Site's hosting

See room for improvement? Tell us about it! And if you encounter a problem with the board, please let us know.
Post Reply
Randall
Posts: 1616
Joined: Wed Nov 18, 2015 9:15 am
Species: Funambulus palmarum (Squirrel)
Region: Gauteng

Site's hosting

#1

Post by Randall »

The site has been giving issues tonight. I was unable to connect to the site.

It fails on the TLS/SSL handshake... It was an intermittent problem.

This is an appeal to the owner to please consider moving this site to local hosting. Not only will it be cheaper, but if there's a problem like this, I can fix it within 20 minutes because I can apply necessary pressure.
I have no problem paying for the hosting either.

The benefits are there, the risk is virtually zero.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Site's hosting

#2

Post by Rakuen Growlithe »

It got fixed with no need for you. There wouldn't have been a difference if it were hosted somewhere else.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
Randall
Posts: 1616
Joined: Wed Nov 18, 2015 9:15 am
Species: Funambulus palmarum (Squirrel)
Region: Gauteng

Re: Site's hosting

#3

Post by Randall »

Yes there would have been a difference. The site wouldn't be down or malfunctioning for a start.
There is an issue in the US at the moment, several big websites are down in case you haven't noticed.

There is no need to construe this as criticism. My other sites have far less downtime, surely there I must be doing something correctly.
The site needs to keep going, its important to what I am trying to achieve at this time.

Yes, in 2003 it was a good idea to host overseas. Its no longer like that. Furthermore, I have concerns about the rights to privacy of every user on this forum. With it being in the US, it means the NSA can ingest (and probably has) everything on this forum. At least in South Africa, its a tad bit harder.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Site's hosting

#4

Post by Rakuen Growlithe »

The site is not hosted in the US.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Sev
Superbike Snow Leopard
Posts: 6596
Joined: Thu Mar 06, 2014 9:27 pm
Gender: Male
Sexual preference: Gay
Species: Snow Leopard
Region: Western Cape
Location: A Twisty Road

Re: Site's hosting

#5

Post by Sev »

It's hosted in some or another European country, because we also have to follow that country's laws.
Randall
Posts: 1616
Joined: Wed Nov 18, 2015 9:15 am
Species: Funambulus palmarum (Squirrel)
Region: Gauteng

Re: Site's hosting

#6

Post by Randall »

I decided to check, its hosted in some Czech backwater.
I would like to know what makes that place so special... is it an issue around cost, or is someone taking the FPB seriously.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Site's hosting

#7

Post by Rakuen Growlithe »

Still wrong, but you're getting closer. In any case, so far every assumption made has been incorrect, so there is nothing constructive being contributed here. I'm locking this thread.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Site's hosting

#8

Post by Valerion »

The site is hosted in Switzerland, actually, on hostpoint.ch. And due to various reasons it is cheaper to host there than it is to host here, at least in the short term. In the medium term I am in discussion with some parties about our hosting future, but that will be something that I will still see if it bears fruit.
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Site's hosting

#9

Post by Valerion »

Right ... I figured out the issue with the site's certificate, and it's a hosting/SSL provider issue.

In short, the host enabled OCSP stapling on their HTTPS side. OCSP is a way to check for SSL certificate revocations, but it also means that there's a higher load on the revocation servers. OCSP stapling allows the web server to make a certificate validity assertion without the client having to connect to the revocation server. The server gets the proof from the revocation server, and if it can't provide it, the client will connect to the revocation server itself.

However, what happens if the revocation server is offline/too busy? The normal behavior for clients is to "fail open" - i.e. assume the certificate is valid. Firefox has now implemented OCSP stapling, and made the default behavior "fail closed" - i.e. if a stapled OCSP certificate can't be obtained AND the OCSP server is down, then assume the certificate is invalid and stop connecting.

Chrome and IE/Edge does not yet have OCSP stapling support, and doesn't have this behavior. This means only Firefox users are affected.

So, in short, the SSL provider chosen by the host (GeoTrust) has an OCSP server issue, and when their servers go down the connection fails. I will take it up with the host right now.

I have disabled the HTTPS rewrite in the short term, so if the SSL connection fails, you can use HTTP now.
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Site's hosting

#10

Post by Valerion »

This is fascinatingly strange. I thought the certificate has a Must-Staple attribute added in, but I can't find it. Now Firefox's behaviour makes no sense at all. The only thing I can say for sure right now is that I am not sure why Firefox is behaving this way. In any event, I have unlocked this thread.
User avatar
Sev
Superbike Snow Leopard
Posts: 6596
Joined: Thu Mar 06, 2014 9:27 pm
Gender: Male
Sexual preference: Gay
Species: Snow Leopard
Region: Western Cape
Location: A Twisty Road

Re: Site's hosting

#11

Post by Sev »

Wow, now I understand how people feel when I talk about my work.

Why is it that the site is so often unable to connect for me these days?
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Site's hosting

#12

Post by Valerion »

I've only seen it being down twice, once on Saturday and once tonight. In both cases it was a Firefox-only issue.
User avatar
Sev
Superbike Snow Leopard
Posts: 6596
Joined: Thu Mar 06, 2014 9:27 pm
Gender: Male
Sexual preference: Gay
Species: Snow Leopard
Region: Western Cape
Location: A Twisty Road

Re: Site's hosting

#13

Post by Sev »

I'm using Chrome, and there have been several occasions were I have been unable to connect for a few minutes.
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Site's hosting

#14

Post by Valerion »

Right ... I have now activated and tested CloudFlare as a front-end to the forum. This will now use a different SSL Provider and hopefully the SSL issues is now something of the past. Let's see how things work out, using this as a temporary measure.

The SSL certificate is now issued by Comodo and not GeoTrust.
Post Reply