littlebizzy / slickstack

Lightning-fast WordPress on Nginx
https://slickstack.io
GNU General Public License v3.0
642 stars 112 forks source link

ss-install fails on wget due to CloudFlare "403 Forbidden" error #139

Closed advwebin closed 2 years ago

advwebin commented 2 years ago

Hello,

Looking forward to trying slickslack. But my installation on DO and UpCloud fails with this error:

root@ubuntu-1cpu-2gb-sg-sin1:~# wget -O ss slick.fyi && bash ss --2022-01-21 12:39:57-- http://slick.fyi/ Resolving slick.fyi (slick.fyi)... 1.1.1.1 Connecting to slick.fyi (slick.fyi)|1.1.1.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2022-01-21 12:39:57 ERROR 403: Forbidden.

jessuppi commented 2 years ago

Thanks for reporting this @advwebin

It seems something in Cloudflare's system changed in the past 24 hours. We had been using the A record 1.1.1.1 for the shortcut domain slick.fyi for the past few years without issue, and with the proxy (orange cloud) disabled.

For some reason, that suddenly stopped working. I guess it makes sense, because CloudFlare wants that IP address to be used for DNS queries only and so all their features "should not work" if using that IP address.

After some research I found that CloudFlare recommends using the dummy IP address 192.0.2.1 instead if you are only using Cloudflare for the purpose of Page Rules (i.e. redirecting a domain).

Ref: https://community.cloudflare.com/t/proper-a-record-to-activate-page-rules/51529 Ref: https://community.cloudflare.com/t/using-page-rules-to-perform-redirects/55386

So we are now using that IP address instead, and have enabled the proxy (orange cloud) for slick.fyi now. To avoid any rate-limiting or anything we disabled pretty much all CloudFlare features including their Firewall...

The shortcut domain now also properly forwards HTTPS (SSL) requests too:

http://slick.fyi >> http://mirrors.slickstack.io/bash/ss-install.txt https://slick.fyi >> https://raw.githubusercontent.com/littlebizzy/slickstack/master/bash/ss-install.txt

I guess these changes were a long time coming, but should be good to go now for quite a long time hopefully.