Enforced HTTPS for ‘mirrors.jenkins.io’ and consolidation of the Jenkins Mirrors

The Jenkins project provides a download mirror infrastructure allowing to download Jenkins packages and plugins from a download server close to your location.

How Does it Work?

When a download request is emitted to either mirrors.jenkins.io or get.jenkins.io, an HTTP redirect response to a mirror download server is answered.

The Jenkins infrastructure uses a database of existing mirror servers provided by volunteers and donators to select the closest mirror to your location:
this is currently the role of the distinct mirrors.jenkins.io and get.jenkins.io services.

Consolidation

The system behind mirrors.jenkins.io is using a software named “mirrorbrain” and was originally used by the Jenkins infrastructure to provide download redirections to mirrors.

A new system was introduced in 2020: get.jenkins.io, using “mirrorbits” which is a great fit for a Kubernetes environment (lightweight, horizontally scalable) and provides a set of nice WebUI features to see the mirror list and grading.

INFO: Try it by yourself, check the mirrors providing the latest Jenkins LTS distribution: https://get.jenkins.io/war-stable/2.332.3/jenkins.war?mirrorlist

It’s been 2 years and the new system is clearly the most reliable: that’s why we, the Jenkins Infrastructure team, want to retire the “mirrorbrain” system.

In consequence, the 19th of May 2022, the domain name mirrors.jenkins.io will be changed to point to the actual “mirrorbits” system already available at get.jenkins.io.

This consolidation ensures all users downloading a Jenkins package or a plugin will use the closest download mirror to their location, without having to maintain 2 distinct systems.

Enforced HTTPS

The main consequence is that the HTTPS protocol will be enforced for the request to the domain mirrors.jenkins.io.

The “mirrorbrain” system currently serving requests behind the domain mirrors.jenkins.io is not available through HTTPS, which is a safety issue for users downloading files.

The 19th of May 2022, that won’t be the case anymore: like get.jenkins.io, HTTPS will be available and enforced for the requests going through the domain mirrors.jenkins.io.

What Does It Change for Me?

  • Short answer: nothing. You should already be using the domain get.jenkins.io as it’s been the default since almost 2 years, and the content served by both system is the same.

  • Long answer: if you are still using the former mirrors.jenkins.io and are not able to switch to get.jenkins.io, you’ll see the following changes:

  • 🌍 The mirror usually selected might change as the grading system on mirrorbits is different (and covers way more mirrors): faster downloads for you!

  • 🔐 Your HTTP requests will be redirected to their corresponding URL using the HTTPS protocol with a valid TLS certificate signed by the Let’s Encrypt authority: improved safety!

  • ⚠️ The IP pointed by the DNS record mirrors.jenkins.io will change from 52.202.51.185 to 52.167.253.43: upgrade your proxies!

Originally posted on Jenkins Blog
Author:

Deja una respuesta

Tu dirección de correo electrónico no será publicada.