- contribute
- design
- HTTP mirror pool
Big picture
The Tails downloads are served using two different mirror pools (HTTP and DNS), depending on the use case.
HTTP pool
A web service redirects clients to the nearest mirror based on IP geolocation data:
- The list of mirrors is automatically and periodically loaded from a JSON file on our website. See the Mirror pool configuration section below for details.
- IP geolocation data is automatically and periodically updated from MaxMind's GeoLite2 databases.
- Downloads are served under the
download.tails.netdomain (see mirror statistics). - Mirrorbits performs the actual
redirections according to its own internal score system, which is based on
mirrors' weights (imported from
mirrors.json) and IP geolocation data (Autonomous Systems, countries and calculated distances). - The server-side code can be found in tails/puppet-tails/-/blob/master/manifests/profile/mirrorbits.pp
DNS pool
A DNS Round Robin pool points to a few fast and
reliable mirrors. It is used as a fallback for the versions
of Tails Upgrader included up to Tails 5.8, inclusive. So we still
have a DNS dynamic update system, re-purposed from the one we already had
(dl.amnesia.boum.org).
It's configured via this Git repository:
tails_git@65wwrbljzca2cxztur6xz652c2zvhvj3ebgyestpgvfbzaamkamf57yd.onion:/srv/repositories/mirrors.git
Mirror pool configuration
The server-side redirector fetches the mirror pool configuration file from our website: https://tails.boum.org/mirrors.json
The configuration file is written in JSON, to avoid the need to use a third-party parser.
The configuration file is stored in a (dedicated Git repository), that is added to our website with the ikiwiki underlay mechanism. Using a separate Git repository gives us finer-grained access control possibilities in the long run, e.g. we may want to let people who don't have commit access to Git maintain the mirrors pool. Note that we'll need to serve the configuration file from outside our website if we ever want to do so: an underlay can affect our website in ways that are probably (almost?) as bad as what one can do with Git access to the website itself.
The configuration file is essentially a list of mirrors, and for each of them we need a few values:
url_prefix: whatever needs to be pre-pended to the path to an ISO (e.g./stable/tails-i386-2.0/tails-i386-2.0.iso) that is shared between all mirrors, to form a complete URL to that ISO; for examplehttps://mirrors.wikimedia.org/tails/rsync_url: this URL is used by the server-side redirector to periodically check each mirror's health.weight: the probability this mirror has to be picked by the dispatcher code, expressed as a non-negative integer; weight 0 means that the mirror is currently disabled, and will never be redirected toemail(optional): the email address of the mirror's operatornotes(optional): various additional notes that can be useful to the managers of the mirror pool
For a more formal, and probably more up-to-date definition of the data model, better see its JSON schema.
Documentation for mirror pool administrators
See README.mdwn in this Git repository:
tails_git@65wwrbljzca2cxztur6xz652c2zvhvj3ebgyestpgvfbzaamkamf57yd.onion:/srv/repositories/mirrors.git