Incidentally, the team discovered a configuration error today. The Snowflake broker was recently upgraded and reinstalled on a new host (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) but the snowflake-broker.azureedge.net CDN configuration was still pointing to the *old* broker (which for the time being is still running in parallel.
I'm about to adjust the CDN configuration to point to the new broker: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
It's like that this will require no action on your part, but if something stops working, it may be the reason why.
On Wed, Dec 11, 2024 at 10:16:32AM +0000, Michael Rogers via anti-censorship-team wrote:
The onionwrapper library (which is used by Briar and OnionShare Android) uses snowflake-broker.azureedge.net and meektm.azureedge.net for certain configurations (depending on the country and Android version, as some older Android devices can't verify Let's Encrypt certificates).
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Cheers, Michael
On 11/12/2024 06:09, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure azure-noreply@microsoft.com Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67