AbhyudayaSharma
commented
2 years ago It looks like this is the reason for the block.
Closed AbhyudayaSharma closed 2 years ago
AbhyudayaSharma
commented
2 years ago It looks like this is the reason for the block.
abhi1693
commented
2 years ago @AbhyudayaSharma It's not completely blocked. It works sometimes, check this. It's an intermittent issue but happens alot.
arm4b
commented
2 years ago Thanks for more info and research, https://github.com/captn3m0/hello-cloudflare/blob/main/README.md is really helpful to understand the root cause better.
I thought that some IPs were blocked by the authorities in India which were associated with the blacklisted websites, belonging to CloudFlare network and pointing to the random Edge servers. Hence sometimes Exchange works sometimes it's not per https://github.com/StackStorm-Exchange/index/issues/26 report. But if it's relevant to content-based blocking, let's see if this helps.
I'm also going through https://gist.github.com/zbeekman/ac6eeb41ea7980f410959b13416d74c9 and playing with the GH pages HTTPS settings as there were some issues before configuring HTTPS with github pages.
arm4b
commented
2 years ago I could set up SSL for GH Pages (exchange.stackstorm.org and index.stackstorm.org) and set CloudFlare SSL to Full, so it should be secure along the entire chain + from Github Pages.
Before:
Now:
However, per https://gist.github.com/zbeekman/ac6eeb41ea7980f410959b13416d74c9, we might have an issue in 1 year when Github tries to renew its certificate and it'll fail because of the CF proxy. We'll see.
@abhi1693 @AbhyudayaSharma Please check if you still got these issues with the StackStorm Exchange being blocked and report back.
AbhyudayaSharma
commented
2 years ago @armab Thanks for the fix. It looks to be working now.
However, per https://gist.github.com/zbeekman/ac6eeb41ea7980f410959b13416d74c9, we might have an issue in 1 year when Github tries to renew its certificate and it'll fail because of the CF proxy. We'll see.
You could remove Cloudflare entirely and serve directly from GitHub pages now that TLS is enabled. If I remember correctly, they use Fastly so there should not be much difference in performance.
arm4b
commented
2 years ago We can't remove CloudFlare due to some CF functionality we depend on for Exchange to work properly.
arm4b
commented
2 years ago Anyway, sounds like it's fixed now. Thanks for the report and pointers.
Closing as solved. Please re-open if the issue appears again.
Sorry if this is the wrong place to post this issue but StackStorm exchange seems to be blocked in India. The served site even has a valid TLS certificate issued by Cloudflare.