Changes between Version 263 and Version 264 of doc/meek

Apr 30, 2018, 5:48:24 PM (20 months ago)

Update Azure instructions.


  • doc/meek

    v263 v264  
    165165=== Microsoft Azure ===
    167 {{{
    168 $ wget -q -O - --header 'Host:'
     167<small>This section last updated 2018-04-30</small>
     170$ wget -q -O - --header 'Host:'
    169171I’m just a happy little web server.
    172 Azure is a cloud computing platform with a [ CDN].
    174 [ Pricing] is $0.12 to $0.19 per GB (depending on geographical region), getting less for higher volumes.
    176 Their wildcard HTTPS domain seems to be * might be a good front. I've also seen [ HTTPS Everywhere rules for]. All these fronting commands work:
    177 {{{
    178 wget
    179 wget --no-check-certificate --header 'Host:'
    180 wget --header 'Host:'
    181 wget --no-check-certificate --header 'Host:'
    182 wget --header 'Host:'
    183 }}}
     174Azure is a cloud computing platform with a [ CDN]. The CDN services are actually provided by Verizon or Akamai.
     176[ Pricing] is $0.09 to $0.25 per GB (depending on geographical region), getting less for higher volumes.
     178When you choose to use the Verizon CDN, you get a domain of the form ''subdomain'', where you get to choose ''subdomain''. Formerly, you got an uncontrollable subdomain of might be a good front. I've also seen
     179 * [ HTTPS Everywhere rules for].
    184180List of fronting-capable Azure domains (2017-07-24):
    185181 * [ Finding Domain frontable Azure domains] ([ archive])
    186182 * [ known-good.txt] ([ archive])
    188 Microsoft is accepting research proposals. If the proposal is accepted, you get access to Azure including the CDN for a year.
    189  *
    190 There's also a 1-month trial.
    191  *
    193 Here's how to set up Azure.
    194 Log in at
    195 From the main screen, click New→App Services→CDN→Quick Create.
    196 Under "Origin Type" select "Custom Origin"
    197 and then enter the URL to the meek-server host in the "Origin URL" box.
    198 Click "Create".
    199 Once the CDN endpoint is created, click on it and click "Enable HTTPS" at the bottom.
    200 It really does take about an hour before it starts working.
    201 Now you have an az''######'' domain name that points to meek-server
    202 and you can front to it with any other Azure CDN domain such as
    204 [[Image(azure-setup.png)]]
     184Here's how to set up Azure.[[Image(azure-setup.png, 120px, right)]]
     185 * Log in at
     186 * Click "All services" in the sidebar, type "cdn" in the search box, and select "CDN profiles".
     187 * Click "+ Add" to create a CDN profile. (You only have to do this the first time you create an endpoint.)
     188   * Name: doesn't matter.
     189   * Resource group: "Create new" or "Use existing" doesn't matter, I think it's just an accounting thing.
     190   * Resouce group location: doesn't matter, only controls "where the metadata associated with the CDN profile will reside".
     191   * Pricing tier: Standard Verizon. Standard Akamai may work too, haven't tried it.
     192 * Select the CDN profile and click "+ Endpoint".
     193   * Name: doesn't matter; this will become your subdomain.
     194   * Origin type: Custom origin.
     195   * Origin hostname: the domain name of your meek-server bridge.
     196   * Origin path: ''blank''
     197   * Origin host header: same as origin hostname.
     198   * Uncheck HTTP, check HTTPS.
     199   * Optimized for: General web delivery.
     201After about an hour, the CDN will start forwarding. However, you will get "502 Bad Gateway" errors because by default, the Azure CDN [ does not use TLS SNI towards the origin]. You have to ask them to enable it. (They expect you to have a one-hostname-per-IP-address setup that doesn't require SNI.) meek-server's built-in Let's Encrypt support (`--acme-hostnames`) requires SNI. Your options are to get a certificate manually and use the `--cert` and `--key` options; or to open a support request and ask them to enable SNI, which takes about one week.