cURL and wget don't work

[fu-sen]

I noticed that the template was failing on the New York server.
After examining it in detail, I can't refer to it with wget or cURL.

[🎈@nyc ~]$ curl https://example.net.eu.org/
curl: (7) Failed to connect to example.net.eu.org port 443: Connection refused
[🎈@nyc ~]$ wget https://example.net.eu.org/
--2021-06-21 07:28:02--  https://example.net.eu.org/
Resolving example.net.eu.org (example.net.eu.org)... 2606:4700:3033::ac43:b870, 2606:4700:3032::6815:130d, 172.67.184.112, ...
Connecting to example.net.eu.org (example.net.eu.org)|2606:4700:3033::ac43:b870|:443... failed: Connection refused.
Connecting to example.net.eu.org (example.net.eu.org)|2606:4700:3032::6815:130d|:443... failed: Connection refused.
Connecting to example.net.eu.org (example.net.eu.org)|172.67.184.112|:443... failed: Connection refused.
Connecting to example.net.eu.org (example.net.eu.org)|104.21.19.13|:443... failed: Connection refused.
[🎈@nyc ~]$ ▄

example.net.eu.org exists in my project: https://github.com/fu-sen/example.net.eu.org
After examining it in detail, I can't refer to it with wget or cURL.

[willnode]

It is blocked by the firewall.

If it's a publicly available service you may send a PR to https://github.com/domcloud/dom-rootkit/blob/master/src/iptables/whitelist.conf or if isn't you can upgrade the host.

[fu-sen]

All right. Because I know an alternative.

However, this does not allow source to be used in the template and requires the use of FTP or Webmin.
Password is required for uploading. This is causing problems in a different way.
Is there any good way?

[willnode]

As far I concerned, I haven't find a good way solve this firewall problem.

Most outgoing GET requests don't create problem, but outgoing POST do. Unfornatunely there's no firewall advanced enough to filter GET vs POST request unless it's involving a proxy and big waste of computing resources to do it.

I can't use root or any privilenged user to replace the execution of portal SSH, that would create privilenge escalation problem.

[fu-sen]

Yup? Wait a minute.
I also use a Singapore server, which works fine. (So I reported to domcloud-io)

[🎈@sga ~]$ wget https://example.net.eu.org/
--2021-06-21 10:18:56--  https://example.net.eu.org/
Resolving example.net.eu.org (example.net.eu.org)... 2606:4700:3032::6815:130d, 2606:4700:3033::ac43:b870, 104.21.19.13, ...
Connecting to example.net.eu.org (example.net.eu.org)|2606:4700:3032::6815:130d|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html                                  [ <=>                                                                           ]   1.97K  --.-KB/s    in 0s      

2021-06-21 10:19:00 (24.7 MB/s) - ‘index.html’ saved [2016]

[🎈@sga ~]$ ▄

The answer may be strange. Isn't it a cause other than the firewall?

[willnode]

Ouch. I leave the firewall off yesterday and forgot to turn it on back after troubleshooting. Sorry for that.

[fu-sen]

So the current behavior of domcloud.io is what you expect, right?
You'll need to fix where the free plan is no longer available in the control panel or part of the GitHub README.

[willnode]

I'll update about README for firewall behaviour.

Meanwhile, it's seems that you need an outgoing request for one of your project. Is that right?

[fu-sen]

I had some GitHub projects that used DOM Cloud, but I decided that the template didn't work, so I deleted the project.
So my account is (temporarily) empty. You don't need to take any action on this now.
But I would consider using DOM Cloud for some other purpose.

[fu-sen]

The problem with this was the Singapore server, not the New York server.
I think you still need to deal with guest users, but since the location of the issue is different, this issue will be closed.

[willnode]

This is a follow up. There are major changes in firewall today: #10 (comment) hope you like it.

[fu-sen]

I'm happy that this information has solved the blacklisting issue and put us in a position to continue the big features of DOM Cloud. I could revive some of the DOM Cloud information and the GitHub project I had deleted to update the information.