#17890 closed task (fixed)

Separate the meek bridge backing paid CDNs from the one we tell the general public to use

Reported by: dcf Owned by: dcf
Priority: High Milestone:
Component: Obfuscation/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


In source code and examples, we recommend https://meek.bamsoftware.com/ (port 443) for use by the general public. But that's also the backing bridge for meek-azure, and it's rate-limited to reduce costs.

We should split it into two bridges (e.g. running on different ports). Rate-limit the one behind the paid CDN, because that's the expensive one. Make the other one unlimited (if someone else is paying the CDN fees, they can use all the bandwidth they want).

This will enable more people to use the default meek-azure at the same speed, while enabling people who set up their own to go fast.

Child Tickets

Change History (2)

comment:1 Changed 17 months ago by dcf

My plan is to change our paid CDN configuration to point to


which will hold the current bridge and its current fingerprint. Then establish a new bridge at

https://meek.bamsoftware.com/ (port 443)

with a new fingerprint that will be the unlimited one.

This way all the users who go through our CDN will get the rate-limited service, while others who set up their own CDN will get the faster service. The only thing that might go wrong is if someone is currently using port 443 and has hardcoded a bridge fingerprint.

The Azure CDN doesn't let you change the CDN origin without issuing a support request. I sent a message to get that started.

comment:2 Changed 16 months ago by dcf

  • Resolution set to fixed
  • Status changed from new to closed

This is done. Here is the rate-limited bridge backing the paid CDN (same identity key as before):


Here is the new unlimited bridge for others to use with their own CDN setup (different identity key):


Note: See TracTickets for help on using tickets.