this blog is used to introduce some cloud services.

Domain

cloud service company:namecheap

namecheap’s domain is cheap($1)

Introduce

Domain name is the alias of IP,which allows users to better remember the name of website.

Top-level Domains(First-level Domain):can be divided into three categories.

Generic Top-level Domain:.com/.net/.gov/.org/.edu etc

Country-code Top-level Domain:.cn/.tw/.hk/.jp/.ca (means domain is registed in this country)

New Generic Top-level Domain:.book/.online

Second-level Domain(main Domain):xxx.com (we usually buy this type of domain)

Third-level Domain etc.

From the perspectve of the users,com,etc,can be regarded as a domain name suffix,so the second-level domain name will be regarded as a first-level domain name.

Converter

In this part,i will introduce the converter dns server, which convert domain to a ip.

Generally,our domain name service provider is our DNS service provider.If we want to access another server,we must use another server’s ip(address).So if we want the domain name to take effect,we must ask the DNS server to convert the domain name to ip.

CNAME is used when the domain is redirect,and A is used when domain is pointed at ip.

host(Domain remove the part of second-level domain)’s value:@(space), *(any),www,xx.yy etc

github static page only supports @ and www.When you use github static page,I suggest you to use cname record,because ip address may changed in the future.

If there is no www in dns parse,dns server will automatically point to the default record(some dns server like Tencent cloud don’t do that,namecheap do that).This default record generally refers to @ record(main domain).

TTL refers to the cache time recorded in DNS.After this time,this recorde will invalid in dns server,until dns server complete query.Therefore,if the TTL smaller,there will be a lot of time during the query time,and only part of time can truely analyze dns record.If the TTL bigger,dns record will update slowly.

parsing,some government will notify the DNS service provider to remove this DNS analysis.This registeration is essentially a website registeration and needs to go through three steps:service provide’s registeration=>governement(online department)’s registeration=>government(local police department)’s registeration.The purpose of all this is to strengthen the supervision of the website and prevent fraud website ‘s appearing.Most country don’t need to registered like that.

About DNS,I will introduce the network management and control of some countries.How to achieve these network control? Delete or redirect these domains on DNS server.But if we need to access some govenment controled website,what should we do? use vpn(connect a proxy server in other country where can use dns parsing for these website).

We can use the number of qualified website blocked by each country to measure the strictness of each country’s newwork control.

When we were in the domain service provider to buy domain name,domain service provider need to register from ICANN.

SSL

Https Introduce:

https://drive.google.com/file/d/1EY96SrxV6QQ-wkSlntPIAoYK1om-k0dV/view?usp=share_link

https://drive.google.com/file/d/1601F0MJO2aTeqdm_1ZYY2sAIP-EczU6A/view?usp=share_link

https://drive.google.com/file/d/1f6UtufmMaS9Je8Tu9ugOpzGW8H2wP5a6/view?usp=share_link

cloud service company:Let’s Encrypt

Linux systems: https://drive.google.com/file/d/1f6UtufmMaS9Je8Tu9ugOpzGW8H2wP5a6/view?usp=share_link

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
SHELL
# download nesseary packages 
# you can change python2-certbot-nginx to python3-certbot-nginx
yum -y install certbot python2-certbot-nginx 
# regist/login encrypt website and verify domain's ownership(two methods) 
# if the above step is okay,then generate certificate files(only 90 days).
# first method:use dns,add a specify content file in dns server(not suggest,because when you want to automatically renew certificate,you must update the txt file in dns server,it's a little difficult)
# --manual means manually verified domain name,because it is necessary to modify the records in DNS server
certbot certonly --manual --preferred-challenges dns --email mail -d example.com
# second method:use standalone
# --standalone means that certbot will start a temporary web server(default port 80) outside your web server to automatically verify your domain ownership and request a new SSL certificate after the varification
certbot certonly --standalone --email mail -d domain.com
# ssl certificate will download in /etc/letsencrypt
# will automaticly create softlinks in /etc/letsencrypt/live/Domain,in this content,there are four important files:privkey.pem(privite key),fullchain.pem(complete certificate,include cert.pem and chain.pem),chain.pem(root certificate and intermediate certificate,not include server certificate),cert.pem(server certificate) 
#In these four files,we will use privkey.pem and fullchain.pem in server software 

# update the certificate
# after updating the server,you need to rerun the server
certbot renew --standalone --http-01-port 8080 --manual-cleanup-hook "docker stop nginx" --deploy-hook "docker restart nginx"

# set time task(use package crontab),automatically update the certificate
0 0 1 * * certbot renew --standalone --http-01-port 8080 --manual-cleanup-hook "docker stop nginx" --deploy-hook "docker restart nginx"

# crontab introduce
# edit crontab's task file
crontab -e
# list crontab's task 
crontab -l
# show crontab's log
cat /var/log/cron

Host

cloud service company:namecheap,aws,azure

Remote connection tool(have both ssh and ftp):FinalShell

Object Storage

cloud service company:blackblaze,imgur(only provide picture storage)

backblaze

This website is designed very simply, and its response speed is moderate, not very fast (it takes a few minutes for the content to display on the website after uploading

backblaze provide cheap storage services for us.Next picture shows the free plan.

image-20231005150310456

backblaze provide s3 and friendly url for us,we can use picgo to upload image to backblaze(use s3 URL),use cloudflare to crypto the friendly url.

CDN

Cloudflare

use cloudflare to crypto the friendly url

Cloudflare is a CDN (Content Delivery Network) service provider (other CDN providers include jsDelivr). It automatically offers DDoS (Distributed Denial of Service) protection, and it provides free and unlimited bandwidth. You can read more about their policies here: https://www.cloudflare.com/zh-cn/plans/

Cloudflare’s Bandwidth Alliance (details can be found here: https://www.cloudflare.com/zh-cn/bandwidth-alliance/) offers completely free traffic from bandwidth partners to Cloudflare.

By layering Cloudflare over Backblaze, you only need to focus on the number of origin fetches and the amount of data transfer from Backblaze. This approach significantly reduces the number of fetches and data transfer compared to accessing Backblaze directly. Additionally, considering the free source fetch policy of the Bandwidth Alliance, it can significantly lower costs.

1,Add Domain

After adding the domain, you need to specify the DNS servers (provided by Cloudflare) at the DNS service provider’s end.

Regarding domain names, it’s important to note that having a second-level domain is sufficient. The official website can directly use “www” and an empty third-level domain, while images can use “image,” and so on. This simplifies management and saves costs.

2,Add SSL Strategy

Use the Full (Strict) SSL mode and leverage Cloudflare’s built-in SSL features.

Notes:

a. Cloudflare accesses the upstream server (Backblaze) via pure HTTP, not HTTPS.

b. However, Backblaze only supports secure HTTPS connections, causing HTTP requests to fail.

c. To address this issue, in the Cloudflare dashboard under the “SSL/TLS” section, change the encryption mode from “Flexible” to “Full (Strict)” so that Cloudflare connects to Backblaze via HTTPS, requiring a CA-issued certificate (utilizing Cloudflare’s built-in SSL certificate for free).

3,Add Domain Mapping Transformation Strategy

When pointing to a storage bucket, it’s essential not to expose the bucket’s name. For example, using Backblaze, it’s easy for others to discover the source URL from the origin header and potentially engage in unauthorized usage.

Important Note: DNS resolution can point to domain names and IPs without the need for ownership verification,

4,Remove Backblaze-Related Information from Response Headers

image-20231004103351961

5,Add Page Caching (Set Cache Time and Cached Content)

image-20231004132507864

It’s important to note that when configuring whole-page caching, you only need to specify it like this: “liamgrant.online/*.” This matches both HTTP and HTTPS, as well as all paths under this domain and its subdomains.

Important Note: Cloudflare’s caching doesn’t synchronize your content across all nodes simultaneously. Typically, it caches content where it’s needed (based on physical locations). If you’re using a VPN with dynamic IP addresses, it may prevent consistent cache hits due to constantly changing physical locations.

API

message:twilio