Bjarni Rúnar Einarsson • bre@pagekite.net

RMLL 2011, Strasbourg

A project sponsored by the Rannís technology development fund.

A big goal:
Freedom in the Web

Companies control our data!

On centralization...

The web is centralized, in the cloud
- Most devices are mere consumers - browsers
- Everything has to be "uploaded"
- 3rd party hosting is the norm
... so the power is centralized ...
- Terms and Conditions
- Privacy Policies
- Censorship, DMCA, data retention laws, ...
... and users of the web are less free as a result.

Can we ...
Host our own sites?

Why not? A bit of history.

Once upon a time ...

Web-servers were "high tech"
Servers were expensive and "high tech"
Desktops were insecure.
We ran out of IPs! ... on 03.02.2011.

My radical argument: only 4. is a major issue today

Enabling (web)servers everywhere

A server on every computer! But how?

Share public IPs, simplify configuration.
Tunnels and reverse proxies!
... other solutions:
- {Squid,Apache,lighttpd,Varnish} & {ssh,ssltunnel,VPNs}
- Tor hidden services & www.tor2web.com
- Opera Unite
- Localtunnel, ReverseHTTP, Yaler, ...
pagekite.py & pagekite.net
IPv6?

Components of a reverse proxy solution

Three roles:

The Server
On your computer: Apache? Diaspora? OpenSSH?
The Front-End
A reverse proxy server, in "the cloud".
Public IP address, fast connection.
The Back-End
On your computer.
Connects the Server to one or more Front-Ends.
Updates DNS, reconnects as necessary.

How it works (diagram)

pagekite.py + pagekite.net

Introducing pagekite.py

pagekite.py implements a tunneled reverse proxy.

General features ...
- Free as in Freedom Software (AGPLv3)
- Designed to be easy to use and deploy
- Is an HTTP and HTTPS reverse proxy - and SSH, VNC, finger ...
- Protocol-agnostic tunneling:
  - Tunnels through firewalls and NAT (outgoing TCP)
  - Uses adaptive compression (zlib)
Plays many roles:
- Front-end
- Back-end
- HTTP, HTTPS & finger server

Limitations

There are some technical limitations ...

HTTP
HTTP/1.0 and 0.9 might not send Host: headers.
HTTPS
Relies on SNI (variable browser support)
... or TLS cert at front-end (so not end-to-end)
SSH, VNC, ...
Relies on HTTP Proxy support in the client.

Needing a front-end isn't optimal. But it works pretty well!

A trivial example

This is one way to enable SSH and make a web server on localhost visible as http://bar.foo.net/, ...

foo.net $ sudo pagekite.py --isfrontend \
 --ports=80,443 --rawports=22 \
 --domain=raw,http,https:*.foo.net:s3cr37

laptop $ pagekite.py \
 --frontend=foo.net:443 \
 --backend=http:bar.foo.net:localhost:8000:s3cr37 \
 --backend=raw/22:bar.foo.net:localhost:22:s3cr37

(usually one uses a configuration file)

Introducing pagekite.net

pagekite.net is FOSS start-up: a public Front-End service

Goals ...
- Work on Software Freedom full-time!
- Make the tech. available to non-technical users
- Fund pagekite.py and related development
Success! We got a government grant for next 2 years!
Features
- Geographically distributed, managed front-ends
- Use name.pagekite.me or your own domain
- Unlimited subdomains, free wildcard SSL
- Privacy friendly: anonymized logs, simple ToS, www.IMMI.is
- A subscription service ... no ads, no data-mining

Using pagekite.net

Same example as before, this time using pagekite.net ...

laptop $ pagekite.py \
 --defaults \
 --backend=http:foo.pagekite.me:localhost:8000:s3cr37 \
 --backend=raw/22:foo.pagekite.me:localhost:22:s3cr37

Bonus: https://foo.pagekite.me/ - zero config SSL!

No static IPs
No router config
No firewall config
No crypto config

... it just works!

What people use PageKite for

Some of the use-cases I have seen so far:

My android: https://droid-bre.pagekite.me/
4 Linux VMs on a gaming rig at home: my own "cloud"
Web designers demoing designs from their laptops
Teachers publishing class material off recycled hardware
Arduino hackers sending data to Pachube.com
Remote HTTP or SSH+VNC admin of embedded hardware

Thimbl, Tahoe-LAFS, VLC video, FreedomBox, ... basically any time the network gets in the way!

Demos and Q and A?

Demos?
Questions?

www.pagekite.org

www.pagekite.net/slides/rmll2011/

irc.freenode.net: #pagekite

Bonus FAQ slide!

But my $device isn't on-line all the time!
- Do all websites need to be highly available?
Isn't proxying everything really slow?
- Reduced RTT and compression actually make things faster!
Isn't SSH port forwarding Good Enough?
- Port forwarding is not user friendly.
- Port numbers in URLs are ugly and do not scale.
Isn't pagekite.net a centralized service too?
- PageKite is a router, not a data store.
- It's FOSS, you have choice & can run your own.
What about backups?
- Yes, you still need backups. :-)

Thank you!

Merci beaucoup, RMLL !