[MacPorts] Mirroring modified

MacPorts Wiki noreply at macports.org
Wed Jul 29 06:36:00 UTC 2020 

Page "Mirroring" was changed by ryandesign
Diff URL: <https://trac.macports.org/wiki/Mirroring?action=diff&version=30>
Revision 30
Comment: Add SSL information
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: Mirroring
=========================================================================
--- Mirroring (version: 29)
+++ Mirroring (version: 30)
@@ -14,6 +14,7 @@
 * The city, state/province and [wikipedia:ISO_3166-1_alpha-2 ISO 3166-1 alpha-2 country code] where your mirror is located and the [wikipedia:International_Air_Transport_Association_airport_code IATA airport code] of the closest airport. The airport code and country code will become your MacPorts mirror name.
 * GPS coordinates of your mirror's approximate location that we may display on a map. You may provide the coordinates of the above airport if you don't want to be more specific.
 * Your mirror's existing hostname. We will create new hostnames abc.xy.distfiles.macports.org, abc.xy.packages.macports.org and abc.xy.rsync.macports.org (where "abc" is your airport code and "xy" is your country code) `CNAME`d to your existing hostname.
+* Whether your server can be accessed over only http or only [#SSL https] or both.
 * The email address of the server's administrator. We will list this on our mirrors page and MacPorts users might report problems to this address.
 * Your mirror's upstream Internet connection speed and whether or not your mirror supports IPv6. We will list this information on our mirrors page.
 
@@ -87,13 +88,19 @@
 
 == Web server
 
-MacPorts retrieves files from ''packages'' and ''distfiles'' via http. MacPorts automatically downloads these files from whichever mirror is closest. So you should run a web server to make these modules available.
-
-The contents of the ''packages'' module should be made available directly under !http://abc.xy.packages.macports.org/ and the contents of the ''distfiles'' module should be made available directly under !http://abc.xy.distfiles.macports.org/. It is not necessary to provide the contents of the ''release'' or ''trunk'' modules via http.
+MacPorts retrieves files from ''packages'' and ''distfiles'' via http or https. MacPorts automatically downloads these files from whichever mirror is closest. So you should run a web server to make these modules available.
+
+The contents of the ''packages'' module should be made available directly under !http(s)://abc.xy.packages.macports.org/ and the contents of the ''distfiles'' module should be made available directly under !http(s)://abc.xy.distfiles.macports.org/. It is not necessary to provide the contents of the ''release'' or ''trunk'' modules via http.
 
 **Note:** If you are currently providing the contents of the ''packages'' or ''distfiles'' modules in a subdirectory of your MacPorts mirror hostname, you should reconfigure your web server to provide the contents directly under the MacPorts mirror hostname, and let us know so we can update archive_sites.tcl and/or mirror_sites.tcl. You should configure HTTP 301 redirects from the previously-used URLs to the new ones.
 
 Directory listings should be turned on. URL spelling correction and multiviews must be turned off. There are sample web server configurations below.
+
+== SSL
+
+MacPorts verifies the integrity of downloaded files via checksums or signatures so your mirror is not required to provide access via https, but you can if you wish. [https://letsencrypt.org Let's Encrypt] offers free SSL certificates which can be used. Please add your `abc.xy.(distfiles|packages|rsync).macports.org` hostnames as Subject Alternative Names in your SSL certificate.
+
+We suggest you continue to provide access via http, even if you also provide access via https. MacPorts still supports very old OS versions such as Mac OS X 10.4 Tiger, and the version of OpenSSL in old OS versions is not able to communicate with modern SSL web servers. (The cutoff version depends on which encryption algorithms you've configured your web server to allow.) You can disallow http access if you wish, but if you do so it will limit the OS versions that are able to connect to your server.
 
 == Add mirror to MacPorts
 
-------8<------8<------8<------8<------8<------8<------8<------8<--------

--
Page URL: <https://trac.macports.org/wiki/Mirroring>
MacPorts <https://www.macports.org/>
Ports system for macOS

This is an automated message. Someone added your email address to be
notified of changes on 'Mirroring' page.
If it was not you, please report to admin at macports.org.

More information about the macports-changes mailing list