This is a mini log on how to host websites that are compatible with the so-called "Great Firewall" of China.

Some observations from my Dokuwiki instance:

• CDNs may not work reliably, including connections to cdnjs.cloudflare.com, fonts.googleapis.com, img.youtube.com. Scripts that are hosted via CDN should ideally be served from the same website itself.
  • e.g. for MathJax plugin for Dokuwiki, pull the latest from the MathJax repo, checkout the specific version e.g. 2.7.9, then copy it to a static filepath on the reverse proxy. For Dokuwiki, I made it sit at /lib/scripts/user/mathjax/MathJax.js.
  • For regular websites, simply replace the remote with a local resource. Applies for JS, CSS, fonts, etc.
• Scripts that take too long to load, e.g. 30s, may actually get sent a TCP RESET by the firewall.
  • This is particularly important for users on slow wifi connections, e.g. eduroam.
  • Ensure scripts are minified, or otherwise removed to minimize bloat.
• Connections observed to occasionally be terminated prematurely with a CONN_CLOSED, before a restart of the query. Not too sure the mechanism for this one.

Network logs

Some other observations:

• Online sources mention TLSv1.3 gets automatically blocked. Attempts on Apr 2026 don't reflect this case.