Enforced HTTPS for ‘mirrors.jenkins.io’ and consolidation of the Jenkins Mirrors

When a download request is emitted to either mirrors.jenkins.io or get.jenkins.io, an HTTP redirect response to a mirror download server is answered.

The Jenkins infrastructure uses a database of existing mirror servers provided by volunteers and donators to select the closest mirror to your location:
this is currently the role of the distinct mirrors.jenkins.io and get.jenkins.io services.

The system behind mirrors.jenkins.io is using a software named “mirrorbrain” and was originally used by the Jenkins infrastructure to provide download redirections to mirrors.

A new system was introduced in 2020: get.jenkins.io, using “mirrorbits” which is a great fit for a Kubernetes environment (lightweight, horizontally scalable) and provides a set of nice WebUI features to see the mirror list and grading.

INFO: Try it by yourself, check the mirrors providing the latest Jenkins LTS distribution: https://get.jenkins.io/war-stable/2.332.3/jenkins.war?mirrorlist

It’s been 2 years and the new system is clearly the most reliable: that’s why we, the Jenkins Infrastructure team, want to retire the “mirrorbrain” system.

In consequence, the 19th of May 2022, the domain name mirrors.jenkins.io will be changed to point to the actual “mirrorbits” system already available at get.jenkins.io.

This consolidation ensures all users downloading a Jenkins package or a plugin will use the closest download mirror to their location, without having to maintain 2 distinct systems.

The main consequence is that the HTTPS protocol will be enforced for the request to the domain mirrors.jenkins.io.

The “mirrorbrain” system currently serving requests behind the domain mirrors.jenkins.io is not available through HTTPS, which is a safety issue for users downloading files.

The 19th of May 2022, that won’t be the case anymore: like get.jenkins.io, HTTPS will be available and enforced for the requests going through the domain mirrors.jenkins.io.