captn3m0
commented
2 years ago Initial Report via Twitter: https://twitter.com/geekodour/status/1478963440412626946
Closed captn3m0 closed 2 years ago
captn3m0
commented
2 years ago Initial Report via Twitter: https://twitter.com/geekodour/status/1478963440412626946
ghost
commented
2 years ago @captn3m0 This may take a while. None of currently active Termux maintainers can change domain configuration of termux.com.
@fornwall
agnostic-apollo
commented
2 years ago Can you try visiting https://termux.github.io now. I have disabled termux.github.io redirection to termux.com with c902873f and 300cc091.
captn3m0
commented
2 years ago Yeah, that seems to work :+1:
You should delete the termux.com DNS record pointing to GitHub pages to avoid someone else from taking over the website. Alternatively, verifying the domain against the organization should also work
agnostic-apollo
commented
2 years ago Thanks, that's great. But can you try again after clearing site cache or in private mode. We shifted to https://termux.org with be76ecb1.
Grimler91
commented
2 years ago https://termux.github.io should continue to work as well, but official links everywhere will point to termux.org.
agnostic-apollo
commented
2 years ago Github will auto redirect to termux.org due to cname config.
Grimler91
commented
2 years ago Ah, you are right. Hmm, lets see if I can fix the https settings (to have strict ssl) and thereby solve this issue
Grimler91
commented
2 years ago Should be enabled now. @captn3m0 does https://termux.org work?
agnostic-apollo
commented
2 years ago Trying to go to http://termux.org is forcing it to go to https://termux.org, so at least its working. But toogle in setting to enforce https is still not working, maybe delete and re-add again.
captn3m0
commented
2 years ago Seems good to be, but can you confirm the setting on the Cloudflare side for termux.org? Does it have strict SSL enabled or Flexible?
Grimler91
commented
2 years ago @captn3m0 I changed to strict SSL, but have changed back now to "full", as it broke https://packages-cf.termux.org/.
Need to investigate what's wrong with that SSL configuration before I can enable it again.
captn3m0
commented
2 years ago Full still mitigates against the block, as long as the HTTP -> HTTPS redirect works (which is currently happening). But that only works because the ISP in India doesn't block 3xx responses, so the redirect is still triggered (and subsequent HTTPS requests are allowed through).
agnostic-apollo
commented
2 years ago We temporarily enabled strict again, back to full now. If site is currently working, then you can go ahead and close the issue.
captn3m0
commented
2 years ago Full SSL (with a HTTP->HTTPS redirect) mitigates the issue. Closing.
What's the Issue: termux.com is blocked in India.
Why is this happening: https://github.com/captn3m0/hello-cloudflare/
How to Fix: https://github.com/captn3m0/hello-cloudflare/blob/main/README.md#help-my-website-is-blocked
Curl Log as Proof
curl https://termux.com -vvv * Rebuilt URL to: https://termux.com/ * Trying 172.67.175.23... * TCP_NODELAY set * Connected to termux.com (172.67.175.23) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Unknown (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Client hello (1): * TLSv1.3 (OUT), TLS Unknown, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Jun 28 00:00:00 2021 GMT * expire date: Jun 27 23:59:59 2022 GMT * subjectAltName: host "termux.com" matched cert's "termux.com" * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * Using Stream ID: 1 (easy handle 0x55ea9ed2a600) * TLSv1.3 (OUT), TLS Unknown, Unknown (23): > GET / HTTP/2 > Host: termux.com > User-Agent: curl/7.58.0 > Accept: */* > * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS Unknown, Unknown (23): * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * TLSv1.3 (IN), TLS Unknown, Unknown (23): * TLSv1.3 (IN), TLS Unknown, Unknown (23): < HTTP/2 200 < date: Fri, 07 Jan 2022 17:58:02 GMT < content-type: text/html < pragma: no-cache < cache-control: no-cache < cf-cache-status: DYNAMIC < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lHxMmG0XXkhfbkREMgHawd%2BvtbzG4CpW90fembQMhA2zxuce%2BFAkjmGs9vGfNEPKUiyna29%2B%2FmT3xWJ6GzQHlLOKFeaUL0f4%2FM3%2FG8YHATMTyYASxm0qMLmMXdJO"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < strict-transport-security: max-age=31536000; includeSubDomains; preload < x-content-type-options: nosniff < server: cloudflare < cf-ray: 6c9f1268acf31d2d-BLR < alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 < * TLSv1.3 (IN), TLS Unknown, Unknown (23): * Connection #0 to host termux.com left intactNote that this is blocked even over HTTPS.