Blog Tech on Hongjiang Bao's Bloghttp://baohongjiang.com/en/tags/blog-tech/Recent content in Blog Tech on Hongjiang Bao's BlogHugo -- gohugo.ioenWed, 13 Dec 2023 00:00:00 +0000The Tech Behind My Bloghttp://baohongjiang.com/en/p/the-tech-behind-my-blog/Wed, 13 Dec 2023 00:00:00 +0000http://baohongjiang.com/en/p/the-tech-behind-my-blog/<h3 id="problems-i-needed-the-blog-to-solve">Problems I needed the blog to solve </h3><p>Before building the blog, I had a few requirements:</p> <ol> <li>Pick a simple, general-purpose blog framework — and one that looks good.</li> <li>Full feature set: comments, etc.</li> <li>Bullet-proof against attacks, especially DDoS.</li> <li>Optimized for mainland-China network conditions — fast access from inside China too.</li> <li>No ICP filing — even though there&rsquo;s no problematic content, I just don&rsquo;t want the hassle.</li> </ol> <h3 id="full-breakdown-of-the-tech">Full breakdown of the tech </h3><p>The blog framework is Hugo (Go), with a sharp-looking theme. The site is fully hosted on GitHub Pages; the backend is a GitHub Codespace where I write remotely with VS Code. GitHub Actions auto-deploys on push, so a new post is live in about 10 seconds. On Cloudflare I bought 10 years of <code>baohongjiang.com</code> and pointed it at GitHub Pages. Visit <code>baohongjiang.com</code> and you&rsquo;re at the blog. Everything is HTTPS-encrypted end to end. Traffic analytics use Google Analytics and Cloudflare in parallel, so I have accurate visitor metrics. Comments are managed via Disqus — for well-known reasons, comments are not visible or postable from inside mainland China.</p> <p>At this point the blog is full-featured and fast. The site is essentially static, so backend attacks aren&rsquo;t a thing. And because the site is hosted on GitHub Pages and proxied through Cloudflare, a DDoS attack would have to first break Cloudflare and <em>then</em> take down GitHub before it could even touch my blog. Roughly speaking, you&rsquo;d need tens of terabits per second to be able to hurt me. I kind of wish my blog were big enough to be worth that kind of attack. Haha.</p> <p>Now, for well-known reasons, although mainland China can reach the site fine and the speed is OK, latency is over 200ms and packet loss is bad. So I had to specifically optimize for mainland China. Cloudflare does have geo load-balancing, but it&rsquo;s enterprise-only and <em>expensive</em>. So I bought <code>baohongjiang.cn</code>, ran a bunch of tests, and picked the best Hong Kong GIA-line VPS I could find for nginx reverse-proxying. When you visit <code>baohongjiang.cn</code>, you&rsquo;re really hitting the GIA-line VPS, which then fetches my site. Latency from mainland Chinese ISPs drops to around 30ms with very low packet loss. It flies.</p> <p>The full request path: user → baohongjiang.cn → Hong Kong VPS → baohongjiang.com → Cloudflare → GitHub Pages (origin)</p> <p><code>baohongjiang.com</code> is the rock-solid international entry point. <code>baohongjiang.cn</code> is the mainland-China fast lane.</p> <p>This setup is <em>not</em> the cheapest possible — straight GitHub Pages costs you nothing. But I just wanted to flex.</p>