Setting up a Debian archive mirror
- Whether to mirror
- What to mirror
- Where to mirror from
- How to mirror
- Partial mirroring
- When to mirror
- Recommended additional settings
- How to add a mirror to the mirror list
- Notes for private (partial) mirrors
While we appreciate new mirrors, every prospective mirror maintainer should make sure that they can answer these questions before trying to start their own mirror:
- Is a mirror necessary at my location? Maybe there are already mirrors nearby.
- Do I have the resources to host a mirror? Mirrors take up considerable disk space and bandwidth, one has to be able to commit to the cost.
- Is a mirror the right choice? If you primarily want to support users at your ISP/facility, then maybe a caching proxy such as apt-cacher-ng, squid, or varnish might be the better choice.
The main mirror page lists the archives available for mirroring.
- Users will look for the debian/ archive to install Debian over the network, to build CDs from (with jigdo), and to upgrade already installed systems. We recommend you mirror this repository.
debian-cd/ is an archive that isn't identical across all the different
mirror servers. On some sites it contains jigdo templates to build CD images
from (used in combination with files from debian/), on some it contains
already built CD images, and on some sites both.
Please see the page for mirroring the CD images for further information on this.
- debian-archive/ contains the true archive, the old and obsolete versions of Debian. It will generally be interesting only to a small segment of users. (If you don't know whether you want to mirror this, you probably don't.)
Please see the mirror size page for more precise information about mirror sizes.
The debian-security/ archives contain the security updates released by the Debian security team. While it sounds interesting to everyone, we do not recommend to our users to use mirrors to obtain security updates and instead ask them to directly download them from our distributed security.debian.org service. We recommend debian-security not be mirrored.
ftp.debian.org is not canonical location of Debian
packages, instead it is merely one of several servers that get updated from an
internal Debian server.
There are many public mirrors which support rsync
and that are good to mirror from. Please use one that is close to you
You should avoid mirroring from any service name that resolves to more
than one address (such as
ftp.us.debian.org) as this might cause
you to sync between different states across your own mirror-runs should your
upstream mirrors get out of sync.
Also note that HTTP is the only service that we guarantee to exist on
ftp.CC.debian.org. If you want to mirror using rsync (using
ftpsync as recommended), we suggest you pick the proper site name for the
machine that currently provides the
/debian/project/trace directory of that server to learn it).
The recommended method of mirroring is with the ftpsync scriptset, available in two forms:
- as a tarball from https://ftp-master.debian.org/ftpsync.tar.gz
- as a git repository: git clone https://anonscm.debian.org/git/mirror/archvsync.git (see https://anonscm.debian.org/cgit/mirror/archvsync.git/)
Do not use your own scripts, and do not just use single-pass rsyncs. Using ftpsync ensures updates are done in a way so that apt does not get confused. In particular, ftpsync processes translations, contents, and other metadata files in an order such that apt is not running into validation errors should a user update the package list while a mirror-run is in progress. Furthermore, it also produces trace files that contain more information that is useful for determining whether a mirror works, what architectures it carries, and where it syncs from.
Considering the already large size of Debian archive, it might be advisable to only mirror parts of the archive. Public mirrors should carry all suites (testing, unstable, etc.), but they may restrict the architecture set that they carry. The configuration file for ftpsync has ARCH_EXCLUDE and ARCH_INCLUDE settings for this purpose.
The main archive gets updated four times a day. The mirrors commonly start updating around 3:00, 9:00, 15:00 and 21:00 (all times UTC), but these are never fixed times and you should not fixate your mirror on them.
Your mirror should update a few hours after one of the main archive mirror pulses. You should check if the site you're mirroring from leaves a time stamp file in their project/trace/ subdirectory. The time stamp file will be named like that site, and it will contain the completion time of their last mirror update. Add a couple of hours to that time (to be safe) and mirror then.
It is essential that your mirror is in sync with the main archive. A minimum of 4 updates per 24 hours will ensure that your mirror is a true reflection of the archive. Please understand that mirrors that are not in sync with the main archive will not be listed in the official mirrors listing.
The easiest way to automatically have the mirror run every day is to use cron. See man crontab for details.
Note that if your site is being triggered with a push mechanism, then you don't need to worry about any of this.
Push mirroring is a form of mirroring that we have developed
to minimize the time it takes for changes to the archive to reach mirrors.
An upstream mirror uses an SSH trigger to tell the downstream mirror to
For a more detailed description of how this works, why it is secure, and
how to set a push mirror, please see the complete
Public mirrors should make the Debian archive available over HTTP at
Furthermore, please ensure directory listings are enabled (with full length filenames) and symlinks followed. If you use Apache, something like this might work:
<Directory /path/to/your/debian/mirror> Options +Indexes +SymlinksIfOwnerMatch IndexOptions NameWidth=* +SuppressDescription </Directory>
If you would like to have your mirror listed on the official mirrors list please:
- Ensure that your mirror synchronizes 4 times per 24 hours with the archive
- Ensure that your mirror includes the source files for the architectures the mirror carries
Any problems or enquiries can be sent to email@example.com.
There are two public mailing lists about Debian mirrors, debian-mirrors-announce and debian-mirrors. We encourage all mirror maintainers to subscribe to the announcement list as it will be used for any important announcements. This list is moderated and will receive only a low amount of traffic. The second mailing list is meant for general discussion and is open to all.
If you have any questions that aren't answered on these web pages, you can contact us at firstname.lastname@example.org or using IRC, #debian-mirrors on irc.debian.org.
If you want to operate a mirror for your own site only, and you need to carry only a subset of suites (such as stable), debmirror might be a good fit for you also.