Contents
1 Introduction
这篇文章是我很久以前就想写的,只不过里面涉及到的知识点实在是太多,最关键很多点是技术之外的内容,比如工信部备案系统(下文统一简称为备案系统)内部运行的逻辑、组成的角色以及各个角色以及之间的关系、被”wall”的标准等等。虽然本文是从技术角度来写,但是逻辑流程图却包含了上述一些内容,没法避开。而我以前啥都不懂(现在也好不了多少),对建网站唯一知道的知识就是:”需要一个”index.html”,可以通过下载免费模板获得”,所以网站备案对我来说是个没有实感的概念,知道它的宏观目的,但是具体到微观实现上就是一头雾水了。
至于为什么我一直想写这篇文章,最直接的原因应该是作为专业技术人的职业习惯,类似于单位上班时因为有上网行为管理而看不了在线视频时候的反应:”怎么看不了?怎么实现的?xxxxx?”,只不过现在变成了”不备案就没法建站”这个问题。一般遇到这种情况,我都习惯写一个方案来理清思路,只不过写方案一般开篇就是”项目简介”以及”现有问题梳理”的部分,可是我连项目都没有,更别说遇到什么现有问题了,怎么办?
本着”有困难要上、没有困难创造困难也要上”的精神,好巧不巧我刚好正为”以前没记录折腾的过程而导致每次都要重新研究”而烦恼,所以”搭建个人博客”这个项目立项了。而博客搭建起来之后要在国内用443端口发布,按正常逻辑就要涉及到备案了,这不就对接上了嘛。本着”将欲取之,必先与之”、”舍不得孩子套不住狼”、”佛陀割肉喂鹰”等精神,我选择了肉身入局:进行个人备案(当然,也有少量原因是当时不知道cloudflare)。
2 “备案系统”的技术本质
3 “备案系统”是如何发挥作用的?
4 如何高效的完成个人备案
备案从管理角度来看的本质是什么?一句话总结:”域名和备案人绑定死,这个域名下的网站要是犯了事,直接就抓备案人。”,说白了就是域名的”法人代表”。
The current filing system now implements a three-level architecture: the MIIT system, the provincial communications administration system, and the access supplier enterprise-side filing system. According to regulations, when users file, they must submit filing information through the access supplier enterprise-side system, and then transmit relevant information to the provincial and ministerial systems through the enterprise-side system (after the filing review is passed, the provincial and ministerial systems will also feed back data from the enterprise-side system based on the same principle, so why it takes several working days to file now is because of this process). The access suppliers we are most familiar with are Alibaba Cloud and Tencent Cloud.
If you want to file a record as an individual, the simplest and most efficient steps are as follows:
1、选择一个接入供应商,购买一台便宜的云服务器(新人首年99的选择很多),这主要是为了获得”备案授权码”(这是腾讯叫法,阿里叫”备案服务码”):
不管名字叫什么码,这一步的本意是圈定你网站所在的位置,有个规定是”备案域名当前解析的IP地址为接入服务商的大陆境内节点服务器IP”,这样便于后续监管,不过嘛,因为CDN这个技术,这个规定名存实亡:目前只要域名备了案,就可以随意选择任何一家国内CDN厂商提供的CDN服务~,所以目前还没人因为”解析IP不是域名备案时的服务器IP”而被处理过。
2. Use the filing system provided by the access provider to file
To be honest, it is very convenient to register with this solution, because you have already purchased the server of the access supplier, have the registration authorization code (or other codes), and there is not much information to fill in. The most painful thing is to name the website. You are not allowed to use words with clear references, such as blogs, clothing, movies, etc., so I ended up with a very strange name that makes people have no idea what your website is:
The photo for record must meet the following requirements:
If you already have a registered domain name under your personal account, when you need to register another domain name, you need to ensure that all the www websites of the previously registered domain names can be opened and comply with the precautions mentioned in the next section, otherwise:
However, there are also advantages. When you don't understand something, there will be someone to serve you (either by phone or online) and teach you step by step. Isn't this better than going out and spending a lot of money to find someone to register you?
After completing the information submission, someone from the supplier registration department will call you. After confirmation, they will submit it to the provincial communications administration bureau and start the process we mentioned earlier.
Note: Under normal circumstances, the filing will definitely be approved. After all, it is called filing. It is just a record to make it easier to catch you if you commit a crime in the future.
5 备案后的日常注意事项
如我前面所说,备案主要是绑定域名对应的”法人代表”,只是留个底,其实没太多的限制,而日常对这些域名的定期常规检查是交给了接入供应商的相关部门来做的,包括以下几个检测事项:
1. Can the website corresponding to the www host name be opened normally?
以域名是”example.com”为例,需要保证定期检查的时候,http(s)://www.example.com能够正常打开,这是为了防止”占着茅坑不拉屎”的恶劣行为,毕竟备案域名可是能在国内正常访问的白名单,可马虎不得。
How to deal with it: Be open-minded and don't make it difficult for the inspectors. Just make a page, point the parsing result of www to it, and then ensure that this page can always be accessed (otherwise why would I write this article:The home data center series uses Tencent Cloud COS+CDN to achieve cost-effective static page hosting (domain name registration required)? ).
2. Display specifications for pages corresponding to www
a. Label display name
Simply put, the display name of the web page label is the same as the website name filled in when filing, as follows:
Because I didn't know anything at the time, the girl who called me said there was a problem with the display name of the label, but I didn't know what it meant. She also said that the girl was unprofessional, which made her very anxious. Later I realized that it was my own comprehension that was problematic.
b. The registration number at the bottom is displayed
The registration number needs to be displayed in the center at the bottom of the page and must be a link pointing to
https://beian.miit.gov.cn, it should be able to be opened directly by clicking.
3. IP address of www page resolution
As we said before, although this resolved IP theoretically needs to point to the server IP address associated with the registration authorization code (or any other code), it can actually be changed by using the services of any domestic CDN supplier, so the requirements are not that strict. However, it is limited to the IPs of domestic CDN manufacturers. For example, when I started to directly resolve to cloudflare, the patrol girl notified me to make corrections within a limited time. So, we should be honest and at least use a domestic CDN. As for the source station pointing, it is not that strict. I used to point directly to nginx in my home data center (I also tried to point to cloudflare, but later felt it was not appropriate, so I changed it to point to my home). It was only a few days ago that I pointed the CDN directly to Tencent Cloud's COS.
Note: Only the pages corresponding to www must have the registration number written on them. Websites corresponding to other third-level domain names are normally not managed by anyone, at least not within the scope of routine inspections by inspection personnel. However, you should still try to keep a low profile, such as if you have already registered.
6 备案完成后,云服务器到期是否需要续费?
Let me first state the conclusion: theoretically, no. The essence of purchasing a cloud server is to obtain a filing authorization code (or some other code) to fulfill the prerequisite for successful filing from the access supplier. Once the filing is successful, it is normally useless (mainly because the resolution IP must be the access supplier server IP, which is not effective), so as long as the filing number www page can pass the daily inspection, it will be fine (otherwise why would I writeThe home data center series uses Tencent Cloud COS+CDN to achieve cost-effective static page hosting (domain name registration required)This article? It is to prepare for not renewing Tencent Cloud Lightweight Server in the future. After all, 29.77 a year is much cheaper than renewing the cheapest Tencent Cloud Lightweight Server. In this way, even if I want to check the expiration of the server associated with the registered authorization code, I may be given a break if I see that my source site is pointing to my own COS).
However, I don’t know if there will be stricter and more abnormal regulations in the future. For example, when a registered domain name uses CDN, the source site must point to the server IP at the time of registration. If there is such a regulation, then the cloud server really needs to be renewed.
7 某域名下的网站有问题如何处理?(大问题)
大概流程如下:
1、先看域名是否备案,如果没备案,直接跳到第4步;如果备案了,则让备案所在接入供应商的人电话联系你进行整改。如果备案时提供的电话联系不上,那么进入到第2步。
2、让接入供应商在它的能力范围内直接暂停你的接入服务,比如你使用了阿里云的DNS解析服务、CDN服务、还买了阿里云的服务器,统统给你停了。如果发现你的网站还是可以访问,那么进入第3步。
3、能进入这一步,说明你的解析和CDN都不在你的接入供应商(脚踏两只船?),比如你虽然在阿里云备的案,但是却用的其他不知道哪家的DNS解析和CDN,这个时候就要看提供DNS解析的机构是否可控了,比如在国内的就好说,如果不是国内的,又不听话的,就麻烦了,只能进入第4步。
4、到了这一步,说明至少DNS解析机构不可控(一般都是国外的),那么就看域名注册商(不过国外很多这两者是同一个),如果也不好搞,就联系域名管理机构,如果也不好搞(比如.io域名,国内的域名服务器都买不到),那就只能进入第5步。
5、光荣进驻被”wall”黑名单。
8 后话
终于写完了,这篇文章搞得我好累,从构思、入局、尝试、各种学习到最后写完,前前后后起码花了我8个月的时间,不过终于把整个过程基本梳理清楚了,强迫症终于可以放下心中的一块巨石。
现在,我的.com域名已经托管在cloudflare上,而网站都是基于cloudflare搭建,以前的备案域名已经完成了其历史使命,处于闲置保号中了,不过用来让别人访问家里的emby还是很不错的,毕竟也是白名单中的域名,也是有正编身份的,刚好现在电信开始清理针对家庭宽带中,未备案域名的入向http(s)的访问,我的备案域名还是能派上用场的。
Note: Due to my limited knowledge and lack of understanding of the implementation details in many fields, many of the conclusions in the article are based on the situations I encountered during use and some speculations based on the knowledge I know, so they may not be accurate enough. If there are any errors, you are welcome to leave a message to correct them.
