Skip to main content

Hong Kong Cloud Servers Aren't a Silver Bullet for Avoiding ICP Filing - Port 443 May Be Blocked

1. Background

During Double 12, various cloud vendors offered steep discounts on cloud servers. On impulse, seeing how cheap Hong Kong servers were for three years, I bought one from a well-known cloud vendor. ECS Year-End Special

2. After Setting Up Services, Found Inaccessible from China but Accessible from Abroad

After paying for the server, I immediately started setting up services. After a smooth series of operations, I found - wait, why can't I access it?

I initially thought it was an Nginx configuration issue, then spent an entire afternoon troubleshooting. Skipping 500 words of frustration, including rebuilding the nginx image, downgrading nginx version, switching from Docker image to direct installation.

Suddenly! It worked! I was quite happy at the time, thinking I had deepened my understanding of nginx. At this point, I hadn't realized I was accessing through a proxy.

The next day, I opened the website on my phone and found it wouldn't load. Switching back to my computer, the website worked fine. Comparing the two, I discovered that without a proxy, the website was inaccessible from within China.

3. Attempting to Solve

Since the domain was inaccessible, the natural suspect was the domain resolution provider. I checked with another cloud service provider - detection was OK. Pinging the domain returned the IP, but still couldn't access it.

At this point, I suspected the server vendor had some restrictions. I submitted a ticket to the server vendor, and they detected that my public IP's port 443 wasn't open. Strange - using the command:

nmap <IP> -p 443

image.png

It clearly showed Open status. After chatting with their engineers and providing credentials.

They also found the server's port 443 was Open, but telnet from domestic hosts couldn't connect. Internal network could connect, external network could connect.

At this point, it was pretty clear. Since it wasn't related to the server, it must be an ISP issue. When resolving this domain, the IP obtained was a Hong Kong IP, and port 443 was being filtered, making it inaccessible from within China.

The cloud vendor's final solution: change the public IP, but it costs money.

Without a good solution, I searched and found other cloud vendors had this issue years ago: Hong Kong Server HTTPS Blocked by Mobile Network!

What a shame!!! A hard-won server with fast domestic access speeds, but inaccessible via domain name.

So when buying Hong Kong servers, ask in advance if changing the public IP is a paid service. That way, at least you can try a few more IPs to find one that works.