Changes between Version 29 and Version 30 of Mirroring


Ignore:
Timestamp:
Jul 29, 2020, 6:36:00 AM (4 years ago)
Author:
ryandesign (Ryan Carsten Schmidt)
Comment:

Add SSL information

Legend:

Unmodified
Added
Removed
Modified

  • Mirroring

    v29 v30  
    1515* GPS coordinates of your mirror's approximate location that we may display on a map. You may provide the coordinates of the above airport if you don't want to be more specific.
    1616* Your mirror's existing hostname. We will create new hostnames abc.xy.distfiles.macports.org, abc.xy.packages.macports.org and abc.xy.rsync.macports.org (where "abc" is your airport code and "xy" is your country code) `CNAME`d to your existing hostname.
     17* Whether your server can be accessed over only http or only [#SSL https] or both.
    1718* The email address of the server's administrator. We will list this on our mirrors page and MacPorts users might report problems to this address.
    1819* Your mirror's upstream Internet connection speed and whether or not your mirror supports IPv6. We will list this information on our mirrors page.
     
    8889== Web server
    8990
    90 MacPorts retrieves files from ''packages'' and ''distfiles'' via http. MacPorts automatically downloads these files from whichever mirror is closest. So you should run a web server to make these modules available.
    91 
    92 The contents of the ''packages'' module should be made available directly under !http://abc.xy.packages.macports.org/ and the contents of the ''distfiles'' module should be made available directly under !http://abc.xy.distfiles.macports.org/. It is not necessary to provide the contents of the ''release'' or ''trunk'' modules via http.
     91MacPorts retrieves files from ''packages'' and ''distfiles'' via http or https. MacPorts automatically downloads these files from whichever mirror is closest. So you should run a web server to make these modules available.
     92
     93The contents of the ''packages'' module should be made available directly under !http(s)://abc.xy.packages.macports.org/ and the contents of the ''distfiles'' module should be made available directly under !http(s)://abc.xy.distfiles.macports.org/. It is not necessary to provide the contents of the ''release'' or ''trunk'' modules via http.
    9394
    9495**Note:** If you are currently providing the contents of the ''packages'' or ''distfiles'' modules in a subdirectory of your MacPorts mirror hostname, you should reconfigure your web server to provide the contents directly under the MacPorts mirror hostname, and let us know so we can update archive_sites.tcl and/or mirror_sites.tcl. You should configure HTTP 301 redirects from the previously-used URLs to the new ones.
    9596
    9697Directory listings should be turned on. URL spelling correction and multiviews must be turned off. There are sample web server configurations below.
     98
     99== SSL
     100
     101MacPorts verifies the integrity of downloaded files via checksums or signatures so your mirror is not required to provide access via https, but you can if you wish. [https://letsencrypt.org Let's Encrypt] offers free SSL certificates which can be used. Please add your `abc.xy.(distfiles|packages|rsync).macports.org` hostnames as Subject Alternative Names in your SSL certificate.
     102
     103We suggest you continue to provide access via http, even if you also provide access via https. MacPorts still supports very old OS versions such as Mac OS X 10.4 Tiger, and the version of OpenSSL in old OS versions is not able to communicate with modern SSL web servers. (The cutoff version depends on which encryption algorithms you've configured your web server to allow.) You can disallow http access if you wish, but if you do so it will limit the OS versions that are able to connect to your server.
    97104
    98105== Add mirror to MacPorts