Opened 5 years ago

Closed 5 years ago

#17890 closed task (fixed)

Separate the meek bridge backing paid CDNs from the one we tell the general public to use

Reported by: dcf Owned by: dcf
Priority: High Milestone:
Component: Circumvention/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


In source code and examples, we recommend (port 443) for use by the general public. But that's also the backing bridge for meek-azure, and it's rate-limited to reduce costs.

We should split it into two bridges (e.g. running on different ports). Rate-limit the one behind the paid CDN, because that's the expensive one. Make the other one unlimited (if someone else is paying the CDN fees, they can use all the bandwidth they want).

This will enable more people to use the default meek-azure at the same speed, while enabling people who set up their own to go fast.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by dcf

My plan is to change our paid CDN configuration to point to

which will hold the current bridge and its current fingerprint. Then establish a new bridge at (port 443)

with a new fingerprint that will be the unlimited one.

This way all the users who go through our CDN will get the rate-limited service, while others who set up their own CDN will get the faster service. The only thing that might go wrong is if someone is currently using port 443 and has hardcoded a bridge fingerprint.

The Azure CDN doesn't let you change the CDN origin without issuing a support request. I sent a message to get that started.

comment:2 Changed 5 years ago by dcf

Resolution: fixed
Status: newclosed

This is done. Here is the rate-limited bridge backing the paid CDN (same identity key as before):

Here is the new unlimited bridge for others to use with their own CDN setup (different identity key):

Note: See TracTickets for help on using tickets.