*.proxy.ustclug.org 等服务无法访问，以及后续计划

[iBug]

更新 1：请看这里 #325 (comment)

---

大家好，今天我们在讨论群里看到有同学反馈 servers.ustclug.org 等服务无法访问，经查是我们位于日本的反代服务器昨晚（24 日）由于流量超限被关闭。该服务器反代了 ustclug.org 域名下的几乎所有 web 服务（含 *.proxy.ustclug.org），由于去年才发生过相同的事情，我们联系服务商后获得了升级并持续服务至今。

我们只是科大的一个在校学生社团，能力及资源有限，无法应对持续增长的校外用户量和服务压力，因此在 6 月 1 日服务器恢复运行后我们将对反代服务进行调整。感谢大家对 LUG @ USTC 的支持。

中国科学技术大学学生 Linux 用户协会
2020 年 5 月 25 日

[zhaofeng-shu33]

*.proxy.ustclug.org is planned to be closed?

[iBug]

*.proxy.ustclug.org is planned to be closed?

Maybe not completely closing all of them, but at least limiting bandwidth usage is on the schedule. The actual details will be discussed after we fetch the logs from the server (after it's restored in June, of course).

[ARunningPig]

I want to know why when the website is loading the url https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js , you will get a 307 code , then the website begin to ask for the url https://ajax.proxy.ustclug.org/ajax/libs/jquery/3.3.1/jquery.min.js .

what should I do to just visit the url https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js , rather than https://ajax.proxy.ustclug.org/ajax/libs/jquery/3.3.1/jquery.min.js ?

[iBug]

@ARunningPig Clear your browser cache.

[ARunningPig]

清除了缓存，但是还是报相同的错误。。。我在coursera上学习，出现这个问题后，直接就没法学习了，打不开...
Failed to load your application
Please return to https://www.coursera.org to re-launch your application.

[phy25]

@ARunningPig 请改用其它浏览器，如果其它浏览器正常，请检查安装的扩展。

[ARunningPig]

其他浏览器因为本身没梯子，所以根本就打不开 ajax.googleapis.com 这个网址，所以也打不开coursera的应用...

[zhsj]

@ARunningPig 307 is called "Internal Redirect", which means you have installed some weird(or malicious) extension on your browser to hijack the traffic. We have nothing can do for you in such situation. And we have no relation to the one using our service in a malicious software.

[Yexiaoxing]

其他浏览器因为本身没梯子，所以根本就打不开 ajax.googleapis.com 这个网址，所以也打不开coursera的应用...

有一些 extension 会“优化” Googleapis 请求，自己检查一下吧。

[ARunningPig]

谢谢大家 解决了
chrome插件ID：hgifnmdnlmhphhpfhpaoljpakcndhnhj 会使用*.proxy.ustclug.org

再次拜谢大家，已经折磨我一周多了...

[zzh1996]

@ARunningPig 307 is called "Internal Redirect", which means you have installed some weird(or malicious) extension on your browser to hijack the traffic. We have nothing can do for you in such situation. And we have no relation to the one using our service in a malicious software.

@zhsj I think it's improper and impolite for you, as a member of the LUG@USTC organization, to conclude that a user (who is asking politely) has installed some weird or malicious browser extension. Do you think that every computer with unexpected behavior has got some kind of virus or malicious software (or at least some software you don't like)?

[taoky]

@ARunningPig 307 is called "Internal Redirect", which means you have installed some weird(or malicious) extension on your browser to hijack the traffic. We have nothing can do for you in such situation. And we have no relation to the one using our service in a malicious software.

@zhsj I think it's improper and impolite for you, as a member of the LUG@USTC organization, to conclude that a user (who is asking politely) has installed some weird or malicious browser extension. Do you think that every computer with unexpected behavior has got some kind of virus or malicious software (or at least some software you don't like)?

我今天简单分析了一下日志，发现有很多很多 referer 为百度贴吧的请求访问了反代的 Google Fonts 字体文件。可能说 "malicious" 不太恰当，但是我访问了其中几个页面都没有任何对 Google Fonts 字体的引用，确实很奇怪。

现在我怀疑可能是某些浏览器扩展会在无关的页面上也访问字体反代服务。

[taoky]

@ARunningPig 307 is called "Internal Redirect", which means you have installed some weird(or malicious) extension on your browser to hijack the traffic. We have nothing can do for you in such situation. And we have no relation to the one using our service in a malicious software.

@zhsj I think it's improper and impolite for you, as a member of the LUG@USTC organization, to conclude that a user (who is asking politely) has installed some weird or malicious browser extension. Do you think that every computer with unexpected behavior has got some kind of virus or malicious software (or at least some software you don't like)?

我今天简单分析了一下日志，发现有很多很多 referer 为百度贴吧的请求访问了反代的 Google Fonts 字体文件。可能说 "malicious" 不太恰当，但是我访问了其中几个页面都没有任何对 Google Fonts 字体的引用，确实很奇怪。

现在我怀疑可能是某些浏览器扩展会在无关的页面上也访问字体反代服务。

https://greasyfork.org/en/discussions/preview-converted/80114

🤦‍♂️

[taoky]

目前 *.proxy.ustclug.org 的变化:

• 将 Google Fonts 服务（包括 gstatic） 302 至源站点，因为 Google 在中国有服务器，并且提供 Fonts 服务。
• 将约占出站流量 1/4 的 openwrt 302 至北外镜像站。
• 由于 cloudera 反代的入站流量远大于出站流量（大约至少是 5 倍以上，可能与 反向代理镜像站下载大文件总是失败 #198 有关），目前 cloudera 的反向代理关闭，302 至源站点。

[TrT-TOT]

从昨天开始是不是又出现了访问的情况？

[taoky]

从昨天开始是不是又出现了访问的情况？

是的，现在发现在国内日本（反代服务器所处位置）以外的地区无法访问。

[TrT-TOT]

突然好了。。。

[taoky]

突然好了。。。

如果你接到校内网络的话是不受影响的。

[taoky]

从昨天开始是不是又出现了访问的情况？

是的，现在发现在国内日本（反代服务器所处位置）以外的地区无法访问。

Update: 刚刚了解到，由于服务商网络故障，反代服务器目前无法被访问。我们正在等待修复。

[taoky]

从昨天开始是不是又出现了访问的情况？

是的，现在发现在国内日本（反代服务器所处位置）以外的地区无法访问。

Update: 刚刚了解到，由于服务商网络故障，反代服务器目前无法被访问。我们正在等待修复。

昨晚恢复了，现在反向代理工作正常。

[iBug]

@TrT-TOT 我们并没有提供 Google Scholar 的反代，如果你有其他问题，欢迎通过邮件询问我们。

[iBug]

请问轻量级网络加速服务预计什么时候可以恢复

很抱歉由于问题的复杂性，我们暂时没有 ETA。请持续关注 https://servers.ustclug.org/2021/03/lug-services-down/，我们会在此发布最新的更新

[wllenyj]

$ wget https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
--2021-10-12 12:58:02--  https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
Resolving crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)... 192.109.232.118, 2400:ddc0:1000::6417:bae0
Connecting to crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)|192.109.232.118|:443... connected.
ERROR: cannot verify crates-io.proxy.ustclug.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
  Issued certificate has expired.
To connect to crates-io.proxy.ustclug.org insecurely, use `--no-check-certificate'.

[skyzh]

$ wget https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
--2021-10-12 12:58:02-- https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
Resolving crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)... 192.109.232.118, 2400:ddc0:1000::6417:bae0
Connecting to crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)|192.109.232.118|:443... connected.
ERROR: cannot verify crates-io.proxy.ustclug.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to crates-io.proxy.ustclug.org insecurely, use `--no-check-certificate'.

建议单独提一个 issue，附上你的系统信息。

[taoky]

@wllenyj #372

[wllenyj]

$ wget https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
--2021-10-12 12:58:02-- https://crates-io.proxy.ustclug.org/api/v1/crates/anyhow/1.0.44/download
Resolving crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)... 192.109.232.118, 2400:ddc0:1000::6417:bae0
Connecting to crates-io.proxy.ustclug.org (crates-io.proxy.ustclug.org)|192.109.232.118|:443... connected.
ERROR: cannot verify crates-io.proxy.ustclug.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to crates-io.proxy.ustclug.org insecurely, use `--no-check-certificate'.

建议单独提一个 issue，附上你的系统信息。

系统：centos7
Thanks @taoky .已经解决了。

提示：certificate has expired.
使用以下命令解决：

trust dump --filter "pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1%4b%90%75%ff%c4%15%60%85%89%10" | openssl x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem
sudo update-ca-trust extract

提示：unable to get local issuer certificate
使用: yum install ca-certificates 解决。

[taoky]

自今日（2023 年 2 月 17 日）上午 4:40 起，由于服务器所在数据中心机房的 未知 磁盘故障问题，*.proxy.ustclug.org 等服务目前无法访问。我们正在联系服务商并等待问题解决。

[taoky]

自今日（2023 年 2 月 17 日）上午 4:40 起，由于服务器所在数据中心机房的 未知 磁盘故障问题，*.proxy.ustclug.org 等服务目前无法访问。我们正在联系服务商并等待问题解决。

目前相关服务已恢复。