30 June, 2016

Using 1Password on a Chromebook (aka How to use 1Password on a machine with no Dropbox client available)

(Update: 7 July, 2016: Step 5 is not required here!)

(Update #2: 7 July, 2016: Included zip archive of pre-built installation package)

(Update #3: 31 January, 2017: Updated Apache download link as requested by Apache Haus)

After a relatively recent update to Dropbox it has unfortunately meant that people who used to access 1PasswordAnywhere straight from the web interface via Dropbox can no longer do so.

Being a bit old fashioned and a big fan of the keyboard & mouse combo I’m not that big a fan of tablet computing so I have an Asus C300 Chromebook for my general day to day internet requirements. I’ve been using 1Password for about a year or so and have settled in well with it but the sudden loss of 1PasswordAnywhere meant that I was suddenly unable to access my 1Password vault from my Chromebook as there is no native Dropbox client for ChromeOS.

After a bit of thinking and reading over what a few other people have discussed on various sites and forums around the web I’ve settled on a particular method to make the 1PasswordAnywhere web interface available on my Chromebook again as well as on any machine that has a web browser, no Dropbox client needed. There are probably a million other different ways to solve the problem and I did work out two quite similar ways of doing it at first but this is just one way of skinning the proverbial cat that worked for me.

In a nutshell, my method consists of a simple webserver running on a machine with Dropbox installed and serves up the HTTPS aspect locally, rather than from Dropbox’s server.

My setup here is based on a Windows box running the official Dropbox client and Apache HTTPd v2.4.20.
Other OS and Web server combos are equally as satisfactory but I have chosen these for reasons I’ll explain later.

In the future I may build a simple tool to automate this setup process but until then, this is how you do it.

HOW IT’S DONE

This will suit most people with minimal skill or effort required. You will need a machine permanently (if required) connected to your network.
(For accessibility from the outside world a VPN Server is useful here.)
To set up, this box will in turn require:

  • A Windows-based OS
  • The Dropbox client
  • A basic web server (in this case, Apache HTTPd)
  • About 30-60 minutes of your time

(To save time, you can download a pre-built installation package here that uses Apache HTTPd v2.4.20 but if you fancy keeping your Apache up to date, learning something new or are not quite sure what’s going on, I’d recommend following the full guide below.)

Before you start, download the following:

  1. Dropbox Client (if not yet installed):  Link | Site
  2. Apache HTTPd for Windows (ApacheHaus build): Site
    At the time of writing this the latest version is v2.4.20 but with any luck future versions should also hopefully work fine.
    If you’re not sure which build you need (x86 vs x64), use x86.
  3. Microsoft Visual C++ 2015 Redistributable Package x86 | x64
    Again, if you’re not sure which you need, use x86.

What you need to do:

  1. If you haven’t already, install the Dropbox client on your machine and start syncing up the contents with your 1Password directory as normal to a sensible place. I use X:\Dropbox but the default may well be fine.
  2. Install the Visual C++ 2015 Redistributable Package. This will install libraries required for this build of the Apache HTTPd.
  3. Extract the downloaded Apache zipfile to somewhere sensible like C:\Apache
    I try to avoid the Program Files directories as these sometimes cause access issues with UAC.
    The zipfile may extract to give you content in C:\Apache\Apache24. You can leave it like this if you wish, or like me you have mild OCD and want to keep things tidy, you can just move all files out of the C:\Apache\Apache24 folder to C:\Apache.
  4. Once you have done the above, browse to the folder where you unzipped Apache to, open the conf directory and edit httpd.conf.
    1. Locate the line starting with Define SRVROOT and set this line to name the location of your Apache installation.Example:
      Define SRVROOT “/Apache”
    2. Locate the line stating Listen 80
      (This edit is kinda optional but a lot of machines have port 80 already reserved/used. This also adds a slight extra ‘security by obscurity’ factor. If you’re unsure, just do it.)
      Change the port number from 80 to 98.Example:
      Listen 98

      If you know what you are doing and know about port numbering feel free to use an alternative number. If you are unsure, stick with 98.

    3. Locate the line ServerName localhost:80 and change the 80 here to the number you’ve used above.Example:
      ServerName localhost:98

       

    4. Locate the line DirectoryIndex index.html and change index.html to 1Password.html 

      Example:
      DirectoryIndex 1Password.html 

    5. Save and close the file.
  5. Back in the conf directory, browse to the extra folder and edit httpd-ssl.conf.
    1. Locate the line stating Listen 443
      (As above, this edit is also kinda optional. If you’re unsure, just do it.)
      Change the port number from 443 to 99Example:
      Listen 99
    2. Locate the line <VirtualHost _default_:443> and change the 443 here to the number you’ve used above.
    3. Save and close the file.
  6. Back in the extra directory, edit httpd-ahssl.conf
    1. Locate the line stating Listen 443 https and change the 443 here to the number you’ve used above.Example:
      Listen 99 https

       

    2. Locate the line <VirtualHost _default_:443> and change the 443 here to the number you’ve used above.
    3. A couple of lines down, locate the line ServerName localhost:443 and change the 443 here to the number you’ve used above.
      Note: There may be two more lines referring to port 443 under other Virtual Host blocks. You can ignore these as they are not used.
    4. A few more lines down, locate the line DocumentRoot “${SRVROOT}/htdocs”.
      Change the value in the speechmarks to the path of your 1Password directory where you can find the file 1Password.html.Example:
      DocumentRoot “X:\Dropbox\1Password\1Password.agilekeychain”
    5. Locate the line <Directory “${SRVROOT}/htdocs”>.
      Change the value in the speechmarks to the path of your 1Password directory where you can find the file 1Password.html.Example:
      <Directory “X:\Dropbox\1Password\1Password.agilekeychain”>
    6. Save and close the file.
  7. To test that Apache opens successfully and that your 1Password directory can be seen by it, browse to the folder where you unzipped Apache to, open the bin directory and run httpd.exe.
    All being well you should be presented with a blank console window. (If you find the software immediately opens then closes again, run httpd.exe from a command prompt where you should see any error messages for you to troubleshoot with.)
  8. Open a browser on that same machine and go to http://127.0.0.1:98
    The first time you visit this URL you may need to wait a few seconds for it to load up.
    If Apache has started correctly you should be presented with an Apache Haus “It works” page.
  9. Now go to https://127.0.0.1:99
    Initially you will almost certainly be presented with some sort of message complaining that there is a problem with the site’s security certificate. At this stage this is perfectly normal! This is due to the fact that the SSL certificate is just a test cert supplied by Apache Haus and does not belong to any particular domain or URL. Providing you have installed this on a local private network that you own and/or trust, your connection is safe so you can accept the warning presented by your browser. While we’re talking private networks …

    Note:
    For the love of God/Alah/Flying Spaghetti Monster/Deity of choice, do NOT IN ANY circumstance install this setup on an externally-facing machine. This configuration is NOT designed to be facing the outside world, NOR is the 1PasswordAnywhere interface! If you HAVE done this on an externally-facing machine, STOP. Remove this Apache install.
    NOW.

    Phew.

    Right, if you’ve made it this far then you should be seeing your 1PasswordAnywhere interface presented and working.

    You’ll notice that Apache HTTPd is running and serving up your 1Password vault, albeit with an ugly, blank command window. To run Apache as a service (running it in the background with no terminal windows floating about) you’ll need to do the following.

  10. Bring the Apache command window into focus and press CTRL+C to gracefully close the instance.
    Once it has closed, open an Administrative command prompt window and navigate to the bin folder where you unzipped Apache to.Example:
    cd C:\Apache\bin

    To set the HTTPd to run as a service, run the command:
    httpd -k install -n “Apache 1PasswordAnywhere”
    Then to start it:
    httpd -k start -n “Apache 1PasswordAnywhere”

    You can use any name you like in place of “Apache 1PasswordAnywhere” but I’d suggest calling it something like the above so in a couple of years’ time when you come back to the server you’re not asking yourself “what the hell was that for again?”At this point if the service does not start look over any error messages given and check the previous steps in case you’ve made any mistakes.

  11. All being well, go back to your web browser and refresh the page at https://127.0.0.1:99.
    You should now be back in business.
  12. Get the ip address of your machine by using ipconfig at the command prompt or using the Windows GUI.
  13. Now finally, go to a web browser on another computer (in my case it’s my Chromebook) and replace the 127.0.0.1 in the URL above to your IP that you’ve just located.Example:
    https://192.168.0.100:99
  14. Voila. Finished.
  15. For future reference: To uninstall the service from Windows, use the same command as above replacing install with (you guessed it) uninstall. Once the service uninstall has been done, you can remove Apache completely, just delete the C:\Apache directory.

To answer a few expected questions:

“Why didn’t you use Linux?”
My server at home runs Windows for various reasons, so I based the guide on equipment I already had. However, as mentioned above, I did consider another way of setting up a system like this, based upon running a virtual machine using TurnKey Linux.

“Why did you use Apache HTTPd over Nginx?”
Nginx was great when I played about with it and also marginally slimmer but there is no proper native way of running it as a service. This was the single biggest reason why I did not use it here, other than that I’ve used Apache before.

“Why did you put 1PasswordAnywhere on HTTPS when it’s on a local network?”
Even though it’s running on your internal network there’s no downside to using HTTPS. For me that’s reason enough. I did however consider that internal networks even if not connected to the web can still be attacked from various angles (malware, viruses etc) so if there’s any chance that any plain traffic could be sniffed out or stolen, then having it over an HTTPS service can only be a good idea.

“Why did you put 1PasswordAnywhere on HTTPS when the certificate is broken?”
Even though the certificate is broken, the data is still being delivered encrypted. When the web browser complains about the certificate it’s because it’s not convinced that (a) the SSL cert belongs to that particular site and (b) that the certificate has been signed by a reputable authority. As this is a basic test certificate supplied by Apache Haus it will not match your site address. But then again, you installed the certificate yourself, straight from the Apache Haus installer, so you trust it.

… don’t you?

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.