feat: self-host fonts, styled block page, wildcard TLS #16

2026-03-27T08:02:28+08:00

dearsky commented

2026-03-27 08:02:28 +08:00

(Migrated from gitea.proxy.dearsky.top)

Summary

Self-hosted fonts — replace Google Fonts CDN with 5 woff2 files (73KB total), served from API server via include_bytes!. Zero external requests, works offline, consistent with privacy stance
Styled block page — when a blocked domain hits the proxy, show a helpful "Blocked by Numa" page with allowlist instructions (was confusing "not a .numa domain" error)
Shared error_page() template — deduplicate ~160 lines of CSS between 403 and 404 proxy pages
Wildcard TLS — add *.numa SAN to cert so unregistered .numa domains get valid HTTPS (styled 404 without cert warning)
Fix Instrument Serif font-weight — use 400 (only available weight) instead of synthetic bold 600/700 across all pages
Landing page — performance section, blog link, comparison table updates, OG tags
Blog post — "Building a DNS Resolver from Scratch in Rust" with real wire-format captures

Test plan

cargo fmt --check clean
cargo clippy -- -D warnings clean
All tests pass
Fonts load at localhost:5380/fonts/fonts.css (200, correct content)
woff2 files serve with correct font/woff2 content-type and 1-year cache headers
Dashboard renders with self-hosted Instrument Serif / DM Sans / JetBrains Mono
Blog renders correctly via pandoc template
Blocked domain proxy page shows styled "Blocked by Numa" message
No remaining Google Fonts references in site/ or src/

🤖 Generated with Claude Code

## Summary - **Self-hosted fonts** — replace Google Fonts CDN with 5 woff2 files (73KB total), served from API server via `include_bytes!`. Zero external requests, works offline, consistent with privacy stance - **Styled block page** — when a blocked domain hits the proxy, show a helpful "Blocked by Numa" page with allowlist instructions (was confusing "not a .numa domain" error) - **Shared error_page() template** — deduplicate ~160 lines of CSS between 403 and 404 proxy pages - **Wildcard TLS** — add `*.numa` SAN to cert so unregistered `.numa` domains get valid HTTPS (styled 404 without cert warning) - **Fix Instrument Serif font-weight** — use 400 (only available weight) instead of synthetic bold 600/700 across all pages - **Landing page** — performance section, blog link, comparison table updates, OG tags - **Blog post** — "Building a DNS Resolver from Scratch in Rust" with real wire-format captures ## Test plan - [x] `cargo fmt --check` clean - [x] `cargo clippy -- -D warnings` clean - [x] All tests pass - [x] Fonts load at `localhost:5380/fonts/fonts.css` (200, correct content) - [x] woff2 files serve with correct `font/woff2` content-type and 1-year cache headers - [x] Dashboard renders with self-hosted Instrument Serif / DM Sans / JetBrains Mono - [x] Blog renders correctly via pandoc template - [x] Blocked domain proxy page shows styled "Blocked by Numa" message - [x] No remaining Google Fonts references in site/ or src/ 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: PullFromGitHub/numa#16