Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Website redundancy

:warning: This process will become outdated with tpo/tpa/team#41947 and this page should then be updated.

Our website is served in more than one place and we use PowerDNS's LUA records feature1 together with the ifurlextup LUA function2 to only serve the mirrors that are up in a certain moment.

Health checks

Periodic health checks are conducted by the urlupd3 homegrown service: it queries a set of IPs passed via the POOL environment variable and checks whether they respond to the tails.net domain over HTTPS in port 443. State is maintained and then served over HTTP in localhost's port 8000 in the format ifurlextup understands.

DNS record

In the zone file, we need something like this:

tails.net	150	IN	LUA	A	("ifurlextup({{"
						 "['204.13.164.63']='http://127.0.0.1:8000/204.13.164.63',"
						 "['94.142.244.34']='http://127.0.0.1:8000/94.142.244.34'"
						 "}})")

Outages

Assuming at least one mirror is up, the duration of a website outage from a user's perspective should last no more than the sum of the period of health checks and the DNS record TTL. At the time of writing, this amounts to 180 seconds.

Website statistics

For sake of simplicity, we reuse our previous setup and website statistics are sent by each mirror to tails-dev@boum.org by a script run by cron once a month[4][]. Individual stats have to be summed to get the total number of boots and OpenPGP signature downloads.