Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3966

Provide a CDN for artifacts download links



    • Type: Task
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Sprint:
      MEN Sprint 137
    • Story Points:
    • Backlog:
    • Days in progress:


      Use a proxy to provide a single point of access for artifacts download links while being able to forward requests to anyplace.
      Consider Content Delivery Network solution (CDN) like Cloudfront or similar.

      Acceptance criteria:

      • Make the hostname in the artifacts download URL configurable on a global (config file/env variable) way
      • Make the hostname in the artifacts download URL overridable on a per-tenant level, providing an optional field in tenantadm
      • If the hostname is specified, URLs provided by deployments service do not lead directly to AWS

      Keep in mind the mainland China issue, as originally pointed out on Mender Hub by Guillaumekh:

      To put it simply, you really need to put a CDN in front of S3. It’s dead easy to setup and will do wonders for your deliverability issues (yeah you have some :wink:). Right now, AFAICT all artefact downloads are served straight from S3 us-east-1. This yields some really bad bandwidth and latency in a lot of corners of the world — which is rather fine for OTA updates — and a high failure rate in mainland China, which is very much less fine. You can enable S3 logging to monitor and put a number on that if you’re interested.
      For the world, a simple Cloudfront CDN will do magic and can likely be deployed to production in minutes. For mainland China, you’ll need a private link through the GFW which can be obtained from one of the Chinese ISPs (China Telecom, China Unicom, China Mobile), so your Chinese CDN PoPs have a reliable link to your S3 origin. Expect something in the 1-5k$/mo range for the link, and you’ll need to setup a Chinese company to obtain an ICP number. Larger CDN providers like Verizon or Akamai can likely provide a more streamlined, one-stop solution.


          Release management

            Issue Links



                tranchitella Fabio Tranchitella
                merlin Peter Grzybowski
                0 Vote for this issue
                8 Start watching this issue