One solution to escape the cage of firewalls around you and reach your beloved server is
Install Ajaxterm on Gentoo
These are the steps I followed, they should complement the explanation of the wiki of Ajaxterm, created by Antony Lesuisse.
1. setup a Dyndns account and ddclient
Publish the IP address of your router first with these steps:
Visit Dyndns, register an
account and your host. Choose a freely available DNS name
like In Launch and register ddclient with
2. install Ajaxterm
If launching ajaxterm fails with [!!], do the following:
At the bottom of the file If launching ajaxterm still fails with [!!], in
Once ajaxterm starts with a green [OK], point a Javascript
enabled browser (the text based links or lynx do not work!)
to It's time to register ajaxterm to the default runlevel with
3. Emerge and configure Apache
In the wiki of
Ajaxterm, it is suggested to use Apache as SSL tunnel to
Ajaxterm, this for security reasons.
Let's build an apache with some modules ;-)
USE="ssl" emerge -av apache
Make sure that Configure the SSL tunnel with
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /ajaxterm/ http://localhost:8022/
ProxyPassReverse /ajaxterm/ http://localhost:8022/
</VirtualHost>
[...]
Start and register Apache2 with
4. create a certificate for Apache
Here the steps to create a self-signed certificate are
described:
Remove the passphrase with
Convert the request into the signed certificate:
Indicate to apache where to find the signed certificate and
the key:
Source for these steps: Apache SSL
docs
5. configure NAT on your router
Login to your router, go to the NAT section and forward the
port 443 to the server where Ajaxterm is running...
That's all, from a caged environemnt, simply point your
browser to a Have fun!delta.dyndns.org
.
On your Gentoo box, install ddclient
USE="ssl" emerge ddclient
su
vi /etc/ddclient/ddclient.conf
ddclient.conf
enter your account details for
Dyndns.
/etc/init.d/ddclient start
rc-update add ddclient default
ACCEPT_KEYWORDS="~x86" emerge ajaxterm
/etc/init.d/ajaxterm start
vi /etc/services
services
add
ajaxterm 8022/tcp
ajaxterm 8022/udp
/etc/init.d/ajaxterm
, change
the DAEMON
variable to
/usr/bin/python2.5
.
http://localhost:8022/
. If your Gentoo box
does not have Gnome or KDE on it, you can also point a
browser on the same network segment, e.g. to
http://192.168.1.33:8022/
.
Ajaxterm will welcome you with the login window :-).
rc-update add ajaxterm default
so that it survives reboot...
su
echo 'APACHE2_MODULES="authz_host actions alias auth_basic
auth_digest authn_anon authn_dbd authn_dbm authn_default
authn_file authz_dbm authz_default authz_groupfile
authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock dbd deflate dir disk_cache env expires ext_filter
file_cache filter headers ident imagemap include info
log_config logio mem_cache mime mime_magic negotiation proxy
proxy_ajp proxy_balancer proxy_connect proxy_http rewrite
setenvif speling status unique_id userdir usertrack
vhost_alias"' >> /etc/make.conf
D_PROXY
and
D_PROXY_HTTP
are defined in the
apache2
file:
vi /etc/conf.d/apache2
[...]
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D
SSL_DEFAULT_VHOST -D PROXY -D P
ROXY_HTTP"
[...]
vi /etc/apache2/vhosts.d/00_default_ssl_vhost.conf
[...]
VirtualHost *:443>
ServerName localhost
SSLEngine On
/etc/init.d/apache2 start
rc-update add apache2 default
openssl req -new > new.cert.csr
When asked for the CommonName
, give the DNS
name you chose (e.g. delta.dyndns.org). This is important to
make the self-signed certificate valid.
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req
-signkey new.cert.key -days 3650
vi /etc/apache2/vhosts.d/00_default_ssl_vhost.conf
[...]
SSLCertificateFile /path/to/certs/new.cert.cert
SSLCertificateKeyFile /path/to/certs/new.cert.key
[...]
https://delta.dyndns.org/ajaxterm/
and add a certificate exception, as the certificate was self
signed and not issued by a CA authority.