A General Solution for Publishing Web-Based Services Hosted Overseas in China

Background

Solution

Example haproxy.conf

listen HTTPS
bind 0.0.0.0:443
mode tcp
server us-nginx <nginx private IP>

Example nginx.conf (“Server” Section Only)

server {
listen 443;
server_name example.cn;
ssl on;
root html;
index index.html;
ssl_certificate cert/example.cn.pem;
ssl_certificate_key cert/example.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://example.com/;
sub_filter_types *;
sub_filter https://example.com https://example.cn;
sub_filter_once off;
proxy_set_header Accept-Encoding "";
}
}

Adding DCDN to the Picture

Unified Entry Point

geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
$geoip2_data_country_code country iso_code;
}
map $geoip2_date_country_code $geo_sub_domain {
default www.example.com;
CN example.cn;
}
server {
server_name example.com
www.example.com
example.cn;
if ($closest_server != $host) {
rewrite ^ $scheme://$geo_sub_domain$request_uri break;
}
...
}

Further Considerations

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store