From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: CDN Mirrors for GNU Guix Date: Wed, 08 Feb 2017 03:36:41 -0800 Message-ID: <8737foewxi.fsf@gmail.com> References: <8737fqax7b.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34625) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cbQYJ-0006tR-Gw for guix-devel@gnu.org; Wed, 08 Feb 2017 06:36:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cbQYI-0007Jj-2W for guix-devel@gnu.org; Wed, 08 Feb 2017 06:36:47 -0500 In-Reply-To: <8737fqax7b.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 07 Feb 2017 15:32:08 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: "guix-devel@gnu.org" , Tom Li --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Hello Tom, > > Tom Li skribis: > >> Currently, GNU Guix is still in the early stage of development, and ther= e is a great >> lack of mirrors worldwide. For example. in my region, using GNU Guix is = incredibly >> slow, the speed is around 4 KiB/s and rendering it almost unusable. > > Woow, that sounds really extreme! Do you always have such a bandwidth, > or did you just happen to be unlucky somehow at that time? > > Regardless, I agree that we should have more mirrors and a wider > distribution. > >> Therefore, I created two CDN mirrors of https://mirror.hydra.gnu.org/, b= y using >> CloudFlare and Amazon CloudFront's service. I know some have the concern= s about >> such type of centralized corporation-controlled service. Personally, I h= ave done my >> best to minimized the security risks (HTTPS only, untouched signatures) = and set ip >> up faithfully. Please use it according to your own judgement. >> >> they are available at: >> >> * https://guix-cloudflare.tomli.me/ >> * https://guix-amazon.tomli.me/ >> >> Since they are identical mirrors of Hydra, you just need to use `--subst= itute-urls=3D` >> in order to use it. I'm curious to know what the cache hit rate of your CloudFront distribution is. I have one, too, at https://hydra-mirror.marusich.info, and the hit rate is surprisingly low (less than 5%, last I checked). It's probably because I'm the only one using it, though :-) > Nice! (Though I should say that I hate CloudFare for essentially > preventing Tor users from accessing what they host.) > > I think it may be time to arrange so that mirror.hydra.gnu.org (or some > other host name?) can somehow redirect users to external mirrors. I=E2= =80=99m > not sure how to achieve this, so if anyone has experience in this area, > help is welcome! One option is to use DNS round robin. The main problems with traditional DNS round robin is that you don't always get a "nearby" (according to some metric such as latency or geographic location) address, and if one of the addresses is "unhealthy" (according to some metric such as external network connectivity), some clients might still get (and cache) the unhealthy address. Some DNS services (e.g., Amazon Route 53) provide "smarter" features that will return nearby records or healthy records, but I do not know how easy it is to use those features when you are trying to route requests to another domain or address outside of your own control. Beyond DNS, I suppose you could implement some kind of application layer logic, perhaps involving HTTP redirects, but it would not be as simple as DNS round robin. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlibAskACgkQ3UCaFdgi Rp0r9Q/+MlRu7IcqggQBJZOwNv20MQ5D8O97oWICa7MycipoUUxcY14tDob1wNyG srqeqdaBok0pEBl4JY2ODNLAg5ZLxNxnNJfSKDO+zEcWaARFUnicp5DIpNanQwOM X369z55bOpv1/5kyG/fvz34V+FpF7cRlSDTFWNr0S0ZSMFkBCV0kS2ZQjpA9aY1W mEqsN+MD+G0XS8DsDSSdkQFnVMjuTh3j2YGPoSwfeeXh6pLZevzS+MRw2P1Mo6Bz ThAUHpz5XHMKeJlFH70UHE+1q/BoH0C2eUFBI8wIslFQqamg/4tKoO5iNP3Tt3iM i+V2rMyMJZjwfJ1A7jOGQa8hgGgZ0NhSAky+aGY3KJGjMQABw8Biit7Kh90gjhyK GZSqSyFHYysKCSN1+K8M9GOOOLb32xO/DJ/t1aZLdaqxyvG70v1cNFaWOUgWLa4O 9xn3FAhWjhxAUoXoz1Jt+dS1zUiprIr23qkWD71R+PeLF1exX9wh30CrUIvCMNXR 1SmRSjsGtdzD/vPfU09qj8sVc8TjJwVp4QFMS1M57QxFUv+gVj41S1aYHQecn0OO HUegUvqHxmxSWkh0scRZiONS6Y5iHtqQ1ylE40jFTXrGgg3RbtAwXTKPwwlV4v7z 7Q9B0s+Qn4xg1QVNAp1p2rpxJC+JJATDgEsinxND5i5zLf3V+WE= =0kU6 -----END PGP SIGNATURE----- --=-=-=--