Setting up a Debian archive mirror

Whether to mirror

While we appreciate new mirrors, every prospective mirror maintainer should make sure that they can answer these questions before trying to start their own mirror:

What to mirror

The main mirror page lists the archives available for mirroring.

Please see the mirror size page for more precise information about mirror sizes.

The debian-security/ archives contain the security updates released by the Debian security team. While it sounds interesting to everyone, we do not recommend to our users to use mirrors to obtain security updates and instead ask them to directly download them from our distributed security.debian.org service. We recommend debian-security not be mirrored.

Where to mirror from

Note that ftp.debian.org is not canonical location of Debian packages, instead it is merely one of several servers that get updated from an internal Debian server. There are many public mirrors which support rsync and that are good to mirror from. Please use one that is close to you network-wise.

You should avoid mirroring from any service name that resolves to more than one address (such as ftp.us.debian.org) as this might cause you to sync between different states across your own mirror-runs should your upstream mirrors get out of sync. Also note that HTTP is the only service that we guarantee to exist on ftp.CC.debian.org. If you want to mirror using rsync (using ftpsync as recommended), we suggest you pick the proper site name for the machine that currently provides the ftp.CC.debian.org. (Consult the /debian/project/trace directory of that server to learn it).

How to mirror

The recommended method of mirroring is with the ftpsync scriptset, available in those forms:

Do not use your own scripts, and do not just use single-pass rsyncs. Using ftpsync ensures updates are done in a way so that apt does not get confused. In particular, ftpsync processes translations, contents, and other metadata files in an order such that apt is not running into validation errors should a user update the package list while a mirror-run is in progress. Furthermore, it also produces trace files that contain more information that is useful for determining whether a mirror works, what architectures it carries, and where it syncs from.

Partial mirroring

Considering the already large size of Debian archive, it might be advisable to only mirror parts of the archive. Public mirrors should carry all suites (testing, unstable, etc.), but they may restrict the architecture set that they carry. The configuration file for ftpsync has ARCH_EXCLUDE and ARCH_INCLUDE settings for this purpose.

When to mirror

The main archive gets updated four times a day. The mirrors commonly start updating around 3:00, 9:00, 15:00 and 21:00 (all times UTC), but these are never fixed times and you should not fixate your mirror on them.

Your mirror should update a few hours after one of the main archive mirror pulses. You should check if the site you're mirroring from leaves a time stamp file in their project/trace/ subdirectory. The time stamp file will be named like that site, and it will contain the completion time of their last mirror update. Add a couple of hours to that time (to be safe) and mirror then.

It is essential that your mirror is in sync with the main archive. A minimum of 4 updates per 24 hours will ensure that your mirror is a true reflection of the archive. Please understand that mirrors that are not in sync with the main archive will not be listed in the official mirrors listing.

The easiest way to automatically have the mirror run every day is to use cron. See man crontab for details.

Note that if your site is being triggered with a push mechanism, then you don't need to worry about any of this.

Push-triggered mirroring

Push mirroring is a form of mirroring that we have developed to minimize the time it takes for changes to the archive to reach mirrors. An upstream mirror uses an SSH trigger to tell the downstream mirror to update itself. For a more detailed description of how this works, why it is secure, and how to set a push mirror, please see the complete explanation.

Recommended additional settings

Public mirrors should make the Debian archive available over HTTP at /debian.

Furthermore, please ensure directory listings are enabled (with full length filenames) and symlinks followed. If you use Apache, something like this might work:

<Directory /path/to/your/debian/mirror>
   Options +Indexes +SymlinksIfOwnerMatch
   IndexOptions NameWidth=* +SuppressDescription
</Directory>

How to add a mirror to the mirror list

If you would like to have your mirror listed on the official mirrors list please:

Once the mirror is set up, it should be registered with Debian in order to get included in the official mirror list. Submissions can be done using our simple web form.

Any problems or enquiries can be sent to mirrors@debian.org.

Mailinglists

There are two public mailing lists about Debian mirrors, debian-mirrors-announce and debian-mirrors. We encourage all mirror maintainers to subscribe to the announcement list as it will be used for any important announcements. This list is moderated and will receive only a low amount of traffic. The second mailing list is meant for general discussion and is open to all.

If you have any questions that aren't answered on these web pages, you can contact us at mirrors@debian.org or using IRC, #debian-mirrors on irc.debian.org.

Notes for private (partial) mirrors

If you want to operate a mirror for your own site only, and you need to carry only a subset of suites (such as stable), debmirror might be a good fit for you also.