PageKite
Anyone here use PageKite for tunneling through CGNAT?
Still working on installing hubzilla on the Pioneer FreedomBox-HSK A20-OlinuXino-LIME2.
Yesterday I had installed it into a subfolder "/hub" of my domain (even though instructions say it's required to be installed in top domain or subdomain). Seemed to be working OK, other than when I was single-signed on here in this forum, and clicked on Go Home,, my browser took me back to mydomain/plinth instead of mydomain/hub. No biggie, but not sure of what else in hubzilla might get broken when installed in subpath of main domain.
Anyhow, so I dropped my hubzilla database and started anew with the hope of installing hubzilla in subdomain "hub.mydomain.com" and then getting LetsEncrypt SSL cert to use with apache2 SNI virtualnamehost.
Finally got to mucking around in the debian apache2 configuration and guess it follows modern apache2 layout. My other hubzilla server runs on nginx, so I'm more comfortable with nginx, but think I've gotten the gist of apache2.
Here's the rub --- I don't think it's possible to configure PageKite to have more than one tunnel per service.
So if I have a kite CNAME for www.mydomain.com, LetsEncrypt will succeed in verifiying a SSL cert for that domain.
Debian / Freedombox configures PageKite in /etc/pagekite.d
Relevant parts of my kite configuration:
/etc/pagekie.d/10_account.rc
#Define some variables
kitename = shorehub-shorehub.pagekite.me
kitesecret = <supersecretkey>
domain = www.mydomain.com
/etc/pagekite.d/80_http.rc
service_on = http:@kitename:localhost:80:@kitesecret
service_on = http:@domain:localhost:80:@kitesecret
/etc/pagekite.d/443_https.rc
service_on = https:@kitename:localhost:443:@kitesecret
service_on = https:@domain:localhost:443:@kitesecret
With the above setup, everything works, and http:;//freedombox.local/plinth/sys/pagekite shows my two services on ports 80 and 443 working correctly with my pagekite names. Trying to add a subdomain service_on in the above setup breaks everything and my formerly working pagekites get shown as NONE. Don't think it can be done.
If my ISP was not using Carrier Grade NAT to block all my ports I wouldn't need the pagekite tunnels as a work around.
And I could define as many CNAME subdomains as I want on namecheap and get LetsEncrypt to verify the certs and both modern nginx and apache can use Server Name Indication (SNI), so running hubzilla on a home server behind NAT would work just fine.
The default FreedomBox apps are all configured in /etc/apache2/conf-available.
All share a single SSL cert for the top domain. Each app is accessible from a subpath of the top domain.
A typical confiuration (for bepasty):
# cat bepasty-freedombox.conf
##
## On all sites, provide bepasty on a path: /bepasty
##
# Redirect /bepasty to /bepasty/
<Location ~ ^/bepasty$>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/bepasty$
RewriteRule .* /bepasty/ [R=301,L]
</IfModule>
</Location>
<Location /bepasty/>
ProxyPass unix:/run/uwsgi/app/bepasty-freedombox/socket|uwsgi://bepasty/
</Location>
So my questions to the gurus here is might there be some ReWrite magic rule which would allow hubzilla to be installed to a subpath of the top domain and still function correctly?
Thanks for any ideas.
