Stay away from Scaleway

These guys are doing some reaaaaally shady stuff.

I signed-up because they seem reasonably cheap for 200Mbps unmetered, but had a lot of trouble trying to set up Discourse, here’s my story.

— First attempt

I initially tried out their “instant” discourse offering. Though it is only limited for use in a specific type of instance which many would find underpowered, it’s also ARM btw. Overall experience was “slow”, because of latency (they’re in paris I’m in the US and had 400ms+ ping) and because the instance was … kind of slow. Anyway I boot up and I see that SMTP ports are blocked, so I try to unlock them and it says you need to open a ticket for this. Well, ticket opened, and I get an email saying this:

In order to respond favorably to your request to unblock port 25 of your server, an additional verification is necessary.
In order to protect the reputation of our IPs and in order to offer quality services, you are asked to send us to the following address: fax+scaleway+51735@online.net
A photocopy of your identity card
A picture of yourself holding your identity card.
Upon receipt of these documents, your requests will be analyzed by the concerned team and we will return to you via this ticket as soon as possible if it’s avaible

So I just said, yeah no way and tried to look for alternative ways to deliver smtp. I settled with mailgun because it’s the fastest one to setup and overall no bullshit involved (elasticemail NEVER sent me login confirmations …).

— Second attempt

Now I boot up an ubuntu ARM instance and try to get docker in there. Docker installs fine but ./discourse-setup fails at some point due to the system being on an ARM architecture (I guess).

— Third attempt

I boot up another ubuntu ARM instance, which supposedly had Docker preinstalled, just to see if that was the reason the previous one didn’t work. It failed similarly, so I guess it is the architecture what’s messing the install. Bear in mind that each ./discourse-setup is taking around 30 mins to complete

— Fourth attempt

I boot up an x86 instance, these are much more expensive than ARM and now we are talking similar prices to AWS, DO and others. Still you get 200Mbps unmetered so it’s cool. ./discourse-setup completes (in 28 mins!) and when I’m trying to create my admin account it strangely fails. telnet mailgun 587 quickly lets me know why… weird. So I open up another ticket and let them know that 587 OUTBOUND is blocked (you can’t override this on their security policies, btw), and they come back again telling me that if I need that unblocked I have to send them a picture of me standing with an ID in my hand (honestly wtf, they already have my credit card and phone ##). So I delete the instance and a couple minutes later I realize that maybe mailgun offers more ports to deliver smtp. I look up in their documentation and yeah, you can use 2525 as well.

— Fifth attempt

So I quickly boot up (again) a new x86 instance and telnet mailgun 2525 it’s open! Great. So I go through all the issues of installing docker and ./discourse-setup and waiting 1/2 an hour, etc… It’s finally done, my discourse server is ready! No … mails are not delivered again and the log is filled with tens of messages like this:

Sent mail to REDACTED@REDACTED (904.1ms)
Job exception: hostname "smtp.mailgun.com" does not match the server certificate

You be the judge … I think they may be sniffing or mitming some outbound ports like 2525. Why? Who the hell knows. Account closed and not looking back. An afternoon wasted, I’m writing this so you don’t waste yours.

Best.

Updated my post,

That last thing turned out not to be a Scaleway issue, since I’m getting the same error on a Vultr instance.

Will research into it, it could be a bug or it could be something on Mailgun’s side.

Will update …

My bad, I’m an i***t.

smtp.mailgun.com != smtp.mailgun.org

So it would’ve probably worked out w/ 2525.

Anyway, the rest of the experience still holds true. I’m now on Vultr, I’m happy so far.

My forum (and other services) is hosted by Scaleway (Amsterdam location) from January 2017 and I use Mailgun as provider.

Until now I did not have any of the problems you described.

I did not use the docker image they have on their servers but I installed everything by following the official Discourse guide (except for nginx that we use as a reverse proxy).

• I can not say anything about ping because I’m in Europe, I did not have any problems

• SMTP is disabled by default, when I enabled it, after installing Discourse, I was not asked to send any ticket (so, no photocopy or picture of myself, with my character if they asked me this kind of things I would close account and server immediately without answering it).

• I know I’m on a really cheap ARM server (on this forum you will also find comparative benchmarks for some servers, including Scaleway).
  When we migrated to Scaleway I knew perfectly well that I could not claim the same “power” of other servers (eg DO). Yes, every rebuild takes exactly 30 minutes, so we update from the Discourse GUI when it’s possible (the docker restart takes less than a minute). When it is not, rebuild is done at night.

Since January I opened 2 tickets (for both tickets they responded within 10-15 minutes):

• one for my fault because I forgot to pay the bill (I have serious problems remembering days and dates in general, my team sends me PM every month to remind me to pay for the server and transfer patreon donations to the card ). The server was reopened within half an hour of shutdown.

• one for their own fault. For one of our software we use Appveyor to do auto-updates for every push on Github and after a few days it have stopped working because of bandwidth problems. Every time Appveyor tried to do his job it failed, and we had problems using the forum.
  The problem was resolved in a couple of days.

So far my experience has been very positive both with Scaleway and with their support.

Did you send them a copy of your IDs and a picture of you holding them?~

Sorry, didn’t read that part.

As of today that’s a requirement for opening SMTP, so I guess you would’ve bailed out as well.

I don’t think one is able to “just install Discourse by following the official guide” on an ARM instance like the ones from SW, though.

The only difference (if i remember correctly) was that we use the ubuntu 16.04 image with preloaded docker because you can’t install docker into another image.
Several months have passed but it seems to me that we did this way, then we did the regular discourse installation.

Searching for SMTP infos on the scaleway community I see that since September they ask a fax with a selfie for security reasons…which is a weird request.

I hope the fax is only required for new users, otherwise I will migrate to a new server

As a native French citizen,

Identity verification is a requirement by French legislation for businesses as long as the service already have personnal information in their database that can potentially be present on a identity document of any sort.

Mainly a measure to avoid identity usurpation, and make sure the person they have in front of them is really the owner and subscriber of the service, the information can be removed at your request though (which is a civil right regulated by the CNIL)

A lot of online services in France actually have to do this. For instance, my online bank had to get me 5 minutes in video chat in order to verify my identity before opening an account.

It’s the same process as you would do when you open an account in a real bank or subscribe to an Internet provider, except here it’s online which can be really scary at first but you eventually get used to it.

Scaleway is a product from the french hosting provider “online.net” which is a subsidiary of the Iliad group (the group behind Free and FreeMobile), they are known in France to be cheap and competitive but have a lot of problems to being with (which is why it’s cheap in the first place).

If I could give a recommendation though, I’m hosting myself an instance of Discourse on OVH servers from the authorized low-cost reseller “Kimsufi”, never had any problem with them with more than 2 years of non-stop uptime.

I understand that they have to protect the users and protect themselves, every country has its own laws, what I do not understand is why I have to send a fax via email. Sending a fax means that at home you need to have at least a scanner printer.

Is not Telegram/Whatsapp better then? It would be more logical and much faster.

Just put a warning near the SMTP button with a simple text
“For these reasons […] we need a double-sided photo of your ID card and the email of your scaleway account (and/or other data). As soon as we receive the data the SMTP will be activated.”

Maximum 5 minutes SMTP should be active.

No ticket needed, only a button that allow you to upload 1 or 2 images and a text box to write a message.

I have two Production Discourse instances running on Scaleway x86 … not had any instability and for some reason (perhaps because I’ve been live since 2016) I’ve not had to send any ID and SMTP has been fine (though I recall having to open it up initially). Of course I am using an email provider - Sparkpost so IP blacklisting not an issue. Does this just apply to new users?

Yes, it is a request that Scaleway only makes to new customers who have registered since September 2017. Customers who have already created an account for their services (before September) have been exempted from submitting documentation.
This does not exclude that, depending on the changes in French legislation, they can request it in the future also from old customers.

Thanks @dax ! Hopefully they will improve their process too.