aboutsummaryrefslogtreecommitdiff
path: root/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html54
1 files changed, 0 insertions, 54 deletions
diff --git a/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html b/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html
deleted file mode 100644
index 9f87bab9..00000000
--- a/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html
+++ /dev/null
@@ -1,54 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8"/>
-<meta content="pandoc" name="generator"/>
-<meta content="Zhiming Wang" name="author"/>
-<meta content="2016-09-01T20:11:00+08:00" name="date"/>
-<title>This blog is now behind CloudFlare</title>
-<link href="/img/apple-touch-icon-152.png" rel="apple-touch-icon-precomposed"/>
-<meta content="#FFFFFF" name="msapplication-TileColor"/>
-<meta content="/img/favicon-144.png" name="msapplication-TileImage"/>
-<meta content="width=device-width, initial-scale=1" name="viewport"/>
-<link href="/css/normalize.min.css" media="all" rel="stylesheet" type="text/css"/>
-<link href="/css/theme.css" media="all" rel="stylesheet" type="text/css"/>
-</head>
-<body>
-<div id="archival-notice">This blog has been archived.<br/>Visit my home page at <a href="https://zhimingwang.org">zhimingwang.org</a>.</div>
-<nav class="nav">
-<a class="nav-icon" href="/" title="Home"><!--blog icon--></a>
-<a class="nav-title" href="/"><!--blog title--></a>
-<a class="nav-author" href="https://github.com/zmwangx" target="_blank"><!--blog author--></a>
-</nav>
-<article class="content">
-<header class="article-header">
-<h1 class="article-title">This blog is now behind CloudFlare</h1>
-<div class="article-metadata">
-<time class="article-timestamp" datetime="2016-09-01T20:11:00+08:00">September 1, 2016</time>
-</div>
-</header>
-<p>Back in July I registered the domain <a href="http://zhimingwang.org">zhimingwang.org</a> and pointed this GitHub Pages-powered blog at it. Since then I have lost the HTTPS badge due to GitHub Pages not supporting HTTPS on custom domains (see <a href="https://github.com/isaacs/github/issues/156">isaacs/github#156</a>).</p>
-<p>There have been a lot of discussions on isaacs/github#156 (and stupid <a href="/blog/2016-01-18-me-too-comments-on-github.html">+1's</a> too). Among the proposed solutions is putting the website behind CloudFlare. I carefully investigated <a href="https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/">this option</a> and read almost all the arguments against it. I fully understand CloudFlare's SSL models (summarized in the image below), and I do realize most if not all of the limitations of CloudFlare, including CloudFlare being a huge MITM (which is inevitable for a CDN anyway), as well as most if not all of its annoyances, including CAPTCHAs which I myself would occasionally run into when I'm browsing with PIA VPN, and JavaScript-based browser checks.</p>
-<div class="figure">
-<a href="/img/20160901-cloudflare-ssl-modes.png" target="_blank"><img alt="CloudFlare's SSL modes. I use the Full SSL mode so that both ends of the connection are encrypted. Again, I know CloudFlare is a big MITM and could be a high profile target. Credit: CloudFlare." src="/img/20160901-cloudflare-ssl-modes.png" width="500"/></a>
-<p class="caption">CloudFlare's SSL modes. I use the Full SSL mode so that both ends of the connection are encrypted. Again, I know CloudFlare is a big MITM and could be a high profile target. Credit: <a href="https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/">CloudFlare</a>.</p>
-</div>
-<p>After careful evaluation, I decided that CloudFlare's SSL model is good enough for me. After all, this is just a damn blog, with nothing sensitive. TLS is still nice because it guards against prying eyes and unethical ad-injecting ISPs or Wi-Fi hotspots, but other than that, it isn't necessary.</p>
-<p>End result: this blog is now behind CloudFlare. Readers should now see that green HTTPS badge again (note that I'm enforcing HTTPS — without HSTS though). As for CAPTCHAs, I have adjusted the firewall settings on CloudFlare's dashboard — "Security Level" to "Essentially Off" and "Challenge Passage" to 1 year, so hopefully it won't be too annoying.<a class="footnoteRef" href="#fn1" id="fnref1"><sup>1</sup></a></p>
-<p><strong>09/01/2016 Update.</strong> I just realized that <a href="https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-">CloudFlare supports whitelisting Tor traffic</a>. Did that.</p>
-<div class="footnotes">
-<hr/>
-<ol>
-<li id="fn1"><p>I don't use Tor, and don't intend to raise Big Brother's suspicion by using it, so I have no idea of the actual Tor experience.<a class="footnotes-backlink" href="#fnref1">↩ī¸Ž</a></p></li>
-</ol>
-</div>
-</article>
-<hr class="content-separator"/>
-<footer class="footer">
-<span class="rfooter">
-<a class="rss-icon" href="/rss.xml" target="_blank" title="RSS feed"><!--RSS feed icon--></a><a class="atom-icon" href="/atom.xml" target="_blank" title="Atom feed"><!--Atom feed icon--></a><a class="cc-icon" href="https://creativecommons.org/licenses/by/4.0/" target="_blank" title="Released under the Creative Commons Attribution 4.0 International license."><!--CC icon--></a>
-<a href="https://github.com/zmwangx" target="_blank">Zhiming Wang</a>
-</span>
-</footer>
-</body>
-</html>