docs(notes): add guide for Clash VPN mixed content errors

Author: lzwjava

notes/2025-06-29-clash-mixed-content-en.md

@@ -0,0 +1,156 @@
+---
+title: "Fix Clash VPN Mixed Content Errors"
+lang: en
+layout: post
+audio: false
+translated: false
+generated: true
+---
+
+The error messages you're encountering indicate a **mixed content** issue with the Clash VPN application, specifically when the page at `https://clash.razord.top/` tries to load resources from an insecure `http://127.0.0.1:9090/` endpoint (e.g., `http://127.0.0.1:9090/version`). Modern browsers block such requests because they violate security policies by attempting to load insecure HTTP content on a secure HTTPS page. Additionally, there are CORS (Cross-Origin Resource Sharing) errors due to access control restrictions. Below is a step-by-step guide to resolve this issue.
+
+---
+
+### Why This Happens
+- **Mixed Content Error**: The webpage is served over HTTPS, but it’s attempting to fetch resources (like the version check) from `http://127.0.0.1:9090`, which is insecure. Browsers block these requests to prevent potential security vulnerabilities, such as man-in-the-middle attacks.
+- **CORS Error**: The browser is blocking the request to `http://127.0.0.1:9090` due to CORS policy, which restricts cross-origin requests unless explicitly allowed by the server.
+- **Clash Context**: Clash (or Clash for Windows) is a proxy application that likely uses a local server (`127.0.0.1:9090`) for its dashboard or API. If this local server doesn’t support HTTPS or isn’t configured correctly, it triggers these errors when accessed via an HTTPS webpage.
+
+---
+
+### Steps to Fix the Issue
+
+#### 1. **Verify Clash Core Configuration**
+   - **Check if Clash Core is Running**: Ensure the Clash core (the backend service) is running on your machine and listening on `127.0.0.1:9090`. You can verify this by:
+     - Opening a terminal or command prompt.
+     - Running `curl http://127.0.0.1:9090/version` to check if the endpoint responds with the Clash version.
+     - If it doesn’t respond, ensure the Clash service is active. Restart Clash for Windows or the Clash core process.
+   - **Enable HTTPS for Clash Core** (if possible):
+     - Some versions of Clash (e.g., Clash Premium or Clash Meta) support HTTPS for the local API. Check the Clash documentation or configuration file (usually `config.yaml`) for an option to enable HTTPS for the external controller (the API endpoint).
+     - Look for a setting like `external-controller` or `external-ui` in the configuration file. For example:
+       ```yaml
+       external-controller: 127.0.0.1:9090
+       external-ui: <path-to-ui>
+       ```
+       If HTTPS is supported, you may need to configure a certificate for the local server. This is advanced and may require generating a self-signed certificate (see step 4 below).
+
+#### 2. **Access the Dashboard via HTTP (Temporary Workaround)**
+   - If the Clash dashboard can be accessed via HTTP (e.g., `http://clash.razord.top/` instead of HTTPS), try loading it without HTTPS to avoid mixed content issues:
+     - Open your browser and navigate to `http://clash.razord.top/`.
+     - Note: This is not recommended for production use, as HTTP is insecure. Use this only for testing or if the dashboard is only accessed locally.
+   - If the dashboard requires HTTPS, proceed to the next steps to address the root cause.
+
+#### 3. **Update URLs to HTTPS**
+   - The error suggests the Clash dashboard is trying to fetch resources from `http://127.0.0.1:9090`. If you have access to the Clash dashboard’s source code or configuration:
+     - Check the frontend code (e.g., `index-5e90ca00.js` or `vendor-827b5617.js`) for hardcoded `http://127.0.0.1:9090` references.
+     - Update these to `https://127.0.0.1:9090` if the Clash core supports HTTPS, or use a relative URL (e.g., `/version`) to let the browser use the same protocol as the page.
+     - If you don’t have access to the source code, you may need to configure a reverse proxy (see step 4).
+
+#### 4. **Set Up a Reverse Proxy with HTTPS**
+   - To resolve the mixed content issue, you can set up a reverse proxy (e.g., using Nginx or Caddy) to serve the Clash core API (`http://127.0.0.1:9090`) over HTTPS. This allows the dashboard to communicate with the core securely.
+   - **Steps for Nginx**:
+     1. Install Nginx on your system (if not already installed).
+     2. Generate a self-signed SSL certificate for `127.0.0.1`:
+        ```bash
+        openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -subj "/CN=localhost"
+        ```
+     3. Configure Nginx to proxy requests to `http://127.0.0.1:9090` over HTTPS. Create a configuration file (e.g., `/etc/nginx/sites-available/clash`):
+        ```nginx
+        server {
+            listen 443 ssl;
+            server_name localhost;
+
+            ssl_certificate /path/to/localhost.crt;
+            ssl_certificate_key /path/to/localhost.key;
+
+            location / {
+                proxy_pass http://127.0.0.1:9090;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+            }
+        }
+        ```
+     4. Enable the configuration and restart Nginx:
+        ```bash
+        sudo ln -s /etc/nginx/sites-available/clash /etc/nginx/sites-enabled/
+        sudo nginx -t
+        sudo systemctl restart nginx
+        ```
+     5. Update the Clash dashboard to use `https://localhost:443` instead of `http://127.0.0.1:9090` for API requests.
+     6. In your browser, accept the self-signed certificate when prompted.
+
+   - **Alternative with Caddy**: Caddy is simpler to configure and automatically handles HTTPS:
+     1. Install Caddy.
+     2. Create a `Caddyfile`:
+        ```caddy
+        localhost:443 {
+            reverse_proxy http://127.0.0.1:9090
+        }
+        ```
+     3. Run Caddy: `caddy run`.
+     4. Update the Clash dashboard to use `https://localhost:443`.
+
+#### 5. **Bypass CORS Restrictions (Advanced)**
+   - The CORS error (`XMLHttpRequest cannot load http://127.0.0.1:9090/version due to access control checks`) indicates the Clash core server isn’t sending the appropriate CORS headers. If you control the Clash core:
+     - Modify the Clash core configuration to include CORS headers, such as:
+       ```yaml
+       external-controller: 127.0.0.1:9090
+       allow-cors: true
+       ```
+       (Check the Clash documentation for the exact syntax, as this depends on the Clash version.)
+     - Alternatively, the reverse proxy setup in step 4 can handle CORS by adding headers like:
+       ```nginx
+       add_header Access-Control-Allow-Origin "https://clash.razord.top";
+       add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+       add_header Access-Control-Allow-Headers "*";
+       ```
+   - If you don’t control the core, you can use a browser extension to temporarily bypass CORS (e.g., “CORS Unblock” for Chrome), but this is not recommended for security reasons.
+
+#### 6. **Update Clash or Switch to a Compatible Version**
+   - Ensure you’re using the latest version of Clash for Windows or Clash Verge, as older versions may have bugs or lack HTTPS support for the external controller.
+   - Check the Clash GitHub repository (`github.com/Dreamacro/clash` or `github.com/Fndroid/clash_for_windows_pkg`) for updates or reported issues related to mixed content or CORS.
+   - Consider switching to **Clash Verge** or **Clash Meta**, which may have better support for HTTPS and modern browser security policies.[](https://clashverge.net/en/tutorial-en/)
+
+#### 7. **Allow Insecure Content in Browser (Not Recommended)**
+   - As a last resort, you can allow insecure content in your browser for `https://clash.razord.top/`:
+     - **Chrome**:
+       1. Click the lock icon in the address bar.
+       2. Go to “Site settings” > “Insecure content” > Set to “Allow.”
+     - **Firefox**:
+       1. Click the lock icon and go to “Connection settings.”
+       2. Disable “Block dangerous and deceptive content” temporarily.
+     - **Warning**: This bypasses security protections and should only be used for local testing on trusted networks.
+   - Alternatively, launch Chrome with the `--disable-web-security` flag (for development only):
+     ```bash
+     google-chrome --disable-web-security --user-data-dir="/tmp/chrome_dev"
+     ```
+
+#### 8. **Check for Conflicting Extensions or Firewall**
+   - Browser extensions (e.g., ad blockers, privacy tools) or firewall settings may interfere with Clash’s local server. Temporarily disable extensions or check your firewall to ensure `127.0.0.1:9090` is accessible.[](https://vpncentral.com/reddit-blocked-by-network-security/)
+   - On Windows, ensure the Clash app has firewall permissions:
+     - Go to Settings > Network & Internet > Windows Firewall > Allow an app through firewall.
+     - Add or enable Clash for Windows.
+
+#### 9. **Contact Clash Support or Community**
+   - If the above steps don’t resolve the issue, report the problem on the Clash for Windows GitHub issues page (`github.com/Fndroid/clash_for_windows_pkg/issues`) or the Clash community forums. Provide details about your setup, including:
+     - Clash version.
+     - Operating system.
+     - Configuration file (redact sensitive info).
+     - Browser and version.
+   - Check for similar issues in the community, as this error may be specific to certain Clash versions or configurations.[](https://superuser.com/questions/1769163/could-not-switch-to-this-profile-proxy-0-filed-ws-opts-headershost-invalid-c)
+
+---
+
+### Recommended Approach
+The most secure and robust solution is to **set up a reverse proxy with HTTPS** (step 4) to ensure all requests are served over HTTPS, resolving both the mixed content and CORS issues. If you’re unable to modify the Clash core or dashboard, using a newer version of Clash (e.g., Clash Verge) or accessing the dashboard via HTTP temporarily (step 2) may be quicker workarounds.
+
+---
+
+### Additional Notes
+- If you’re using a custom Clash dashboard or a third-party service like `clash.razord.top`, verify that it’s compatible with your Clash core version.
+- Always back up your Clash configuration (`config.yaml`) before making changes.
+- If the issue persists, you can try switching to alternative proxy clients like v2rayN or OpenVPN, which may have better HTTPS support for local APIs.[](https://stackoverflow.com/questions/67822697/how-to-route-internet-traffic-via-clash-for-windows-ping-from-python-code-is)
+
+Let me know if you need help with specific steps, such as setting up Nginx or debugging the Clash configuration!

notes/2025-06-29-hosting-multiple-pages-en.md

@@ -0,0 +1,78 @@
+---
+title: "Host Multiple GitHub Pages with Organizations"
+lang: en
+layout: post
+audio: false
+translated: false
+generated: true
+---
+
+Yes, creating a GitHub organization is a viable way to host additional GitHub Pages sites with unique `*.github.io` subdomains, as each organization can have its own `organization.github.io` site, separate from your personal `username.github.io` site. Here's how you can do it and what you need to know:
+
+### Key Points
+- **Personal Account Limitation**: Each GitHub user account can have only one User Site, hosted at `username.github.io`, which is tied to a repository named `username.github.io`. If you've already used this for your personal account, you can't create another `*.github.io` subdomain under the same account.
+- **Organization Sites**: Each GitHub organization can also have its own Organization Site, hosted at `organization.github.io`, by creating a repository named `organization.github.io`. This allows you to create additional `*.github.io` subdomains by setting up multiple organizations.
+- **Project Sites**: Both user and organization accounts can host multiple Project Sites (e.g., `username.github.io/project` or `organization.github.io/project`) from other repositories, but these are subpaths, not subdomains. If you specifically want distinct subdomains (e.g., `sub.example.github.io`), you cannot achieve this directly with GitHub Pages without a custom domain, as GitHub does not support custom subdomains like `sub.example.github.io` under the `github.io` domain.[](https://github.com/orgs/community/discussions/54144)
+
+### Steps to Create a GitHub Organization for Additional `*.github.io` Subdomains
+1. **Create a GitHub Organization**:
+   - Go to GitHub and sign in with your account.
+   - Click the "+" icon in the top-right corner and select **New organization**.
+   - Follow the prompts to set up the organization, choosing a unique name (e.g., `myorg`). This name will determine the subdomain (e.g., `myorg.github.io`).
+   - Note: Organizations can be created for free, but some features (like private repositories) may require a paid plan, depending on your needs. GitHub Pages for public repositories is available with GitHub Free.[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site)
+
+2. **Create the Organization's GitHub Pages Repository**:
+   - In the new organization, create a repository named exactly `myorg.github.io` (replace `myorg` with your organization’s name).
+   - This repository will host the Organization Site, accessible at `https://myorg.github.io`.
+
+3. **Set Up GitHub Pages**:
+   - Go to the `myorg.github.io` repository’s **Settings** tab.
+   - Scroll to the **Pages** section.
+   - Under **Source**, select the branch you want to publish (e.g., `main` or `gh-pages`) and save.
+   - Once configured, the site will be live at `https://myorg.github.io` after a few minutes.[](https://dev.to/mohammedasker/how-to-get-github-subdomain-with-github-pages-4g0p)
+
+4. **Add Content**:
+   - Add an `index.html` file or use a static site generator like Jekyll to the repository’s publishing branch.
+   - Commit and push your changes. For example:
+     ```bash
+     git clone https://github.com/myorg/myorg.github.io
+     cd myorg.github.io
+     echo "Hello World" > index.html
+     git add --all
+     git commit -m "Initial commit"
+     git push origin main
+     ```
+   - Visit `https://myorg.github.io` to verify the site is live.[](https://dev.to/mohammedasker/how-to-get-github-subdomain-with-github-pages-4g0p)
+
+5. **Repeat for Additional Subdomains**:
+   - Create additional organizations (e.g., `myorg2`, `myorg3`) and repeat the process to get `myorg2.github.io`, `myorg3.github.io`, etc.
+   - Each organization can have one `*.github.io` subdomain, allowing you to create as many subdomains as you have organizations.
+
+### Limitations and Considerations
+- **Custom Subdomains on `github.io`**: You cannot create subdomains like `sub.myorg.github.io` directly with GitHub Pages. The `github.io` domain is managed by GitHub, and only `username.github.io` or `organization.github.io` are supported. To use custom subdomains (e.g., `blog.example.com`), you must own a custom domain and configure DNS settings (CNAME records) to point to `myorg.github.io`.[](https://github.com/orgs/community/discussions/54144)[](https://github.com/orgs/community/discussions/64133)
+- **Single Repository per Subdomain**: Each `*.github.io` subdomain is tied to a single repository (`username.github.io` or `organization.github.io`). You cannot serve multiple subdomains from a single repository without a custom domain and additional hosting or proxying services.[](https://webmasters.stackexchange.com/questions/144484/separate-subdomains-on-one-github-page)
+- **Management Overhead**: Each organization requires separate management (e.g., members, permissions, billing). Ensure you’re comfortable managing multiple organizations.
+- **DNS and Custom Domains**: If you want to use a custom domain (e.g., `example.com` or `sub.example.com`) instead of `*.github.io`, you can configure it in the repository’s **Pages** settings and add a CNAME record with your DNS provider. For example, point `sub.example.com` to `myorg.github.io`. Be sure to verify the domain to prevent takeover risks.[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site)[](https://dev.to/scc33/how-to-host-a-site-with-a-subdomain-on-github-pages-5a1j)
+- **Private Repositories**: GitHub Pages for private repositories requires GitHub Pro, Team, or Enterprise plans. If you’re using free plans, ensure your `myorg.github.io` repository is public.[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site)
+
+### Alternative for Multiple Subdomains
+If your goal is to have multiple subdomains (e.g., `blog.example.com`, `shop.example.com`) under a single custom domain, you can:
+1. Purchase a custom domain (e.g., `example.com`) from a registrar like Namecheap or GoDaddy.
+2. Create multiple repositories in your organization (e.g., `myorg/blog`, `myorg/shop`).
+3. Enable GitHub Pages for each repository, setting custom domains like `blog.example.com` and `shop.example.com` in their respective **Pages** settings.
+4. Configure CNAME records with your DNS provider to point `blog.example.com` to `myorg.github.io` and `shop.example.com` to `myorg.github.io`. Note that all repositories without their own custom domain will appear under the organization’s custom domain as subpaths (e.g., `example.com/blog`).[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site)[](https://stackoverflow.com/questions/68505452/github-pages-with-single-custom-subdomain-for-multiple-repositories-using-paths)
+5. Be aware that serving multiple subdomains from a single repository is not natively supported by GitHub Pages and may require external services like a CDN or reverse proxy.[](https://webmasters.stackexchange.com/questions/144484/separate-subdomains-on-one-github-page)
+
+### Example Scenario
+- You’ve used `username.github.io` for your personal site.
+- Create an organization named `myorg` and a repository `myorg.github.io` to get `myorg.github.io`.
+- Create another organization named `myorg2` and a repository `myorg2.github.io` to get `myorg2.github.io`.
+- For custom subdomains, own `example.com`, and set up `blog.example.com` (pointing to `myorg.github.io`) and `shop.example.com` (pointing to `myorg2.github.io`) via CNAME records.
+
+### Final Notes
+- Creating multiple organizations is a straightforward way to get additional `*.github.io` subdomains without needing a custom domain.
+- If you want true subdomains (e.g., `sub.myorg.github.io`), you’ll need a custom domain and DNS configuration, as GitHub’s `github.io` doesn’t support this natively.
+- Always verify custom domains to avoid security risks like domain takeovers.[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site)
+- DNS changes can take up to 24 hours to propagate.[](https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site)
+
+If you have further questions or need help with specific configurations, let me know!