rejetto forum

Software => HFS ~ HTTP File Server => F.A.Q.s => Topic started by: AvvA on June 16, 2009, 09:01:08 AM

Title: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on June 16, 2009, 09:01:08 AM
Sujet français ici ! (http://www.rejetto.com/forum/index.php/topic,7080.0.html)

January 30, 2011
(http://z1.zod.fr/z/usbkey-MVM.jpg) Portable pack (http://freedom.rulerz.online.fr/sHFS/sHFS_v0.7.exe) - (3540 Ko) - (MD5 : 6829421d4ba6e48945740d5a83389a5f) - auto-extractible 7zip archive.
GUI v0.7 (Français/English) - HFS 2.3 beta Build #273 Français & English - stunnel 4.35b1 - openssl 1.0.0c 32bits - C++ 2008 dll 32 bits

This should work on Windows NT and above, on 32 and 64 bits versions.

Sources (AutoIt 3) (http://freedom.rulerz.online.fr/sHFS/sHFS_v0.7_sources.7z)
(MD5 : c530a16b27a5b658c4fd32e68d20820d)


(http://z1.zod.fr/z/easy-tab-us-m7O.t.jpg) (http://z1.zod.fr/z/easy-tab-us-m7O.html) (http://z1.zod.fr/z/files-tab-us-o7O.t.jpg) (http://z1.zod.fr/z/files-tab-us-o7O.html)   (http://z1.zod.fr/z/advanced-tab1-en-zVM.t.jpg) (http://z1.zod.fr/z/advanced-tab1-en-zVM.html) (http://z1.zod.fr/z/advanced-tab2-en-AVM.t.jpg) (http://z1.zod.fr/z/advanced-tab2-en-AVM.html)



Hello :)

First, native english people, please forgive my dirty english ;D (well, non-native : just suffer the poor quality :p)

This project purpose is to quickly have a safe way of transfering files.
I created nothing but the GUI, all the flowers should and will go to rejetto for his HFS server, Stunnel team for their great tunnel and OpenSSL for their greats keys et locks. Some will go to ~GeeS~ and SilentPliz, who made the tutorials that guide me to make the GUI, and to the documentation writers of Stunnel and OpenSSL who's have made things quite good.  :-*
I just made some little modification when coding according to ~GeeS~'s tutorial, because you don't want to fill certificate information in a dos box, hum well... I guess ^^'
I also decided to leave you free of changing almost anything in it, but it's not necessary :)

As a legal notice, OpenSSL ask to include the following :
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)


Tested on these systems
32 bits
- XP SP2,SP3
- Vista Premium SP1
- Seven Pro
64 bits
- Vista Ultimate SP1
- Seven Pro
*A small answer here, saying your OS and if its 64 or 32 bits, and if it works or not, will always be welcome in here :)*

archive contents :
- HFS beta 242 and HFS beta 242 FR
- STunnel
- OpenSSL 32 bits
- confmakr.exe : the GUI
- confmakr.ini : contains language options for confmakr
- confiles folder : contains ini et language files
- DLL C++ 2008




Portable Application
I use this word but I can't assure you that it won't write anything in registry or elsewhere (if someone up to test...)
Portablility is here fonctionnal, that mean you can execute from USB stick, or anywhere on your fixed hard drive, it'll work.
*This should be better, as I included the necessary dlls files*

How to use :

Rappels :

What files are created by confmakr.exe (with the default confmakr's configuration)
confmakr.exe create : X:\your folder\sHFS\hfs.ini
confmakr.exe create : X:\your folder\sHFS\hfs.events
confmakr.exe create : X:\your folder\sHFS\stunnel\hfstunel.conf
confmakr.exe create : X:\your folder\sHFS\stunnel\pem.conf
openssl.exe create   : X:\your folder\sHFS\random.rnd
openssl.exe create   : X:\your folder\sHFS\stunnel\hfstunel.pem

stunnel.exe by running will create : X:\your folder\sHFS\stunnel.log
hfs should modify : X:\your folder\sHFS\hfs.ini and create all files that you order it to :)


Voilà :)
If you see a problem, or have a difficulty understand a translation i've made, please, tell me :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on June 25, 2009, 11:15:29 AM
So, as I like you to know what you're doing, here is the way to take Stunnel, OpenSSL and HFS from the originals site, and rebuild this pack from scratch.
*Folder structure must be like below if you use my GUI*
X:\your folder\confmakr.exe
X:\your folder\confiles\languages.lng files and confmakr.ini
X:\your folder\sHFS\hfs.exe
X:\your folder\sHFS\stunnel\stunnel.exe
X:\your folder\sHFS\stunnel\openssl.exe

- Create a folder called as you want,
- copy confmakr.exe and confmakr.ini and also \confiles folder, you can take this alone with the source archive. (or you can bypass this step and follow the great ~GeeS~'s tutorial (http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server) ^^)
- Create a subfolder \sHFS, copy inside hfsXXXXX.exe (XXX is the Build number XX language "code", actually #242 FR or EN).
*If you plan on using another language than French or English, check the confmakr.ini file.*
- Create \stunnel subfolder, download Stunnel windows binaries (http://www.stunnel.org/download/binaries.html) in it, right click on stunnel-X.XX-installer.exe, unzip here.
Quote from: obsolete at v0.7]- Create a subfolder [b]\openssl[/b],
- Download and install [b]OpenSSL[/b] (http://www.slproweb.com/products/Win32OpenSSL.html), and perhaps also the redistribuables C++, at the same address, only if needed (if it is required, you'll get an error during OpenSSL installation, so to know if you need it, just try to install OpenSSL first without the redistribuables ;) ).
- [b]Copy[/b] the content of the [b]bin[/b] folder from [b]OpenSSL installation[/b] and [b]paste it to[/b] X:\your folder\sHFS\stunnel\OpenSSL, you should have the same folder structure as the one in the begining of this post now.
- Uninstall [b]OpenSSL[/b].[/quote]
[quote="from v0.7
- take openssl.exe from here (http://ftp.nluug.nl/pub/networking/stunnel/openssl/)(take the last version), a miror given on Stunnel website (http://stunnel.mirt.net/?page=downloads).
- copy it in stunnel folder, next to stunnel.exe.
you can still take C++ redist files from slrproweb if you need them (from the previous quote). (I have to test if OpenSSL compiled on Stunnel site requires them, for now I keep them).


About the redistribuables, it's not because you had to install it in order to install OpenSSL that it means that you need them to use OpenSSL. I suggest you just try it out :)
Uninstall them in all cases, and try to make a key and a certificate (either with my GUI or with the command line given by GeeS)

From there, execute confmakr.exe and follow the classic steps, summed up in the first post, without unzipping, implicitely ^^.


Now, here's the last changelog :

v0.25
- re-re-do the language system :
Create an ini file to store "language code = language filename" and the default language,
confmakr will check your current windows country code (hexadecimal), if found apply, if not, keep the default file (english by default, can be changed in the confmakr.ini file.)
- languages are stored in a folder called conflang, instructions on how to add a language include in infos.txt in this folder.
- re-do the way hfs.ini is processed : Keep all settings and change only the ones from confmakr that are checked, or filled for the fields.
- include HFS french (hfs242FR.exe) and original english version (hfs242EN.exe) in archive, GUI copy/rename appropriate one as hfs.exe, according to the language in use and ini file. The purpose is to have only 2 archives, one 32 bits other 64 bits.
-  removed shfs.exe and add a shortcut creator button that will make shortcut on the desktop to shfs.bat (it launches STunnel then HFS).
- all IPs are determined with windows WMI, local network adress is calculated with the subnet mask (AND)
- add 3 options relative to key et certificate in advanced tab
- add a kind of scheme in advanced tab, purpose is to make you understand the routes taken, it's in work state and don't include HFS local HTTP sharing.


If you want the whole changelog, download the sources files, it's in there :)

As he says, enjoy  ;D !
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: TCube on June 25, 2009, 12:02:49 PM

AWESOME WORK !!!!


AvvA ... one of the few   8)

Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: SilentPliz on June 25, 2009, 12:14:26 PM
Chapeau bas ! 8)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on June 25, 2009, 12:24:23 PM
Thanks :)

And also I have forgotten, if you want a feature, need help to understand how to translate, or anything else, ask in there, i'll try to answer you with my best :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: TCube on June 25, 2009, 12:34:50 PM
"... need help to understand how to translate, or anything else, ask in there, i'll try to answer you with my best :)..."

SP and "me-self" could give U an hand anytime (we've done it together age ago for the HFS VF first release )
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on July 07, 2009, 09:18:42 PM
First, I would like to apologize for those of you who test the sHFS confmakr v0.25 and end up with an error 0 or error -1, it was a basic coding error, it's now gone :)

Download stats about v0.25 gives 12 downloads for the 32 bits version and 3 for the 64 bits, also 4 peoples find interest in downloading source files.


I've got time part

Well, this release is late, because I was fighting against wind mills, in others words, I tried to implement some functionalities impossibles to achieve with AutoIt... So, once discovered, I re-oriented my walk to present you this... sorry for the long changelog...

Code: ("confiles/versions.txt") [Select]
sHFS confmakr v0.45 ERWG

correction of bugs introduced with v0.25  :
- local network in a HFS ban rule must be network.* (ie : 192.168.1.*), the base routing address (192.168.1.0) do not work properly.
- Resolve the bug stopping confmakr.exe from running if your local IP was the last one.
- Resolve the wrong parsing of the unban line when local network allowed on HTTP.

more functionality :
- add facultative hfs.events lines :
   * launch Stunnel with HFS
   * quit Stunnel with HFS
   * del stunnel.log on quit
- remove SHFS.bat (as it becomes useless with changes up there), change the shortcut made with the button (now point to hfs.exe),
- add easy and advanced mode, easy mode automaticaly using pre defined options (switching between mode keep easy mode's visibles parameters)
- remove the scheme thing as I add a probe port button ( \o/ ), with error handling on listening (wrong IP, wrong port, port in use), and to connect to the listening port (unreachable, timeout, and all others as I link the error code to the windows error page).
- the "get my ip" button now check on avva.3ka.fr, alternative stays on whatsmyip.com
- add stunnel log level adjustment, and no stunnel log checkbox.
- add possibility to watch configurations files maded.
- add possibility to wash unnecessary files.

less schism :
- add fields characters limits, according to RFC-3280 (http://www.ietf.org/rfc/rfc3280.txt).
- insert blank lines between key and certificate, as said in Stunnel documentation.
- correct the way Certificate CN was handled with HFS custom-ip. Now, it asks to add the port to HFS's URL bar if it's determined as necessary, if you cancel you'll get exactly what was written in the domain field.
- re-arrange GUI :)

need to be tested more widely before certifying :
- I think I handle the x64/x86 problem, only one version for all Windows systems :)
- also in the same vein, searching more deeply into VC++ redist and watching dlls used by openssl.exe, I think I found all necessary dlls. \o/

That leads to a real portable version ! (But only leads not reaching, for now :)
Well I hope so, and count on all of you to tell me if I'm wrong :)

This release change some basics functions, I'll edit the first and second post to reflect this (screenshots, folders, needs...)
But as this version seems (at least ^^) to be independant of the Windows OS that runs it, there is no urge :p

In the meantime, the major thing to know is that I isolate the VC++ dlls, and discover with pleasure that they were compatibles with 64 bits versions of Windows (Vista & XP, I don't test Seven for now). I don't know what wasn't right in the firsts releases for me to think I need to make à 64 and 32 bits versions :/
But well, it seems to be resolved, and I thank I to try it again, without another throw at it, I still be compiling in 64 & 32 bits ;D
nomade apps perhaps this time :)
These improves justify it's name part WG ;D

The second real change is the easy/advanced mode switch, there are still some bugs, but they concern the guys (and girls) that will search to make my GUI crash, as it concerns the advanced/easy mode switch after having created the configurations files (this is not the normal way of using my GUI, as when files are created you just eventually create a shortcut and quit the GUI).
Anyway, they won't be here anymore in the next release.

The third improvement concerns the test phase.
The "Get my IP" button now points to one of my server, and assure you it will respond because there is no check, it only returns your public IP. The "Probe port" button also link to one of my server and just try to connect to the port given.
The scheme is as this :
- The GUI tries to open the port in TCP in listening mode, if not possible it informs you.
- If possible it sends a request to my server with the port number.
- my server reads the port, and uses the IP that makes the call to respond.
- it just does a PHP TCPconnect, with some errors handling.
- it sends the result to the requesting IP, after 10 seconds of trying to connect, with the error code if I didn't handle it (there are too many...)
- GUI shows the server answer and close the port.

Well, that's the majors things about this release, others are in the versions infos in the quote.


For those who will want to test this one, I have to inform you of an error you could fall on :
I found that sometimes, an error popup, but without crashing the GUI, still didn't found the sourcebut I have some clues..., also, if you change mode after having created the conf files, you'll have some visuals incoherences in the GUI, because of tab pos, this won't break the config files creation, it's just visually messy.
To summarize, this version won't be tolerant after configurations files are created, I still don't resign to lock the mode switch after configuration maded, I'm on it, and I'll find what's wrong for the next release. In any case, don't worry, it's not an important error, as all configurations files will be created/modified before, and your sHFS server will work.
These bugs justify it's name part ER ;D


I've got no time part

Well, just download the archive, eventually check the MD5, then decompress the archive.
You'll be with a sHFS v0.45 ERWG folder, open it.
Launch confmakr.exe.
- Fill in your public IP or Domain name, a free (and redirected if behind a router) port to listen on, and click the large button at the bottom.
or - You also can click on the upper right button to switch to advanced mode, wich will show you the default values that I use in easy mode, and leave you free of modifying any of them.

Normally, you'll end up with a functionnal HTTP server wrapped HTTPS via Stunnel.
Connection info to give to your visitors will be visible in HFS URL's bar.


So, let's try it :)

PS : All files linked in the first post for convenience :)


@TCube : I self would appreciate any help with my own english translations, because I know I'm far from a good translator :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: rejetto on July 13, 2009, 09:00:24 AM
i found the time just for a quick look (also because i don't need SSL myself),
but this looks like a major project and i forgot to express my congratulations!
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on July 13, 2009, 04:14:58 PM
Thank you, this goes to my heart ;)
I didn't congratulate you for your HFS but i don't think differently, it is a real easy-to-go HTTP server, and cherry on the top of the cake, customisable !
I really like a lot programs that bring hard and tricky things diluted to the point that novice or non-informatician can understand.

So, Thanks to you Mr rejetto, you're one of the great soul of this world :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: ElSid on July 30, 2009, 04:50:11 AM
AvvA,
This appears to be an interesting project.  I have a question that was not apparent ...
Does this work with DYNDNS or any other service that redirects your IP address if it is dynamic?
Thanks
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on July 30, 2009, 12:35:15 PM
Yes ElSid :)
The next version of this GUI will be more explicit about this, but for now, you just have to fill your domain name, and listening port. Fill in External IP isn't necessary as you'll update it via DynDNS (NoIP, Afraid...).

Next, you'll have to configure your username, password and update url into HFS, here (http://www.rejetto.com/wiki/index.php/HFS_Frequently_Asked_Questions_%28English%29#Does_HFS_work_with_my_dynamic_net_address_.28dynamic_DNS.29.3F)  is the wiki link, but it's really light :)
I found this tutorial (http://www.techmalaya.com/2008/05/11/hfs-file-server-dyndns/), but I wonder if it really use all HFS possibilities, as they say that you'll have to run a program from your DNS updater service...
As you give to HFS the user, pass and update url, I can't see the necessity of another program to update...


After this, don't forget that even with a domain name, your visitors have to explicitely give the port number in called URLs.
If your (dynamic/static) domain name is : mydomain.org
your HFS listening port is : 44300
your Stunnel listening port is : 555
your HFS's custom-ip should look like : mydomain.org:555 (that's what you put in the domain name field of my GUI)

your visitors can log at : https://mydomain.org:555/

Of course if you use your CSU/DSU in modem mode (your computer's IP is your external IP), you can listen on port 443, as it's the official HTTPS port you won't have to put it in the domain name field.


Well, I hope this answers you :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: ElSid on July 30, 2009, 03:59:55 PM
I set up my DNS to "webhop".  My ISP blocks port 80 and I opened up port 8080 on my router.
Without webhop:  XXXX.dynYYY.com:8080/
With webhop XXXX.dynYYY.com.
I am interested in the project as I keep my server (still learning to use it) on a flash drive and most of my files are on a portable drive.  When I travel and use another persons computer, I just force my external drive to be drive letter ?.  Viola, my server is up and running
(Very handy when my last computer crashed, I just switched to my wifes laptop while I reconstructed the hard drive)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on July 30, 2009, 06:28:59 PM
Hum ^^
In fact i wrote a paragraph about that, but deleted it because I find this is not "transparent" to the eyes of your privacy ^^
But yes, you can do this.
You can also make a classic DNS A record that point to your current IP, and then a Webhob/Web forwarding from this A record to this A record:port (like you do actually).
This way you'll have to update the IP linked to the A record only, the webhop will follow (as it will search for the A record).

This means where ever you launch the server from, you'll be accessible from your domain name, without port.
But perhaps you already do this :)


Why don't you extract this GUI archive directly on your portable drive ?
Then you can make 2 batch files :
The first (assign.bat i.e.)
subst X: %CD%

The second (free.bat i.e.)
subst X: /D

Where X: is the drive letter required. The 2 batches files must be at the root of your portable drive. The first is to launch before HFS, the second when everything HFS related is off, before unplugging the drive.

I didn't test, but this should work as it's a windows basic behavior.
Also, I don't know how you do usually, but I'm interested about :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on August 09, 2009, 01:16:48 PM
Well, I asked for all this in the previous post in order to see if I can do something with my GUI to help changing the drive letter, in exemple. But to accomodate, I need to know how users are using this GUI, and more how they use the Stunnel-HFS ensemble.
Anyway, thanks for those infos, i'll try to do something if it cames to my mind ^^


So, today is the release day of sHFS v0.51, here is the changelog :
Quote
bug corrections :
- switch easy/advanced now is clean even after configuration is done.
- asking to read all the files won't do error anymore.
- check existence of a file before trying to read it.
- read key & certificate with OpenSSL when all files are in a folder containing space in his name will now work.

adds/mods :
- reduce test port to 5 seconds.
- redo the easy tab with a kind of interactive scheme
- reading of key and certificate now uses openssl.exe instead of Windows's notepad, This deliver much more informations.
- files tab : erase GUI options added
- add php server side source files into source archive
- "progression" tab become "files" tab and also permanent
- code cleaning...

miss :
- construct the dynamic DNS url for HFS

As written, I need infos about how HFS handle dynamic DNS services, and that will be all for this part.
Next will come the need for a cellphone template, another one for multimedia purposes, and others templates relatives things.

Sorry for the rude scheme, but honestly, I use more time than needed on this in order not to include GDI features. This would have made some better quality graphic possibilities at the cost of a double sized GUI...
...thing that I can't do, as my GUI must not be bigger than HFS himself ! ;D


edit : look at the first post to get links.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: ~GeeS~ on October 06, 2009, 06:20:15 PM
Hi AvvA,

I'm just passing by and found your excellent work!   8)

I didn't have the time to test and read it all, but from what I can see, you made a big effort.
I hope you enjoyed it. Chapeau & thank you for sharing!

When I started experimenting with Stunnel and HFS about 2.5 years ago with the aim to get a plug & play SSL-HFS on a pendrive, it was just a "hobby" to see whether it was achievable or not.
When it worked, I just put my findings into an essay. I'd never thought, that this would get so much interest.

But finally, "From small acorns to big oaks grow". Thank you again (and the rest of the gang who are still here) for helping thisto  grow.

Best regards,
~gees~

In remembrance "The web was made for sharing ..."
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: rejetto on October 06, 2009, 06:39:01 PM
nice to see you gees :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on October 10, 2009, 04:09:58 PM
Hi ~gees~ :)

Nice to see you there, I finally can thanks you 'in person' :D if I can say so !

My goals were similars to yours before falling on your tutorial about HFS & SSL, and then it became a hunt to propose something 'automatic'. Your tutorial was so close from this, I had to do it !
At first, I do everything in batch files, the same thing I propose here but in textual mode.

When done (really fast with your tutorial), I said to myself that I'd finally done nothing distribuable to the neophyte (they hate command prompt ^^). And I began searching for a GUI maker and fall on Autoit.
From this point I decided to make what you can see, a simple GUI with no configuration except IPs, and the possibility to change options for those whose know what they do.

I agree with you, the fun part is how it grows, from your tuto, to a simple GUI that only execute your tutorial, to this configurable thing :)


Well, thanks for your thanks, it warms heart, and thanks again for your 'indirect' help, it throws me into the right direction at first, that was quite good as I didn't need to search a lot around (your tutorial, OpenSSL & Stunnel docs to afine).

It only misses some feed-back to eradicate potentials bugs, but well, as one says, no news : good news ^^

Not sure about the best regards thing, but well, really watching at your tutorial closely doesn't make me the best :fufu:
Hum ! Just kidding ;)

Bonne continuation !
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: AvvA on October 17, 2009, 09:57:29 PM
Just a little hello there to tell you that I've just fixed the server that helps in checking if the port is open and that gives the external IP, sorry for the inconvenience.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI
Post by: ElSid on December 14, 2009, 07:25:27 PM
AvvA,
Busy and have not been able to go forward with this.  I am in the process of downloading "shfs_051_kunta.exe".  Thank you for the work :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: ninjapimp on February 15, 2010, 07:35:04 PM
  File Not Found!
when i go to download from those deposit file, mega upload and what nbot on the link
they all say   File Not Found!

does anyone have this file that i can downlaod from as the download link is now broken
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: rejetto on February 16, 2010, 04:17:38 PM
i just emailed the author
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: SilentPliz on June 05, 2010, 09:31:48 AM

Done ... AvvA has handed the files online.


@AvvA

Merci à toi !  8)
Il commençait à avoir de la demande. Cela m'évitera quelques longs posts pour expliquer l'installation manuelle du couple HFS/Stunnel. ;)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on June 08, 2010, 01:34:18 PM
Sorry for that, now it shouldn't be a problem anymore, at least I hope so...  ;D

Ah oups ! Si j'avais su que c'était 'on purpose', j'aurais prévenu :)
Je recevais les alertes mais pas le contenu du message qui la provoque, je viens de le modifier dans mon profil pour recevoir le contenu maintenant ^^.
J'ai aussi fait le changement d'url sur le sujet français la dernière fois.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: a_rat on July 31, 2010, 02:15:19 PM
Greetings AvvA,
I just had to stop and tell you of my experiance with all this.
I have been using HFS since ver 2.2f (maybe earlier - but that is as far back as my archive goes),
AND I LOVE IT.
About a month ago i decided i need more security, SSL for instance.
(which Rejetto, would be an AWESOME addition to HFS, hint hint)
So - I was ready to ditch the nice, friendly HFS for TinySSL(also good, but not quite what i wanted), but then i found your AvvA's post AvvA

While i was downloading sHFS_051_KUNTA.exe from the first post, i noticed the second, and thought - i should try and do this with up to date software. so  i went out and got all the bits (some links are down - it was a hunt) at latest edition.
followed post 2, run confmakr, and blam - one https hfs ready to go, no sweat, no tears

This is almost unheard of - im no dunce at the computer thing, but im no hacker either -
AvvA, My hat off to you, and a low bow.

As an offtopic side note, to follow the trend, i went out and found a personal SMTP mail server by Argo, I grabed the free version, it works in with everything, and causesno conflict so far, i made theaddress, and used it to register here (panic not, im keeping the addy for a long time)


P.S. Rejetto, Well done. an exelant job. Thankyou. To you also - Hats off and low bowing.


Edited by SilentPliz for remove the bad "Glow effect"  :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: a_rat on July 31, 2010, 02:28:02 PM
ew - i wont make the mistake of using the "glow" effect again
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: SilentPliz on July 31, 2010, 03:54:29 PM
Welcome ! :)

ew - i wont make the mistake of using the "glow" effect again

Corrected !  ;)

infos: you can by clicking on the preview button, see the aspect of your message before post it, and you can modify yourself your message, by clicking on the modify button.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on August 01, 2010, 07:36:42 PM
...
followed post 2, run confmakr, and blam - one https hfs ready to go, no sweat, no tears

This is almost unheard of - im no dunce at the computer thing, but im no hacker either -
...
Thank you, that's really nice to read, as I find myself addle-brained I'm happy to see It's not so critical ^^.
Hey SilentPliz, please, let me glow a bit ;D ! (no, don't search, just a sally ^^")

I'm also happy to hear that the newest versions of OpenSSL and Stunnel work with my thing, I put a tag on my todo-list in order to give computer's dunces an opportunity to use sHFS with them. I don' really know when, as I'm working on something else, and as I've got to see if there were changes between versions I use and latest ones (check if all commands I use are still valid, and which new things are in), but that will be done.

Ah yes, I went thru all links again, and perhaps I miss some because I didn't found any dead link, can you tell me which ones didn't work for you ?

Finally, thanks again for your experience return, it's always pleasant to read that I've done something useable and hopefully usefull.


By the way, once again the server I use to check opened port seems to be down, I'll fix it in the next release. In the mean time, you can use the one into HFS, or this one : http://corz.org/probe .
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on August 18, 2010, 02:23:57 PM
v0.666 BLTN (Better Late Than Never ^^)

Quote from: Changelog v0.666
Modifications :
- change location of random.rnd file,
- generate a new random.rnd file each time Stunnel is launched,
- force Stunnel to use this random file first.
- rename Stunnel configurations files created in order to avoid conflict when manually blind-upgrading Stunnel.

- update from Stunnel 4.27 to 4.33
- update from OpenSSL 0.9.8k to 1.0.0a
- update from HFS 2.3 #242 to 2.3 #266

- check changes between theses versions and modify logic accordingly.

Bug hunting :
- Now ticking 'enable HTTP' in the 'local network' box works like it always should have.
- Some small corrections to languages files.

Rendez-vous at the first post (http://www.rejetto.com/forum/index.php/topic,7100.0.html) of this topic to catch links to this version and its sources :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: chthonic on September 22, 2010, 05:09:27 PM
upon extraction: Comodo Internet Security fired off an alert stating the hfs266EN.exe file contains a trojan.

trojware.win32.trojan.agent.~kyc@124249897

the french version of the file didn't have any problems.

this "might" have to do with rejetto's previous posting about hfs being listed as a virus... and my software is just reacting to the file black list.

I manually replaced it with the 270 file and modified the version in the config files

AvvA, I am not not sure what is going on with "your" version of 266, but the one I had installed originally from rejetto didn't set off this alert.

I am making this post to let you know that it did happen.

rejetto: I have that file quarantined. I can zip it with the extension changed and send it to you, so that you can take a look yourself. Just let me know?
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: Mars on September 22, 2010, 09:44:29 PM
The best would be that kept silent exchange of antivirus  ;D :D
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on September 23, 2010, 02:21:49 PM
Here are some results :

on the site :
http://www.virustotal.com/url-scan/report.html?id=1d93c87a12ac0cd30d75f6a086589824-1285243449

On the global archive file :
http://www.virustotal.com/file-scan/report.html?id=c8f962a5b65f1267326377dcdc73a4edd127852e8862a52fea9645b5530f6ee5-1285250716

And on the hfs166EN.exe :
http://www.virustotal.com/file-scan/report.html?id=02848148477a0de6fa48662562ecf3dad6c8fd142e76959e2ddf5d3abf5118bb-1285251082

I recommand you try virustotal.com when you've got this kind of alert. This will show you the same thing as comodo at the right line, and a bunch of others anti-malwares. This is really more accurate than only one anti-virus claiming an unknown program is a virus ^^.
You can see there that some anti-malware claim it's a false alert and the big majority find nothing malicious.

I think comodo just don't have this file's definition up to date, and the fact that hfs.exe's purpose is to serve files may be troublesome when not knowing the executable...


I also submit again my hard disk files just to be sure I haven't any virus at the source, but the result are the same for my file on hard drive, the file on my server, and the file from rejetto (hfs #266). Are you sure that you submit the last 266 from rejetto ? I can find different result with 2.2f version (stable version accessible on the internet HFS's site), but the sam thing with rejetto's #266's file...
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: chthonic on September 23, 2010, 05:13:46 PM
yes. comodo has an auto submit feature.

when I got my original 266 from rejetto, comodo  "did not" give a virus alert.

the alert went off when I was extracting the files from your current SHFS package. the hfs266en.exe was the only file that gave an alert...

I have have submitted every beta build of hfs to comodo. the security package does that on prompt and you can always set it for auto submit. so I know comodo has the latest file versions.

comodo has a particular way of marking false alert files and virus files. it's not hard to determine which is which once you get used to it. it also has an option to notify them separately of false alerts and actual virus files.

Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on September 26, 2010, 06:37:38 PM
This is time waste to me... but...

#266 : http://www.rejetto.com/forum/index.php/topic,8981.0.html

virustotal analyse : http://www.virustotal.com/file-scan/report.html?id=02848148477a0de6fa48662562ecf3dad6c8fd142e76959e2ddf5d3abf5118bb-1285525456

As you can see, the md5, sha1 and sha256 of the files HFS266.exe from rejetto.com and HFS266en.exe from my server are the same, this explicitely means the files are the same.
So, naturally, alerts are the same.

So, if comodo doesn't give you the same alert on the 2 files, I guess you'd better look for an other anti-virus program, this one doesn't seem to be really accurate...

Please, before saying again that you're blindly confident in comodo and that what you think you've scanned in the past was #266, just look at the results from my previous post and those from this one, think about it, and then react.

Thanks.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: Mars on September 26, 2010, 09:24:08 PM
@chthonic
I give you two compilation of the version 266 for a complementary analysis of this version with the anti-virus program.
The difference of size comes essentially from libraries used in not compressed mode,

This version (1958Ko not compressed) is compressed with upx 3.07,
http://hfs.webhop.org/hfs266_upx307.exe

this one of rejetto (2152Ko not compressed) was compressed with the version upx 2.00. Here, it is the original version of rejetto but expanded and compressed with upx 3.07.
http://hfs.webhop.org/hfs266_rejetto_upx307.exe

 ;)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on September 26, 2010, 09:51:57 PM
oh sorry... of course, if there are several releases of the same build (but what for ?), it's possible to have differents results and sha1/256.

But my point is elsewhere : what would be my purpose with this project if I put viral things inside that would be automatically pointed as a virus ?

I just want to help people that don't know anything about network to be able to use HFS with a secure wrapped https connexion, nothing else...  :'(
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: Mars on September 26, 2010, 09:58:58 PM
MP to @AvvA
les deux versions que j'ai ajoutées ne sont là que pour compléter l'analyse virale engagée par notre ami, elles ne sont là que pour déterminer si l'erreur virale ne viendrait pas d'une ancienne bibliothèque delphi utilisée par rejetto. donc pas d'inquiétude.  ;)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: chthonic on September 26, 2010, 10:31:29 PM
I wasnt making an accusation, I was just alerting you of the "ODD" result.


this was the first time that Comodo ever gave that result on HFS.

this might mean there was a code string that resembled the trojan result I posted before.


this has been known to happen with other AV packages
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on September 26, 2010, 10:51:29 PM
Hum, yes, I guess I was hurt because I'm against those kind of acts (adding trojans, etc...).
So, well, please forgive me for the 'hard' answer, and let's start again ^^

Thanks about the warning, I have check again my local and distant files, and re-download rejetto's one to check I still have the same files.
The results tell me I'm right, I've got the sames files at local, distant and also the same as rejetto's ones.

Just for you to be able to confirm what I'm saying, I took #266 from there : http://www.rejetto.com/forum/index.php/topic,8981.0.html .


@SilentPliz : Oui ok, pas de souci ^^
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: chthonic on September 26, 2010, 11:23:38 PM
yes same source as my original copy... but was the compression level the same?  I am guessing it's because the file name might have been altered.. any single tiny change from the original signature would set off that kind of an alert.

the french version file set off no alerts at all. that is why I posted the results of the english version... because something was not right.  :P
************************

on another note, I like your configurator. very useful!

however  ;D , I use custom port settings in my router. and the HFS and the stunnel have 2 separate ports. One is the incoming port for connections and the Second port is the 'private' port the program is set for.

I would like to make a suggestion for the port settings in your program;

have an option for [default] values: port 80 for HFS and 443/80 for sTunnel

then an option for custom router values: incoming port/private-forwarded port (the one the software actually listens on behind the firewall); example: HFS 80/?? or vice versa and sTunnel is ??/?? with the default port of 443 forwarding to the private ACCEPT port of sTunnel which then links to the private CONNECT port that the HFS is actually using.

if you have a dynamic dns service... you can change the default port for regular web but you cant change it for web SSL which is 443

there is also a more effective certificate generation string for openSSL... the one used for your configurator shows the SSL traffic in sTunnel. but the web broswer doesnt recognize the certificate/site as SSL enabled, even though the address is changed to https://??.??
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on September 27, 2010, 02:42:49 PM
About the virus, perhaps changing the name makes comodo tilt, but it doesn't change the sha1/256 signature of the file, I mean that the actual 'my file' and the actual rejetto's #266 are the same, even with a different name :D

***

Thanks :)

About your suggestions, Im not sure I understood totally what you meaned, or its purpose, but let's try to answer. Feel free to correct me if I misunderstood ;)

Quote
have an option for [default] values: port 80 for HFS and 443/80 for sTunnel
I won't default HFS connect port to 80, it is the default HTTP port, I can't see a reason to assign this specific port between Stunnel and HFS.
443 is already the default listening port.
But, you can easily switch to advanced mode (icon in the top right corner of sHFS confmakr) and set it yourself if it's what you need ;)

Quote
then an option for custom router values: incoming port/private-forwarded port (the one the software actually listens on behind the firewall); example: HFS 80/?? or vice versa and sTunnel is ??/?? with the default port of 443 forwarding to the private ACCEPT port of sTunnel which then links to the private CONNECT port that the HFS is actually using.
This doesn't concern me as far as I know ^^
You must set a unique port between HFS and Stunnel, the only way to do so is to switch to advanced mode, if you don't, port 44300 is used, I use it only because it's usually a free port. you can't set a joker.

Now, set HFS-Stunnel link to port 80, Stunnel listening port to 443, and set your router to follow to Stunnel port 443 all requests made on port '??' you have choosen.

Quote
if you have a dynamic dns service... you can change the default port for regular web but you cant change it for web SSL which is 443
To me you're mismatching, your dynamic DNS service has to redirect requests to Stunnel listening port on your machine, it's on you to configure correctly your Dynamic DNS service.
Also, https adresses default to 443, it's useless to add port number.

On another hand, I won't do something about dynamic DNS services because each one has it's own way and application to manage its functions. This is why I just add a check box, that will indicate the fact to HFS, but you'll still have to configure it manually.

So in your example, https://dynamic.domain/hfs_stuffs/ have to redirect to https://your.computer/hfs_stuffs/, then Stunnel will take the request as https is on 443 port.
if you router redirect ?? port to 443 on your computer, just make your dynamic dns provider redirect to ?? on your router's IP.

Quote
... the one used for your configurator shows the SSL traffic in sTunnel. but the web broswer doesnt recognize the certificate/site as SSL enabled, even though the address is changed to https://??.??
SSL traffic showed in Stunnel can be modified with confmakr, again in advanced mode. You'll have to reduce the log level.

There is no way you'll self-make a certificate which will be approved automatically, I leave you with google to find out why ;)

Quote
there is also a more effective certificate generation string for openSSL...
Yeah ?
Can you show me, please ?
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on October 26, 2010, 10:32:18 AM
@lxp : yes, it should work on any NT+ Windows, this meaning that I'm not sure as I didn't test it on each and every Windows OS declination (ie : all server and family versions that I don't use).

@Chthonic : So, how does it works ? Does it ? Wasn't I too far from what you asked to me ?
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: chthonic on October 29, 2010, 04:30:11 PM
I did all that before you suggested it.. it still reacted the same way.. but it did not have an issue with build 267+
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on January 29, 2011, 10:50:07 PM
Hi :)

Quote from: v0.7 changelog
- random.rnd is now correctly re-created at each Stunnel/HFS start.
- small language change in order to use the correct HFS's EXE file depending on current Windows' language code (before only take good EXE on fr-fr and en-us, now will take the good one on all fr-?? systems).
- Added OpenSSL icon in 'about' tab and change the URL linked related to below changes.
- OpenSSL DLLs and EXE files are now taken from Stunnel mirrors, as DLLs are the exact same files as those supplied with Stunnel :
  - move VC++ files in stunnel folder,
  - delete openssl folder which contains openssl.exe and 3 cryptographic DLLs,
  - openssl.exe is now under stunnel folder.
It uses now the same DLLs to create the key with OpenSSL, and to use them with Stunnel (before, keys and certificates where create with slrproweb files and used with Stunnel crypto files).
I believe this should improve stability of HFS-Stunnel usage.
  
- update from Stunnel 4.33 to 4.35b1
- update from OpenSSL 1.0.0a to 1.0.0c
- update from HFS 2.3 #266 EN/FR to 2.3 #273a(FR) and 2.3 #273(EN)

As usually, I check each wikis, documentations and tuts before applying an update to this GUI, in order to verify if changes are needed in my source code. This time I found a well documented HFS-Stunnel thing on the HFS' wiki, that's nice, but I also notice that no reference to this GUI was there.

The first question coming to my head was "Why didn't he puts a link to this GUI ?",
"Is this too much of a mess ?",
"Is this a security-trust problem ?".

If someone have a clue on this, an idea on how I can enhance this GUI to better fits newbie usage, I'm all ears opened ^^'.


edit : last minute update without version change, it was about the random.rnd file (you can check if you've got the last version with MD5 checksums).
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: paul1149 on May 23, 2011, 11:00:02 PM
Thank you. You just saved me a bunch of work!

p.
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: AvvA on May 24, 2011, 10:41:15 AM
Thank you to make me aware of it. :)
Title: Re: Portable sHFS : HFS via Stunnel with configuration GUI [english]
Post by: bmartino1 on June 17, 2014, 02:17:19 AM
i tried to cover this as much as possible and have include a "pre" built portable version...

http://www.rejetto.com/forum/hfs-~-http-file-server/stunnel-and-hfs-(securing-your-hfs)/

download linke:
https://drive.google.com/file/d/0B9u5dgydfOEuOElRWFJIN1dUX00/edit?usp=sharing