Server side tools to keep WebOS 2 & 3 devices functional after the demise of Palm.
Create a new directory for your Squid docker container:
mkdir -p sslbump
cd sslbump/Get the latest release of squid-alpine-ssl release:
curl -s https://api.github.com/repos/alatas/squid-alpine-ssl/releases/latest | grep "browser_download_url.*docker.zip" | head -1 | cut -d : -f 2,3 | cut -d '"' -f 2 | xargs curl -L -o release.zip ; unzip release.zip ; rm release.zipIn order for this to work you may need to install unzip. Debian example:
apt install unzip
Edit your squid.conf:
vi conf/squid.confHere is a squid.conf example:
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
# ftp
acl safe_ports port 21
# email
acl safe_ports port 143
acl safe_ports port 110
acl safe_ports port 993
acl safe_ports port 995
acl safe_ports port 587
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
#http_port 3128
icap_service_failure_limit -1
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
# Squid normally listens to port 4128 for ssl bump
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid-cert/private.pem key=/etc/squid-cert/private.pem
ssl_bump server-first all
always_direct allow all
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 30 20% 4320 reload-into-ims
range_offset_limit 200 MB
maximum_object_size 200 MB
quick_abort_min -1
Edit your docker-compose.yml:
vi docker-compose.ymlHere is a docker-compose.yml example:
version: "3"
services:
squid-alpine-ssl:
image: alatas/squid-alpine-ssl:r3
environment:
- CN=squid.local
- O=squid
- OU=squid
- C=HU
ports:
- "3128:3128"
volumes:
- ./log:/var/log/
- ./conf/squid.conf:/etc/squid/squid.conf
- ./cache:/var/cache
- ./cert:/etc/squid-cert
restart: alwaysOnce happy with the configuration file run docker-compose up. If everything worked fine, hit CTRL-C and restart your container using docker start sslbump_squid-alpine-ssl_1.
docker-compose up
docker start sslbump_squid-alpine-ssl_1Missing docker-compose?
sudo curl -L --fail https://github.com/docker/compose/releases/download/1.29.2/run.sh -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose
The instructions below are obsolete and are kept here for reference only. Use the following docker image instead: https://hub.docker.com/r/h8pewou/legacy-webos-youtube-service
This is based on codepoet80's great work.
- Create a new directory for metube related files
WEBOS-METUBE=<Path to your metube directory>
mkdir $WEBOS-METUBE
cd $WEBOS-METUBE
-
Clone the metube wrapper from git
git clone https://github.com/codepoet80/metube-php-servicewrapper
-
Create a config file based on this:
-
You will have to change the values in the config file! Obtain your Youtube API key from Google.
nano metube-php-servicewrapper/config.php
-
Create your docker-compose.yaml based on this:
-
This works without any modifications but it only contains the bare minimum configuration.
nano docker-compose.yml
-
Download the Dockerfile:
-
Create the settings/000-default.conf
mkdir settingsnano settings/000-default.conf- Add the following contents:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Files ~ "\.ini$">
Order allow,deny
Deny from all
</Files>
</VirtualHost>
- Create the run.sh
nano run.sh- Contents:
rm -f /var/run/apache2/apache2.pid
apachectl -DFOREGROUND
-
Bring up your docker containers
docker-compose --file docker-compose.yml --project-name metube_webos up --detach
-
Check if everything came up fine:
docker ps
-
Set permissions on downloads
chown www-data downloads
-
Logs are available here:
docker logs -f metube_webos_wrapper_1
-
Next step: setup a clean-up solution for $WEBOS-METUBE/downloads
- Example clean-up script is available at $WEBOS-METUBE/metube-php-servicewrapper/youtube-cleanup.sh
- Crontab example:
9 9 * * * /usr/bin/find /home/metube-webos/downloads/*.mp4 -type f -amin +100 -exec rm -f {} \;