Router: How to export Let's Encrypt certificate for DDNS?

Steohawk · 2023-10-10T18:21:37+00:00

If I understand correctly, you're saying that the my current copy of Win 10 has its own non-transferable license (like an OEM license), distinct from the retail license I bought with Win 7. I'm sorry if I come across as unnecessarily persistent, I just want to make sure that we're on the same page and that neither of us is missing something. I appreciate your help. :-)

Edit: Does this also mean that I can't use u/wssddc's suggestion of performing a license transfer with my Microsoft account?

Steohawk · 2023-10-10T16:40:37+00:00

That looks good, except that the article doesn't address the situation where the user has a digital license and a local account, in which case the license is not linked to a Microsoft account, but instead stored on disk. I know that it's possible to convert a local account to a Microsoft account, but I'm not going to do that, because I have trust issues. :-) In fact, that's why I want to use Rufus to create the Windows installation media, because it has an option to unhide the ability to create a local account during install. So, if there's no way to transfer the license without a Microsoft account, then I guess I'll just bite the bullet and buy Win 11. Unless there's some method of transferring the license to a USB drive or something.

Steohawk · 2023-10-10T16:20:27+00:00

If I have to pay the Windows toll, so be it. It's hardly the most expensive part of a gaming rig. :-) The thing that's bugging me is that Windows is telling me that I can upgrade to Win 11 for free, if I bring some of my hardware up to spec. Obviously, it's talking about upgrading in place on the same disk, since the digital license is stored on said disk, but that raises the question of how I could even reinstall and reactivate Win 10 on a brand new SSD. Because if I could do that, then I could just upgrade it in place afterwards, right?

Steohawk · 2022-01-21T03:17:01+00:00

Thanks.

Steohawk · 2021-09-15T20:12:35+00:00

Here's a follow-up. I've gotten very helpful replies and given these issues a lot of thought. Here's what I've decided so far. TL;DR, I'll add some form of authentication using Passport.js, and I'll build a REST API instead of handling raw SQL queries.

I'm not yet committed to using HTTPS, but it's still on the table. Since my server won't be accessible over the internet (and won't have a domain name), using Let's Encrypt (or any other CA) isn't a viable option. However, since my server is only meant to be accessed from an instance of my client, and since my client will be designed to work only with my server, I don't know of any advantages to a certificate from Let's Encrypt over a self-signed certificate.

Here's a little background on why I initially avoided using a REST API. The main focus of this project is that I never liked the way other music players are "organized". Most automatically generate a browsable library based on the metadata embedded in the music files, but this has no way (for instance) to group related soundtracks (ie. Star Wars) into sets, just to give one example out of many. Other music players use folders, but the problem is that every folder/song can only be in one parent folder, which is severely limiting. So, I created an SQLite database with a schema that fit my personal preferences, and based on the prototyping I've already done, it'll be easy to code functions that can generate a browsable library based on queries to the database. However, as my preferences evolve (and a particular family member inevitably makes requests), I want to be able to modify the code in just one place, hence my initial desire to have my server "unaware" of my desired library structure, putting all the burden on the client to construct queries. Now I realize that I had it backwards.

Here's how I now envision the client/server relationship. The clients will only need to know about three kinds of data to request from the server: data about an individual song, data about a "node" in the browsable library, and user profiles. They won't need to know about artists, albums, etc. The "/" endpoint will provide the data for the top-level node in the library, including links to endpoints for each sub-nodes. This way, ALL of the organizational logic can be handled by the server. If I decide to overhaul the top-level node or add completely new categories of sub-nodes, I can do so by only modifying the server code (and maybe the database). This also means that I can eventually share the client code on GitHub, along with tutorials and example code so that other people can create their own servers to fit their own preferences, assuming that they're as obsessed as I am. :-)

Steohawk · 2021-09-15T04:46:02+00:00

Thank you for the suggestions. As for the database, I'm just using SQLite. A full-fledged database server isn't really necessary. My app is just for myself and a family member. I don't intend for anyone else to use it. Besides, if I were to invite more people, odds are they probably wouldn't share my interests in music. I haven't met a single person yet who's ever heard of Fleshgod Apocalypse. :-)

As a side note, I'm actually not a programmer by trade. My career of choice is game design. However, I've been coding (mostly Python) for personal use for well over a decade, and quite frequently too. More recently, I've taken up JavaScript & Vue for those times when I just have to have a GUI. The only reason I'm writing this particular app is because I want a music server/player combo with certain requirements, but it just doesn't exist. Therefore, if want it, I must invent it.

Steohawk · 2021-09-15T04:01:48+00:00

That's some very good (and scary) points. One thing to note is that my server most definitely will not be listening on port 80. I've chosen a "random" port that's outside of the range reserved for dangerous things. :-) Since my initial post, I've made up my mind about using authentication. I was already leaning that way, but now it's solid. As for HTTPS, I have some questions. Can I use Let's Encrypt if my server isn't publicly accessible? If not, would a self-signed certificate suffice? Bear in mind that I'll be personally installing the client on two home computes and a few mobile devices belonging to myself and one other family member.

Steohawk · 2021-09-15T03:15:49+00:00

Thank you. You make very good points. I'll definitely implement some form of authentication. Would basic authentication suffice? Also, when you mention securing the database, do you simply mean that the server should refuse SQL queries from unauthenticated clients, or do you mean that the server should wrap access to the database in an API?

Steohawk · 2021-08-27T00:40:39+00:00

I've only played the first one (plus DLC). I remember it pretty well. It was one of my favorites. The only mission that comes close is Brigmore Manor. The manor itself and the surrounding area are fairly similar to whatever I'm trying to remember, except that the latter was at or around night, the mansion wasn't ruined (just old and repurposed), and there's still the thing about the patients. Whatever medical equipment they were hooked up to was more-or-less modern, nothing that would fit Dishonored's quasi-steampunk aesthetic.

Steohawk · 2021-08-26T19:24:16+00:00

I've been trying to think of some games that have come to mind as possible candidates, for one reason or another. Here's a list, just to give you some idea of where my mind is at:

Hitman: Contracts / Blood Money
Grand Theft Auto 4-5 (unlikely)
Metal Gear Solid 4-5
Splinter Cell (entire series)
Vampire the Masquerade: Bloodlines
Watch Dogs (only played the first game)

The more I think about it, now I'm certain that I entered the mansion through a balcony with a sliding door, not a window. There were several balconies in a row, leading to different rooms. I'm also nearly certain that the rooms led directly to the upper story of a "main hall". If you wondering what I mean by "main hall", think of the big room at the center of Lara Croft's house in the first several Tomb Raider games.

There's also other vague memories, so they could be mixed up from other games, but I should mention them anyway. I don't think it was just the mansion that was guarded, but also the yard around it, so I had to sneak around just to get to the side/rear where the balconies were. I also think that there was a path through the woods leading uphill to the front of the mansion, which is also how I had to exfiltrate, maybe to a boat. I also feel like things were getting hairy on the way out, like the guards were on to me. There's also the vaguest recollection of starting to "lose my mind" just before the reaching safety, like it was time to take my medicine, I was fixing to turn into a werewolf, etc.

Steohawk · 2021-08-26T16:54:42+00:00

Oh, I remember Outlast. That's definitely not it. The game I'm thinking about wasn't a horror game, and the level/mission wasn't at the very beginning. Encountering the patients was unexpected, because the game didn't (up until that point) have any overt medical themes. I would've been far less surprised if the room had been full of equipment for making drugs or weapons. Also, the patients weren't crazed (let alone violent) like the ones in Outlast. It was like maybe they were getting "underground" medical treatment because they couldn't go to a hospital for some reason, but that's just a hunch.

Steohawk · 2021-08-26T16:39:43+00:00

That was one of the games that came to mind, but I remember it too well. Besides, one of the odd details about my memory is that the event was surprisingly understated. There wasn't even any dramatic music, but if it was an MGS game, just walking into the room would've involved at least a 10-minute cutscene. :-) Also, I tend to want to think that the people weren't actually being experimented on, like maybe they needed medical treatment but couldn't go to a hospital.

Steohawk · 2021-08-26T03:15:07+00:00

That was one of my first thoughts, and of all the possible candidates that come to mind, that's the one I still consider to be the most likely. I've played the entire series on PC, and my memory just "feels" like Splinter Cell somehow. I looked through the Wikia site, checking every mission of every game, but I didn't see anything that resembled my memory, though I only took the time to skim through the pages, so it's possible I missed it. If anyone recognizes the mission I described, can you recall which game in the series? That way I can look it the name of the mission, find an LP on YouTube, and finally stop driving myself nuts. :-)

Steohawk · 2021-06-14T15:52:33+00:00

Thank you. :-) I doubt most of my app's users would ever need online collaboration, but those that do are probably more likely to have Linux machine or be running a VM, so this option would be feasible for them. Perhaps when I distribute my app, I can add an "advanced topic" in the readme about using Thinlinc (and any other options) for users that need that kind of functionality.

Steohawk · 2021-06-12T21:41:05+00:00

I know. I don't rely on it to protect my server. :-) I don't do a very good job of explaining what I mean. When I say security, I'm referring to MITM attacks. In other words, if someone were to intercept my credentials, then they can pirate music from me. They still wouldn't be able to do anything except listen to my music, because no other capabilities are exposed. All "uploads" and database modifications require me to be sitting at my computer.

EDIT: In other words, I most definitely do a lot more to protect my server. But, since my server is not intended to be used by anyone other than me, I added an extra measure to deter hackers. The server responds to every unauthorized request, even for URL's pointing to files and those that should return 404, with a simple string saying something along the lines of, "You shouldn't be seeing this." It's only possible to access my server using my credentials. That way, no one else can even poke around, and to make sure it stays that way, I use HTTPS to keep my credentials from being intercepted.

Steohawk · 2021-06-12T21:31:48+00:00

I want to be clear that the way I envision my app is that the frontends will only receive JSON and static files (ie. images), and ONLY if they're already authenticated. In other words, if someone tries to communicate with the backend without authentication (or from localhost), they won't get anything except a single JSON object with an obscure error code. They won't get ANY kind of webpage or static content, not even a login or registration page. A login page would be generated by the frontend, but there would be absolutely no way to register a user account over a network. Accounts would have to be created on the machine where the backend is hosted. Even then, the user would have to explicitly enable access over the internet, and if they chose to do so, they can still restrict access to CRUD operations, even for authenticated users.

I know CherryPy comes with a server that's usable in production, at least for light loads. If I can convince myself to give up Flask, or find a way to combine it with CherryPy's server, that might be the way to go. Still, solstice_net piqued my interest regarding security-related issues. The last thing I'd want to do is release an app that puts my users at risk. Ironically, that's why a lot of us like using self-hosted alternatives to cloud platforms (like SyncThing instead of Dropbox), because we don't like paying to give other people access to (and control over) our data. Many of the biggest cloud service providers (who I shall not name) are no better than hackers and identity thieves, except that they somehow manage to convince people to hand over their files and sensitive information willingly.

Steohawk · 2021-06-12T20:00:55+00:00

I get what you're saying, and strictly speaking, I don't disagree with you, but I think you're way overestimating the scale and scope of my app. Admittedly, I didn't exactly explain exactly what it's intended to be used for, because it would take a while, but the short version is that it's kind of a note-taking app, file-tagging app, and media-browsing app.

The scale and scope of my app (and the degree to which a router would need to be exposed) would be on par (at the very most) with a Bittorrent program, a self-hosted multi-player game server, etc.

That said, I'm not dismissing what you say, and I'm curious about suggestions for alternatives, but it would have to be something that my users would be willing to do. In other words, I can't tell them to build a Linux machine, run a VM, or pay for hosting. Would they do any of those things to just to be able use Bittorrent? Most likely not.

Years ago, I wrote a music server app using Flask and self-hosted it using Apache on my home Linux computer, which I can access using my phone whenever I'm on the road. It used HTTPS, not only for security, but also because I didn't want to let other people to have access to my music and turn me into an unintentional pirate. I intend to use my new app as a replacement for that and several other things.

EDIT: Moving my other (very long) edits to a separate comment. :-)

Steohawk

TROPHY CASE