class="w"> </span><span class="n">controls</span><span class="w"> </span><span class="n">whether</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">client</span><span class="o">-</span><span class="n">side</span><span class="w"> </span><span class="o">~</span><span class="n">C</span><span class="w"> </span><span class="k">escape</span><span class="w"> </span><span class="k">sequence</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">provides</span><span class="w"> </span><span class="n">a</span><span class="w"></span> <span class="w"> </span><span class="n">command</span><span class="o">-</span><span class="n">line</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">available</span><span class="p">.</span><span class="w"> </span><span class="n">Among</span><span class="w"> </span><span class="n">other</span><span class="w"> </span><span class="n">things</span><span class="p">,</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="o">~</span><span class="n">C</span><span class="w"> </span><span class="n">command</span><span class="o">-</span><span class="n">line</span><span class="w"></span> <span class="w"> </span><span class="n">could</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">used</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">additional</span><span class="w"> </span><span class="n">port</span><span class="o">-</span><span class="n">forwards</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="n">runtime</span><span class="p">.</span><span class="w"></span> <span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">option</span><span class="w"> </span><span class="n">defaults</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="ss">"no"</span><span class="p">,</span><span class="w"> </span><span class="n">disabling</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="o">~</span><span class="n">C</span><span class="w"> </span><span class="n">command</span><span class="o">-</span><span class="n">line</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">was</span><span class="w"></span> <span class="w"> </span><span class="n">previously</span><span class="w"> </span><span class="n">enabled</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">default</span><span class="p">.</span><span class="w"> </span><span class="n">Turning</span><span class="w"> </span><span class="k">off</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">command</span><span class="o">-</span><span class="n">line</span><span class="w"> </span><span class="n">allows</span><span class="w"></span> <span class="w"> </span><span class="n">platforms</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="n">sandboxing</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">ssh</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="p">(</span><span class="n">currently</span><span class="w"> </span><span class="k">only</span><span class="w"></span> <span class="w"> </span><span class="n">OpenBSD</span><span class="p">)</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">stricter</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="n">sandbox</span><span class="w"> </span><span class="n">policy</span><span class="p">.</span><span class="w"></span> <span class="w"> </span><span class="c1">-- Colin Watson &lt;cjwatson@debian.org&gt; Wed, 08 Feb 2023 10:36:06 +0000</span> </pre></div> <p>So I had to run this on all Devuan systems, to keep my ssh client command-line enabled.</p> <div class="code"><pre class="code literal-block">sudo updateval -a -v /etc/ssh/ssh_config '^\s*EnableEscapeCommandline.*' 'EnableEscapeCommandline yes' </pre></div> <p>Where <a href="https://bgstack15.ddns.net/blog/cgit/bgscripts/tree/src/usr/bin/updateval">updateval</a> is from my bgscripts-core package.</p>browserproxysockssshwebhttps://bgstack15.ddns.net/blog/posts/2023/03/05/ssh-config-new-option-in-devuan-march-2023/Sun, 05 Mar 2023 13:54:19 GMTsocks proxy commandhttps://bgstack15.ddns.net/blog/posts/2023/03/01/socks-proxy-command/bgstack15<p>Run this command.</p> <div class="code"><pre class="code literal-block">ssh -D 8880 <span class="cp">${</span><span class="n">USER</span><span class="cp">}</span>@proxyserver -n -f -N </pre></div> <p>Set socks proxy in browser settings.</p>browserproxysockssshwebhttps://bgstack15.ddns.net/blog/posts/2023/03/01/socks-proxy-command/Wed, 01 Mar 2023 14:29:10 GMT