Home Data Center Series: Talking about the options for building a personal blog website based on the current situation where the Internet was disconnected at home
This article was last updated 130 days ago. The information in this article may have developed or changed. If it is invalid, please leave a message in the comment section.

A brief account of the first time my account was disconnected from the Internet and locked

This story all started when China Telecom cut off my internet connection for two days last month. Around 10pm one night in mid-May, my broadband connection suddenly went offline. I thought it was just a common broadband failure, so I didn’t take it seriously. I called 10000 and reported the problem, then went to sleep.

The next morning, the telecom operation and maintenance engineer came to my house and after some inspection, he found that my broadband account was locked (the optical modem showed that LOT authentication failed but ITMS succeeded, which was the opposite of the LOT success and ITMS failure after I usually replaced the optical modem myself). After some communication with the backend support department, he told me that the account was directly locked by the Communications Administration Bureau and the telecom itself didn’t know about it.

I was speechless. The key point was that when I asked for the reason, the telecom company didn't know either. They just said that this matter was no longer under their jurisdiction. I was confident that I would not be caught in any way, because the previous article (Home Data Center Series Home Data Center IPv4/IPv6 Dual Stack Network Architecture and Application Access Process Optimization) I mentioned that I had completed the network upgrade in early March. All the domain names for inbound access requests were changed to the registered domain names, and even the emby access traffic was upgraded to https. I thought I had no weaknesses. The only one "wow.tangwudi.com" was the access domain name of my Trinitycore 3.3.5 World of Warcraft server, but that access was only based on IP, and the domain name was only used to resolve the IP, and that was only TCP, not http, so I didn't care.

When the Internet was disconnected for more than 40 hours and there was still no feedback from Telecom (probably I hadn't received any feedback from the Communications Administration), I filed a complaint with MIIT after I filed a complaint with number 10000 and got the complaint number (complaining that Telecom had disconnected my Internet connection without contacting me, and that it still didn't give me a reason for disconnecting the Internet after 40 hours), and I called number 10000 regularly to inquire about the progress according to normal procedures (in order to keep a record of the phone recording). After 60 hours of Internet disconnection, I finally got informal feedback from Telecom (it's called an informal notification because it was just sent to me by Telecom's operation and maintenance personnel using their own WeChat, not an official notice):

image.png

这理由真让我气得火冒三丈:wow.tangwudi.com是魔兽服务器的地址,8443是爱快路由器默认的远程管理地址,我近1年根本就没用过这域名来进行http(s)类型的访问,也没有从广域网访问过爱快的远程管理端口,更别说用"wow.tangwudi.com"来访问爱快的8443端口。最大可能的原因是电信(或者某些部门)进行dns包的监听,监测到了我的"wow.tangwudi.com"域名(爱快的动态域名功能会定时发送wan 口IP对应"wow.tangwudi.com"的更新包),接着以"wow.tangwudi.com"为目标进行端口扫描,扫到了8443端口,然后就把我封了…所以这完全可能是钓鱼执法!我一气之下又在互联网投诉平台投诉了电信!

There is not much to say about what happened next. Within 72 hours, someone from China Telecom contacted me, opened an internet connection for me, and offered to compensate me for one month's internet fee. I wanted to take the opportunity to request an upgrade to 2000 megabits while retaining the public IPv4 (it is now upgraded to 2000 megabits. If you originally had a public IPv4 address, it will most likely be lost after the upgrade, and the district-level leaders of China Telecom do not have the authority to change this). Later, I inquired around and found out that it was really unlikely, so I gave up in the end and withdrew the complaint after paying for one month's internet fee.


Now only the old telecom packages can retain the public IPv4 address. If you want an IPv4 public address with the new package, you can only buy it with money. The minimum consumption is 399 package + 100 service fee. Therefore, my 199 package (1000 Mbps downstream, 50 Mbps upstream) is already a discontinued package. You must not change it. If you change it, the IPv4 public address will be gone.


To sum up, if you have made sure that you have not made any mistakes, you can complain to the Ministry of Industry and Information Technology when you encounter such a situation, but you must grasp the point of the complaint (for example, I complained that the telecommunications company disconnected the network without prior notice, and the scope of the attack must be controlled). At present, although complaints to the Ministry of Industry and Information Technology are not as useful as before, they are still more or less useful. This complaint has accelerated the speed of my network recovery. Otherwise, I may have to wait 1-2 days to receive the rectification notice, and then another 1-2 days for the network to be restored.

Looking back now, on April 17, multi-dialing was stopped, leaving only single dialing, which may have marked the beginning of this crackdown. Multi-dialing was restored around May 20, which may have meant the end of the crackdown. During this month, I don't know how many users with public IP addresses had their remote management ports on routers and remote access ports on NAS disconnected from the Internet for rectification. At least I heard from the operation and maintenance engineers that "many" had their accounts temporarily blocked.

From February to now, I feel that the inbound http(s) requests for home broadband with public network addresses are being checked more and more strictly. If the domain name is not registered, such as some free domain names, it is recommended not to use them, otherwise you will be uncomfortably banned from the Internet for 3-5 days (this time I was forced to buy a 4g CPE router for emergency use).

However, this network outage also had its benefits. It made me completely sure that China Telecom currently uses a method to detect unregistered domain names. I guess other operators are similar and quite low-end. It is probably a sampling of incoming http(s) traffic: for http type plain text, the domain name is directly checked, and then compared with the registered domain name database; if it is https, the domain name is extracted using the sni method obtained during the ssl handshake, and then compared with the registered domain name database. Because it is a sampling, it may not be able to detect inbound access to unregistered domain names with small traffic. So, for example, I didn’t find the domain name and port that I had forgotten until May (it may have been scanned out, otherwise it might not have been found). Therefore, the article I wrote in February (Home Data Center Series Home Broadband Site Building Considerations with Public IP) is completely suitable for friends who want to use home broadband to build a website in the future (regardless of whether there is a public IPv4 address or not).


Attach the complaint address of the Ministry of Industry and Information Technology and the complaint address of the Internet information platform. Please note that you must first file a complaint with the operator and obtain a complaint number before filing a complaint with the Ministry of Industry and Information Technology.

Complaint address of the Ministry of Industry and Information Technology:https://yhssglxt.miit.gov.cn/web/userAppeal/
Internet Information Service Complaint Platform Address:https://hlwtsxt.miit.gov.cn/#/complaint/default


The necessity of domain name registration now, now, at present

If your home broadband has a public IP address (ipv4 or ipv6) and you want to use your home broadband to build a website for domestic users, you may have to file a record now, especially for websites that mainly target domestic users. Because you have to use domestic CDN, you can't skip the filing step. In addition, the operators are now strictly checking, and the public network return traffic from CDN to the source station inside the home network must use the registered domain name. Even if you only access your home router, NAS or other devices through the public IP, you still have to use the registered domain name. This is the current reality.

Fortunately, it is not a big deal to file a personal record. I have included the precautions in the article:The series of tricks and tricks analyzes the implementation principle of the Ministry of Industry and Information Technology's filing system from a technical perspectiveI have already talked about it in the article (some sensitive parts are hidden, but I have put out all the precautions for filing), you can take a look if you need it. In short, it is better to file a domain name individually. The registered domain name is equivalent to a whitelist in China, which is actually very useful. However, not all domain names can be filed. First of all, there are requirements for the supplier who purchases the domain name, and secondly, a filing authorization code is required. The easiest way for individuals to obtain this code is to purchase a cloud server from a cloud supplier, and then they will be given this code. You can search the Internet for the specific method, which cannot be explained clearly in a few words.

Choice of blog building method mainly for domestic use

Why do I want to talk about this? Because I often see people asking this question on Zhihu, and then there are a lot of people recommending various dynamic and static framework solutions, selling cloud hosts, and selling virtual hosts. In fact, although there are indeed many technical options for building a blog, in China today, there is actually no choice.

Generally speaking, blogs can be divided into dynamic and static types (for the specific differences, please refer to the article:Home data center series uses hexo to build a static blog and deploy it to cloudflare pages, I won’t say more here), the representative of dynamic blogs is WordPress. Generally, newcomers who don’t understand code are actually recommended to use this, because WordPress supports full-text search and comments by default, which is very friendly to blogs, and it is also very convenient to expand functions through various plug-ins. However, the Communications Administration requires that personal blogs cannot have a comment function, saying that this is a forum function~~ and individuals cannot build forums. If you don’t want the comment function, is it worth the effort to learn and use WordPress just for a full-text search function? Therefore, if you use a registered domain name to build a personal blog for domestic visitors, it is recommended not to use WordPress. It can be said that in China, personal blogs based on WordPress are dead.

Well, if you don't use the dynamic blog method, you can only choose the static blog method. There are actually quite a few options. Among them, hexo is the most used. However, although static blogs do not require the use of a database, they do require the deployment of the required environment in the hosting provider's space. At present, I have searched for a good and free solution in China, but I have not found it. The current review of Gitech is so abnormal that I have seen too many bloggers report that their articles have been harmonized or cannot be reviewed. Tencent's cloud development seems to be possible, but it charges a fee, so I can't try it. I think domestic cloud suppliers should have corresponding solutions, but they may all charge a fee, so I am too lazy to study it. Anyway, it is definitely possible, but it costs money, and we have to face increasingly strict reviews in the future.

Change your thinking. If you have already purchased a cloud host because you need to register, then make full use of this cloud host, build the hexo environment directly on it, and then accelerate it through domestic CDN manufacturers. This solution is feasible. The only bad thing is that the CDN method can not prevent many attacks. HTTP flood attacks can be prevented, but it is achieved by consuming normal CDN traffic. You know, I was attacked for a few hours one day and 2T of traffic was hit~~~~ (For details, please refer to my articles about ddos attacks. Of course, you can set a CDN traffic limit, but when the CDN reaches the threshold and stops, the website's external access is also cut off). This method of directly using domestic CDN + domestic cloud host to build a website is very vulnerable to various attacks. Of course, if the cloud host performance is strong enough, some attack filtering can be achieved by deploying a waf solution, but it is expensive.

There is another way, which is the "real home data center" solution I advocate (this method of cooperating with domestic CDN requires a public IP address on the home broadband). To put it bluntly, just find an existing device at home and use it, including a NAS that supports Docker. As long as it can support the environment of Docker deployment, you can do anything. If the performance of the device is sufficient, you can deploy free web application firewalls, free load balancing devices, etc. in front of the blog through containers. With the acceleration of domestic CDN manufacturers, you can still fight. Of course, the rich can also directly buy security services from cloud providers, such as WAF and DDoS protection. The only disadvantage is that it is very expensive. Now Tencent's newly launched edge one seems to be possible (similar to cloudflare's edge network integration solution), but one host name costs 9 yuan a month, which is not expensive, but it is not cheap either. You can try it.


Note: Why didn't I mention Cloudflare above? Because this is mainly for domestic use, Cloudflare is not really suitable, and Cloudflare still has a certain learning cost. Although you can also point the third-level domain name of the registered domain name to Cloudflare for traffic cleaning through a custom host name, if you want to get a better access experience (preferred IP, etc.), you have to spend money, so it's better to just use domestic CDN, after all, CDN traffic is cheap.


The choice of blog building method with a global perspective

If the access users are not limited to the country but are global, then CloudFlare's solution can be adopted.

Using this method, you don’t need to register a domain name, nor do you have to buy a cloud server (if you don’t want to deploy it at home, you need to buy a cloud server, after all, the software always needs a place to install), and your home broadband does not need a public IP address (tunnel method). You can use either dynamic or static blogs (dynamic blogs are the main focus here, because static blogs do not need to be deployed locally, they can be deployed directly on the cloud, and there are too many hosting providers abroad that can be used for free and support static blog frameworks). Ordinary users do not need to pay (because there is a free plan). You only need to have a device at home that can deploy a docker environment, and the cost is less than 1 kWh of electricity per day (provided that you have a device that can be turned on 24 hours a day at home. Of course, if you don’t need the website to provide services 24 hours a day, you can turn it off and on at any time~).


Note: If you choose this solution, it is very suitable for newcomers who do not understand code to use the WordPress dynamic blog solution (the construction method can refer to this article:Docker series uses Docker to set up a blog slave site based on WordPress and implement regular backup of master-slave site configuration): Supports comments, full-text search, and extended functionality through a variety of plug-ins, etc. There are a lot of tutorials online. The official website of the White House in the United States uses WordPress.


Of course, this approach also has disadvantages: by default, domestic users' access will be slow (needs to be optimized, which is another round of learning and trouble); although CloudFlare is simple (as I see it now), it still requires a certain learning cost for novices: you need to learn a lot of basic concepts, which is especially unpleasant for some friends who get a headache when they see professional concepts; you need at least one device at home that can support the Docker deployment environment (although any idle laptop or NAS that supports Docker will do, not every family has an idle laptop and a NAS that supports Docker).

But in general, this method has more advantages than disadvantages, especially in the current severe network situation. How much trouble can be saved by spending a little money (1 kWh of electricity per month)? So I believe that more and more friends will choose this method in the future. My home data center solution is based on this judgment. In the future, I will also write a series of tutorials on cloudflare (I wanted to write it a long time ago, but I always felt that I didn’t understand it deeply enough, and a new demand would emerge after a while, so I had to learn it again, so I haven’t started writing it yet).

Is it still necessary to create a personal blog?

At present, if you only want to attract traffic and realize monetization, you don’t need to consider personal blogging at all. It is far better to directly use platforms with a large user base such as WeChat public accounts, Zhihu, CSDN, and Blog Garden. After all, the SEO of these sites is very good, and your articles can be easily searched by search engines. If you build a blog yourself, no matter how well you write your articles, if SEO is not done well, it will be difficult for them to be included in search engines. Those who still insist on writing personal blogs are definitely not for money, and they even have to spend money.

So is it still necessary to set up a personal blog? On the contrary, I think it is necessary, especially for an independent personal blog that is not dependent on the domestic environment. Here, you can be free from those messy rules, you can speak freely (within a certain range), you don’t have to worry about being deleted at will, it can be your spiritual sustenance, and you can leave your own unique traces on the Internet. However, these benefits have nothing to do with money, they are all spiritual gains (you can refer to my other article:The significance of personal blogs today, from the birth of my blog).

However, setting up a personal blog is not suitable for everyone, because it requires long-term persistence, which is difficult in itself, such as losing weight (I haven’t done it myself~~), not to mention that you often need to generate power for love. Many friends start personal blogs because they see other people’s cool personal blog websites and want to have their own. Then they study various blog frameworks and technologies, constantly switch from one framework to another, sometimes static, sometimes dynamic, and finally the blog content is all about teaching how to build a blog. This kind of blog can be found everywhere, and it’s not that it’s bad, but it always feels a bit upside down.

A personal blog is just a carrier that carries your beliefs, your life, your learning and growth records. Therefore, content and persistence should be its essence. The carrier itself is not that important. No matter what carrier you use, how many blogs will still be updated after 5 or 10 years?

Thoughts

In fact, I only started learning how to build a personal blog in August last year (and I am still learning and exploring), so I am not qualified to preach... But now I have felt the various benefits of having an independent personal blog (spiritually), and I understand the feelings of those bloggers who have persisted for many years. At the same time, I also hope to have more like-minded people, so I want to use this article to tell those friends who still want to build a personal blog what solutions they should choose in the current actual environment, different needs and scenarios, and I also hope that these friends can take fewer detours.

The content of the blog is original. Please indicate the source when reprinting! For more blog articles, you can go toSitemapUnderstand. The RSS address of the blog is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.

Comments

  1. 0x06 0x00
    Windows Edge 125.0.0.0
    7 months ago
    2024-6-09 11:59:13

    The reason you were disconnected by the operator is because you used home broadband to build a website. It has nothing to do with whether your domain name is registered or not. The laws of mainland China stipulate that home broadband cannot set up web services.

    • Owner
      0x06 0x00
      iPhone Chrome 125.0.6422.80
      7 months ago
      2024-6-09 12:08:07

      In theory, it is true, but in reality, the operator has always turned a blind eye to this matter. Moreover, I already have many sites, and those have all been changed to registered domain names, including emby's streaming media. The operator notified me once in February, but that time they made a mistake, but they also mentioned the issue of unregistered domain names. Now the crackdown is on unregistered domain names. The unregistered domain name that was blocked is the only one that I have not used much and I have even forgotten it.

  2. Windows Edge 125.0.0.0
    7 months ago
    2024-6-06 22:55:31

    I feel that the significance of public IP is actually not important for China. Ports other than 80443 will also be detected. It is better to directly penetrate the domestic cloud server through the intranet. The risk of directly connecting to the IP is too great.

    • Owner
      Netizen Xiao Song
      Macintosh Chrome 125.0.0.0
      7 months ago
      2024-6-06 23:27:51

      Yes, it is meaningless for ordinary people. Although the method of intranet penetration + cloud server reverse generation is possible (I also have an article about this), it is not efficient (unless you really don’t have a public IP or you have a public IP but don’t want to register it. But since you have a cloud server, it is easy to register it). In general, the technical threshold for home broadband with a public IP to directly build a website in China has indeed been greatly increased. At present, as long as you have a registered domain name and it is best to add https, it doesn’t matter, but the threshold is high. Who would buy a cloud server for registration?

Send Comment Edit Comment


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
Emoticons
Emoji
Little Dinosaur
flower!
Previous
Next
       

This site has disabled the right mouse button and various shortcut keys. The code block content can be copied directly by clicking the copy button in the upper right corner

en_US