[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#698477: Re: Bug#698477: Do we really need mirror in AWS?

On 22/07/16 10:18 AM, James Bromberger wrote:
> Tim,
> It's origin is ftp.debian.org. See more details in here:
> http://meetings-archive.debian.net/pub/debian-meetings/2013/debconf13/high/1036_AWS_Debian.ogv
> Let me know if there is a better upstream to have as an origin -
> preferably one that sets Cache-Control headers on the HTTP responses to
> keep the various paths fresh in the cache nodes. Current setup passes
> all URLs for /debian/dists/ to an Apache mid-tier that proxies requests
> to the same origin (ftp.us.debian.org) but adds Cache-Control max-age
> headers of various timings (from 60 seconds to 15 minutes). For example,
> the auto-indexes of the folders are fresh, but the individual objects
> with time-stamped names are cached a little longer (they dont change
> once generated).
Unfortunately I can not tell, what mirror would be better as an origin.
So far every mirror I tried didn't have cache-control set.
The alternative would be to keep Debian mirror on S3 and use it as CF
origin. S3 allows setting cache parameters for each file, although it
doesn't generate nice indexes for directories.

Also we can control TTL in the CloudFormation,  by setting MinTTL,
MaxTTL and DefaultTTL
and do it per path pattern

> Tim, would you like a login to the account to see the config first-hand?
That would be interesting to see, thank you.
> Attached CloudFormation template (just made - not what is in active
> service).
I'll take a closer look later tomorrow, for now I tried to validate it
and found  small typo :)

--- old.json 2016-07-24 00:15:49.389101428 -0400
+++ new.json     2016-07-24 00:15:02.492767311 -0400
@@ -215,7 +215,7 @@
       "PriceClass": "PriceClass_All",
       "ViewerCertificate": {
-        "IamCertificateId": { "Ref": "IamCertificateid" },
+        "IamCertificateId": { "Ref": "IamCertificateId" },
         "MinimumProtocolVersion": "TLSv1",
         "SslSupportMethod": "sni-only"

>  James

Reply to: