From 72523b127bc1fe1b9455ae2ae7cdac03aa368c12 Mon Sep 17 00:00:00 2001
From: Lars Francke <git@lars-francke.de>
Date: Tue, 17 Sep 2024 11:12:13 +0200
Subject: [PATCH 1/4] Add a curlrc file

This adds a curlrc file with sane defaults including retries etc. which can be used for all our Docker builds without having to specify all flags (e.g. fail) every time
---
 airflow/Dockerfile              |  2 +-
 druid/Dockerfile                |  4 +--
 hadoop/Dockerfile               | 10 ++++----
 hbase/Dockerfile                | 10 ++++----
 hello-world/Dockerfile          |  2 +-
 hive/Dockerfile                 |  4 +--
 kafka/Dockerfile                |  6 ++---
 kcat/Dockerfile                 |  2 +-
 nifi/Dockerfile                 | 16 ++++++------
 omid/Dockerfile                 |  2 +-
 opa/Dockerfile                  |  2 +-
 spark-k8s/Dockerfile            | 22 ++++++++---------
 stackable-base/Dockerfile       |  5 ++++
 stackable-base/stackable/curlrc | 43 +++++++++++++++++++++++++++++++++
 statsd_exporter/Dockerfile      |  2 +-
 testing-tools/Dockerfile        |  2 +-
 tools/Dockerfile                |  4 +--
 trino-cli/Dockerfile            |  2 +-
 trino/Dockerfile                |  6 ++---
 ubi8-rust-builder/Dockerfile    |  2 +-
 ubi9-rust-builder/Dockerfile    |  2 +-
 zookeeper/Dockerfile            |  4 +--
 22 files changed, 101 insertions(+), 53 deletions(-)
 create mode 100644 stackable-base/stackable/curlrc

diff --git a/airflow/Dockerfile b/airflow/Dockerfile
index 6c30adc66..00b5a951c 100644
--- a/airflow/Dockerfile
+++ b/airflow/Dockerfile
@@ -101,7 +101,7 @@ RUN mkdir -pv ${AIRFLOW_HOME} && \
     mkdir -pv ${AIRFLOW_HOME}/dags && \
     mkdir -pv ${AIRFLOW_HOME}/logs && \
     chown --recursive stackable:stackable ${AIRFLOW_HOME} && \
-    curl --fail -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/tini/tini-${TINI}-${TARGETARCH}"
+    curl -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/tini/tini-${TINI}-${TARGETARCH}"
 
 COPY airflow/stackable/utils/entrypoint.sh /entrypoint.sh
 COPY airflow/stackable/utils/run-airflow.sh /run-airflow.sh
diff --git a/druid/Dockerfile b/druid/Dockerfile
index 62e0456eb..e0e3eea26 100644
--- a/druid/Dockerfile
+++ b/druid/Dockerfile
@@ -48,7 +48,7 @@ RUN --mount=type=cache,id=maven-${PRODUCT},uid=1000,target=/stackable/.m2/reposi
     --mount=type=cache,id=npm-${PRODUCT},uid=1000,target=/stackable/.npm \
     --mount=type=cache,id=cache-${PRODUCT},uid=1000,target=/stackable/.cache \
     <<EOF
-curl --fail -L "https://repo.stackable.tech/repository/packages/druid/apache-druid-${PRODUCT}-src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/druid/apache-druid-${PRODUCT}-src.tar.gz" | tar -xzC .
 cd apache-druid-${PRODUCT}-src
 ./patches/apply_patches.sh ${PRODUCT}
 
@@ -71,7 +71,7 @@ fi
 # testdata in kuttl tests and the getting started guide.
 
 # Install OPA authorizer extension.
-curl --fail -L "https://repo.stackable.tech/repository/packages/druid/druid-opa-authorizer-${AUTHORIZER}.tar.gz" | tar -xzC /stackable/apache-druid-${PRODUCT}/extensions
+curl "https://repo.stackable.tech/repository/packages/druid/druid-opa-authorizer-${AUTHORIZER}.tar.gz" | tar -xzC /stackable/apache-druid-${PRODUCT}/extensions
 EOF
 
 FROM stackable/image/java-base AS final
diff --git a/hadoop/Dockerfile b/hadoop/Dockerfile
index 98dfa7c02..8f011c218 100644
--- a/hadoop/Dockerfile
+++ b/hadoop/Dockerfile
@@ -20,20 +20,20 @@ COPY hadoop/stackable/fuse_dfs_wrapper /stackable/fuse_dfs_wrapper
 # At the same time a new HDFS Operator will still work with older images which do not have the symlink to the versionless jar.
 # After one of our next releases (23.11 or 24.x) we should update the operator to point at the non-versioned symlink (jmx_prometheus_javaagent.jar)
 # And then we can also remove the symlink to 0.16.1 from this Dockerfile.
-RUN curl --fail "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" && \
+RUN curl "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" && \
     chmod -x "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" && \
     ln -s "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" /stackable/jmx/jmx_prometheus_javaagent.jar && \
     ln -s /stackable/jmx/jmx_prometheus_javaagent.jar /stackable/jmx/jmx_prometheus_javaagent-0.16.1.jar
 
 RUN ARCH="${TARGETARCH/amd64/x64}" && \
-    curl --fail -L "https://repo.stackable.tech/repository/packages/async-profiler/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}.tar.gz"  | tar -xzC . && \
+    curl "https://repo.stackable.tech/repository/packages/async-profiler/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}.tar.gz"  | tar -xzC . && \
     ln -s "/stackable/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}" /stackable/async-profiler
 
 # This Protobuf version is the exact version as used in the Hadoop Dockerfile
 # See https://github.com/apache/hadoop/blob/trunk/dev-support/docker/pkg-resolver/install-protobuf.sh
 # (this was hardcoded in the Dockerfile in earlier versions of Hadoop, make sure to look at the exact version in Github)
 WORKDIR /opt/protobuf-src
-RUN curl --fail -L -s -S https://repo.stackable.tech/repository/packages/protobuf/protobuf-java-${PROTOBUF}.tar.gz -o /opt/protobuf.tar.gz && \
+RUN curl https://repo.stackable.tech/repository/packages/protobuf/protobuf-java-${PROTOBUF}.tar.gz -o /opt/protobuf.tar.gz && \
     tar xzf /opt/protobuf.tar.gz --strip-components 1 --no-same-owner && \
     ./configure --prefix=/opt/protobuf && \
     make "-j$(nproc)" && \
@@ -60,7 +60,7 @@ COPY hadoop/stackable/patches /stackable/patches
 # Also skip building the yarn, mapreduce and minicluster modules: this will result in the modules being excluded but not all
 # jar files will be stripped if they are needed elsewhere e.g. share/hadoop/yarn will not be part of the build, but yarn jars
 # will still exist in share/hadoop/tools as they would be needed by the resource estimator tool. Such jars are removed in a later step.
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/hadoop/hadoop-${PRODUCT}-src.tar.gz" | tar -xzC . && \
+RUN curl "https://repo.stackable.tech/repository/packages/hadoop/hadoop-${PRODUCT}-src.tar.gz" | tar -xzC . && \
     patches/apply_patches.sh ${PRODUCT} && \
     cd hadoop-${PRODUCT}-src && \
     mvn --no-transfer-progress clean package -Pdist,native -pl '!hadoop-tools/hadoop-pipes,!hadoop-yarn-project,!hadoop-mapreduce-project,!hadoop-minicluster' -Drequire.fuse=true -DskipTests -Dmaven.javadoc.skip=true && \
@@ -99,7 +99,7 @@ WORKDIR /stackable
 # labels to build a rackID from.
 # Starting with hdfs-utils version 0.3.0 the topology provider is not a standalone jar anymore and included in hdfs-utils.
 
-RUN curl --fail -L "https://github.com/stackabletech/hdfs-utils/archive/refs/tags/v${HDFS_UTILS}.tar.gz" | tar -xzC . && \
+RUN curl "https://github.com/stackabletech/hdfs-utils/archive/refs/tags/v${HDFS_UTILS}.tar.gz" | tar -xzC . && \
     cd hdfs-utils-${HDFS_UTILS} && \
     mvn --no-transfer-progress clean package -P hadoop-${PRODUCT} -DskipTests -Dmaven.javadoc.skip=true && \
     mkdir -p /stackable/hadoop-${PRODUCT}/share/hadoop/common/lib && \
diff --git a/hbase/Dockerfile b/hbase/Dockerfile
index d66fcc38d..961f3b2ad 100644
--- a/hbase/Dockerfile
+++ b/hbase/Dockerfile
@@ -42,7 +42,7 @@ RUN --mount=type=cache,id=maven-hbase-${PRODUCT},uid=1000,target=/stackable/.m2/
 ###
 ### HBase
 ###
-curl --fail -L "https://repo.stackable.tech/repository/packages/hbase/hbase-${PRODUCT}-src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/hbase/hbase-${PRODUCT}-src.tar.gz" | tar -xzC .
 mv hbase-${PRODUCT} hbase-${PRODUCT}-src
 
 chmod +x patches/apply_patches.sh
@@ -63,7 +63,7 @@ ln -s "/stackable/hbase-${PRODUCT}" /stackable/hbase
 ### JMX Prometheus Exporter/Agent
 ###
 if [[ -n "${JMX_EXPORTER}" ]] ; then
-  curl --fail -L "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
+  curl "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
   chmod +x "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
   ln -s "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" /stackable/jmx/jmx_prometheus_javaagent.jar
 fi
@@ -73,7 +73,7 @@ fi
 ###
 cd /stackable
 export ARCH="${TARGETARCH/amd64/x64}"
-curl --fail -L "https://repo.stackable.tech/repository/packages/async-profiler/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}.tar.gz"  | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/async-profiler/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}.tar.gz"  | tar -xzC .
 ln -s "/stackable/async-profiler-${ASYNC_PROFILER}-${TARGETOS}-${ARCH}" /stackable/async-profiler
 
 # We're removing these to make the intermediate layer smaller
@@ -144,7 +144,7 @@ WORKDIR /stackable
 # We need to explicitly give the uid to use which is hardcoded to "1000" in stackable-base
 RUN --mount=type=cache,id=maven-hbase-operator-tools,uid=1000,target=/stackable/.m2/repository <<EOF
 
-curl --fail -L "https://repo.stackable.tech/repository/packages/hbase-operator-tools/hbase-operator-tools-${HBASE_OPERATOR_TOOLS}-src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/hbase-operator-tools/hbase-operator-tools-${HBASE_OPERATOR_TOOLS}-src.tar.gz" | tar -xzC .
 mv hbase-operator-tools-${HBASE_OPERATOR_TOOLS} hbase-operator-tools-${HBASE_OPERATOR_TOOLS}-src
 chmod +x patches/apply_patches.sh
 patches/apply_patches.sh hbase-operator-tools/${HBASE_OPERATOR_TOOLS} hbase-operator-tools-${HBASE_OPERATOR_TOOLS}-src
@@ -231,7 +231,7 @@ WORKDIR /stackable
 
 RUN --mount=type=cache,id=maven-phoenix,uid=1000,target=/stackable/.m2/repository <<EOF
 cd /stackable
-curl --fail -L "https://repo.stackable.tech/repository/packages/phoenix/phoenix-${PHOENIX}-src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/phoenix/phoenix-${PHOENIX}-src.tar.gz" | tar -xzC .
 mv phoenix-${PHOENIX} phoenix-${PHOENIX}-src
 
 chmod +x patches/apply_patches.sh
diff --git a/hello-world/Dockerfile b/hello-world/Dockerfile
index e19ad8340..6792741ce 100644
--- a/hello-world/Dockerfile
+++ b/hello-world/Dockerfile
@@ -20,6 +20,6 @@ RUN microdnf update && \
 USER stackable
 WORKDIR /stackable
 
-RUN curl --fail -L https://repo.stackable.tech/repository/packages/hello-world/hello-world-${PRODUCT}.jar -o hello-world.jar
+RUN curl "https://repo.stackable.tech/repository/packages/hello-world/hello-world-${PRODUCT}.jar" -o hello-world.jar
 
 CMD ["java", "-jar", "hello-world.jar"]
diff --git a/hive/Dockerfile b/hive/Dockerfile
index 7efa76945..5398c3d76 100644
--- a/hive/Dockerfile
+++ b/hive/Dockerfile
@@ -25,7 +25,7 @@ WORKDIR /stackable
 # Cache mounts are owned by root by default
 # We need to explicitly give the uid to use which is hardcoded to "1000" in stackable-base
 RUN --mount=type=cache,id=maven-hive,uid=1000,target=/stackable/.m2/repository <<EOF
-curl --fail -L "https://repo.stackable.tech/repository/packages/hive/apache-hive-${PRODUCT}-src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/hive/apache-hive-${PRODUCT}-src.tar.gz" | tar -xzC .
 
 patches/apply_patches.sh ${PRODUCT}
 
@@ -53,7 +53,7 @@ fi
 cp /stackable/bin/start-metastore /stackable/apache-hive-metastore-${PRODUCT}-bin/bin
 rm -rf /stackable/apache-hive-${PRODUCT}-src
 
-curl --fail -L "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
+curl "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
 ln -s "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" /stackable/jmx/jmx_prometheus_javaagent.jar
 
 # We're removing these to make the intermediate layer smaller
diff --git a/kafka/Dockerfile b/kafka/Dockerfile
index eba745a14..663481b5d 100644
--- a/kafka/Dockerfile
+++ b/kafka/Dockerfile
@@ -12,7 +12,7 @@ ARG JMX_EXPORTER
 USER stackable
 WORKDIR /stackable
 
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/kafka/kafka-${PRODUCT}-src.tgz" | tar -xzC . && \
+RUN curl "https://repo.stackable.tech/repository/packages/kafka/kafka-${PRODUCT}-src.tgz" | tar -xzC . && \
     cd kafka-${PRODUCT}-src && \
     # TODO: Try to install gradle via package manager (if possible) instead of fetching it from the internet
     # We don't specify "-x test" to skip the tests, as we might bump some Kafka internal dependencies in the future and
@@ -23,11 +23,11 @@ RUN curl --fail -L "https://repo.stackable.tech/repository/packages/kafka/kafka-
     rm -rf /stackable/kafka-${PRODUCT}-src
 
 # TODO (@NickLarsenNZ): Compile from source: https://github.com/StyraInc/opa-kafka-plugin
-RUN curl --fail -L https://repo.stackable.tech/repository/packages/kafka-opa-authorizer/opa-authorizer-${OPA_AUTHORIZER}-all.jar \
+RUN curl https://repo.stackable.tech/repository/packages/kafka-opa-authorizer/opa-authorizer-${OPA_AUTHORIZER}-all.jar \
     -o /stackable/kafka_${SCALA}-${PRODUCT}/libs/opa-authorizer-${OPA_AUTHORIZER}-all.jar
 
 COPY --chown=stackable:stackable kafka/stackable/jmx/ /stackable/jmx/
-RUN curl --fail -L https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar \
+RUN curl https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar \
     -o /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar && \
     chmod +x /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar && \
     ln -s /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar /stackable/jmx/jmx_prometheus_javaagent.jar
diff --git a/kcat/Dockerfile b/kcat/Dockerfile
index 3c8360503..8d01dd04e 100644
--- a/kcat/Dockerfile
+++ b/kcat/Dockerfile
@@ -26,7 +26,7 @@ RUN microdnf update \
 
 WORKDIR /stackable
 
-RUN curl --fail -L -O https://repo.stackable.tech/repository/packages/kcat/kcat-${PRODUCT}.tar.gz \
+RUN curl -O https://repo.stackable.tech/repository/packages/kcat/kcat-${PRODUCT}.tar.gz \
     && tar xvfz kcat-${PRODUCT}.tar.gz \
     && cd kcat-${PRODUCT} \
     && ./bootstrap.sh
diff --git a/nifi/Dockerfile b/nifi/Dockerfile
index 8740b28c1..a3c5cc3fc 100644
--- a/nifi/Dockerfile
+++ b/nifi/Dockerfile
@@ -17,7 +17,7 @@ RUN microdnf update && \
 #
 WORKDIR /tmp
 RUN if [[ "${PRODUCT}" == 2.* ]] ; then \
-        curl --fail -L "https://repo.stackable.tech/repository/packages/maven/apache-maven-${MAVEN_VERSION}-bin.tar.gz" | tar -xzC . && \
+        curl "https://repo.stackable.tech/repository/packages/maven/apache-maven-${MAVEN_VERSION}-bin.tar.gz" | tar -xzC . && \
         ln -sf /tmp/apache-maven-${MAVEN_VERSION}/bin/mvn /usr/bin/mvn ; \
     fi
 
@@ -36,11 +36,11 @@ COPY --chown=stackable:stackable nifi/stackable/patches /stackable/patches
 # else branch is required to build from source.
 #
 RUN if [[ "${PRODUCT}" == "1.21.0" ]] ; then \
-        curl --fail -L 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' \
+        curl 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' \
         # This used to be located in /bin/stackable-bcrypt.jar. We create a softlink for /bin/stackable-bcrypt.jar in the main container for backwards compatibility.
         -o /stackable/stackable-bcrypt.jar && \
         # zip is different than tar and cannot be just piped, therefore the intermediate save and remove step to unzip
-        curl --fail -L https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-bin.zip -o /stackable/nifi-${PRODUCT}-bin.zip && \
+        curl https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-bin.zip -o /stackable/nifi-${PRODUCT}-bin.zip && \
         unzip /stackable/nifi-${PRODUCT}-bin.zip && \
         rm /stackable/nifi-${PRODUCT}-bin.zip && \
         # Remove generated docs in binary
@@ -49,15 +49,15 @@ RUN if [[ "${PRODUCT}" == "1.21.0" ]] ; then \
         # They need to be build from source, as https://mvnrepository.com/artifact/org.apache.nifi/nifi-iceberg-processors-nar does not ship the org.apache.hadoop.fs.s3a.S3AFileSystem (see https://github.com/apache/nifi/pull/6368#issuecomment-1502175258)
         # See https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/README.md for details on how to build them
         cd /stackable/nifi-${PRODUCT}/lib/ && \
-        curl --fail -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-processors-nar-${PRODUCT}-with-aws.nar" && \
-        curl --fail -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-services-nar-${PRODUCT}-with-aws.nar" && \
-        curl --fail -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-services-api-nar-${PRODUCT}-with-aws.nar" ; \
+        curl -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-processors-nar-${PRODUCT}-with-aws.nar" && \
+        curl -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-services-nar-${PRODUCT}-with-aws.nar" && \
+        curl -O "https://repo.stackable.tech/repository/packages/nifi/iceberg-nars/nifi-iceberg-services-api-nar-${PRODUCT}-with-aws.nar" ; \
     else \
-        curl --fail -L 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' \
+        curl 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' \
         # This used to be located in /bin/stackable-bcrypt.jar. We create a softlink for /bin/stackable-bcrypt.jar in the main container for backwards compatibility.
         -o /stackable/stackable-bcrypt.jar && \
         # Get the source release from nexus
-        curl --fail -L "https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-source-release.zip" -o "/stackable/nifi-${PRODUCT}-source-release.zip" && \
+        curl "https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-source-release.zip" -o "/stackable/nifi-${PRODUCT}-source-release.zip" && \
         unzip "nifi-${PRODUCT}-source-release.zip" && \
         # Clean up downloaded source after unzipping
         rm -rf "nifi-${PRODUCT}-source-release.zip" && \
diff --git a/omid/Dockerfile b/omid/Dockerfile
index 5f76c63cb..cc20e266e 100644
--- a/omid/Dockerfile
+++ b/omid/Dockerfile
@@ -24,7 +24,7 @@ COPY --chown=stackable:stackable omid/stackable/patches/${PRODUCT} /stackable/ph
 
 RUN --mount=type=cache,id=maven-omid-${PRODUCT},uid=1000,target=/stackable/.m2/repository <<EOF
   set -x
-  curl --fail -L https://repo.stackable.tech/repository/packages/omid/phoenix-omid-${PRODUCT}-src.tar.gz | tar -xzC .
+  curl https://repo.stackable.tech/repository/packages/omid/phoenix-omid-${PRODUCT}-src.tar.gz | tar -xzC .
   cd /stackable/phoenix-omid-${PRODUCT} || exit
   ./patches/apply_patches.sh ${PRODUCT}
   mvn --batch-mode --no-transfer-progress package -Phbase-2 -DskipTests
diff --git a/opa/Dockerfile b/opa/Dockerfile
index f325ea113..2c13fe2bb 100644
--- a/opa/Dockerfile
+++ b/opa/Dockerfile
@@ -73,7 +73,7 @@ RUN microdnf update && \
     tar && \
     microdnf clean all
 
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/opa/opa_${PRODUCT}.tar.gz" -o opa.tar.gz && \
+RUN curl "https://repo.stackable.tech/repository/packages/opa/opa_${PRODUCT}.tar.gz" -o opa.tar.gz && \
     tar -zxvf opa.tar.gz && \
     mv opa-${PRODUCT} opa
 
diff --git a/spark-k8s/Dockerfile b/spark-k8s/Dockerfile
index 88bc3e863..c166d6e54 100644
--- a/spark-k8s/Dockerfile
+++ b/spark-k8s/Dockerfile
@@ -37,7 +37,7 @@ COPY --chown=stackable:stackable spark-k8s/stackable/patches/${PRODUCT} /stackab
 #
 # This will download it's own version of maven because the UBI version is too old:
 # 134.0 [ERROR] Detected Maven Version: 3.6.3 is not in the allowed range [3.8.8,)
-RUN curl --fail -L https://repo.stackable.tech/repository/packages/spark/spark-${PRODUCT}.tgz | tar -xzf - \
+RUN curl https://repo.stackable.tech/repository/packages/spark/spark-${PRODUCT}.tgz | tar -xzf - \
     && cd spark-${PRODUCT} \
     && ./patches/apply_patches.sh ${PRODUCT} \
     && export MAVEN_OPTS="-Xss64m -Xmx2g -XX:ReservedCodeCacheSize=1g" \
@@ -49,29 +49,29 @@ RUN curl --fail -L https://repo.stackable.tech/repository/packages/spark/spark-$
 # <<< Build spark
 
 # Get the correct `tini` binary for our architecture.
-RUN curl --fail -L -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/tini/tini-${TINI}-${TARGETARCH}" \
+RUN curl -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/tini/tini-${TINI}-${TARGETARCH}" \
     && chmod +x /usr/bin/tini
 
 # We download these under dist so that log4shell checks them
 WORKDIR /stackable/spark-${PRODUCT}/dist/jars
 
 # Download various modules for Hadoop (e.g. support for s3a:// and abfs://)
-RUN curl -L --fail -O https://repo.stackable.tech/repository/packages/aws/hadoop-aws-${HADOOP_LONG_VERSION}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/aws/aws-java-sdk-bundle-${AWS_JAVA_SDK_BUNDLE}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/azure/hadoop-azure-${HADOOP_LONG_VERSION}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/azure/azure-storage-${AZURE_STORAGE}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/azure/azure-keyvault-core-${AZURE_KEYVAULT_CORE}.jar
+RUN curl -O https://repo.stackable.tech/repository/packages/aws/hadoop-aws-${HADOOP_LONG_VERSION}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/aws/aws-java-sdk-bundle-${AWS_JAVA_SDK_BUNDLE}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/azure/hadoop-azure-${HADOOP_LONG_VERSION}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/azure/azure-storage-${AZURE_STORAGE}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/azure/azure-keyvault-core-${AZURE_KEYVAULT_CORE}.jar
 
 WORKDIR /stackable/spark-${PRODUCT}/dist/extra-jars
 
 # Download jackson-dataformat-xml, stax2-api, and woodstox-core which are required for logging.
-RUN curl -L --fail -O https://repo.stackable.tech/repository/packages/jackson-dataformat-xml/jackson-dataformat-xml-${JACKSON_DATAFORMAT_XML}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/stax2-api/stax2-api-${STAX2_API}.jar \
-    && curl -L --fail -O https://repo.stackable.tech/repository/packages/woodstox-core/woodstox-core-${WOODSTOX_CORE}.jar
+RUN curl -O https://repo.stackable.tech/repository/packages/jackson-dataformat-xml/jackson-dataformat-xml-${JACKSON_DATAFORMAT_XML}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/stax2-api/stax2-api-${STAX2_API}.jar \
+    && curl -O https://repo.stackable.tech/repository/packages/woodstox-core/woodstox-core-${WOODSTOX_CORE}.jar
 
 WORKDIR /stackable/jmx
 
-RUN curl --fail -L -O "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
+RUN curl -O "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar"
 
 # ===
 # Mitigation for CVE-2021-44228 (Log4Shell)
diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile
index a67e2b49f..102935474 100644
--- a/stackable-base/Dockerfile
+++ b/stackable-base/Dockerfile
@@ -65,6 +65,8 @@ SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
 # https://github.com/stackabletech/docker-images/pull/533
 COPY stackable-base/stackable/dnf.conf /etc/dnf/dnf.conf
 
+# Default curl configuration to avoid forgetting settings and to declutter the Dockerfiles
+COPY stackable-base/stackable/curlrc /root/.curlrc
 
 # echo won't expand escape sequences. Consider printf.
 # https://github.com/koalaman/shellcheck/wiki/SC2028
@@ -140,6 +142,9 @@ echo -e "if [ -f ~/.bashrc ]; then\n\tsource ~/.bashrc\nfi" >> /stackable/.profi
 chown stackable:stackable /stackable/.bashrc
 chown stackable:stackable /stackable/.profile
 
+cp /root/.curlrc /stackable/.curlrc
+chown stackable:0 /stackable/.curlrc
+
 # CVE-2023-37920: Remove "e-Tugra" root certificates
 # e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems
 # Until they are removed by default from ca-certificates, we should remove them manually
diff --git a/stackable-base/stackable/curlrc b/stackable-base/stackable/curlrc
new file mode 100644
index 000000000..284b6694e
--- /dev/null
+++ b/stackable-base/stackable/curlrc
@@ -0,0 +1,43 @@
+# Stackable curl config file
+# https://everything.curl.dev/cmdline/configfile.html
+
+# Follow up to 30 redirects (-L), 0 by default
+# https://everything.curl.dev/http/redirects.html#tell-curl-to-follow-redirects
+location
+
+# Retry the request up to 5 times on transient errors (e.g., network issues).
+# https://everything.curl.dev/usingcurl/downloads/retry.html#retry
+retry = 10
+
+# Retry on ECONNREFUSED in addition to all the other transient errors
+# https://everything.curl.dev/usingcurl/downloads/retry.html#connection-refused
+retry-connrefused
+
+# Wait 15 seconds between retry attempts, this disables the exponential backoff
+# https://everything.curl.dev/usingcurl/downloads/retry.html#tweak-your-retries
+retry-delay = 15
+
+# Limit the total retry time to 1200 seconds (20 minutes), this is across all retries.
+# https://everything.curl.dev/usingcurl/downloads/retry.html#tweak-your-retries
+retry-max-time = 1200
+
+# Fail the request if the server returns an error (4xx or 5xx HTTP status code).
+# https://everything.curl.dev/http/response.html#http-response-codes
+fail
+
+# Set an overall timeout of 600 seconds (10 minutes) for a single download process
+# https://everything.curl.dev/usingcurl/timeouts.html#maximum-time-allowed-to-spend
+max-time = 600
+
+# Set the connection timeout to 30 seconds to avoid hanging too long on connection attempts.
+# https://everything.curl.dev/usingcurl/timeouts.html#never-spend-more-than-this-to-connect
+connect-timeout = 30
+
+# (Optional) Protect against downloading files larger than 100GB
+# https://everything.curl.dev/usingcurl/downloads/max-filesize.html#maximum-filesize
+# max-filesize = 107374182400
+
+# Suppress progress output, but still show errors
+# https://everything.curl.dev/usingcurl/verbose/index.html?highlight=silent#silence
+silent
+show-error
diff --git a/statsd_exporter/Dockerfile b/statsd_exporter/Dockerfile
index 94c28ad5f..0a084a1fc 100644
--- a/statsd_exporter/Dockerfile
+++ b/statsd_exporter/Dockerfile
@@ -19,7 +19,7 @@ microdnf clean all
 rm -rf /var/cache/yum
 
 export GOPATH=/go_cache
-curl --fail -L "https://repo.stackable.tech/repository/packages/statsd_exporter/statsd_exporter-${PRODUCT}.src.tar.gz" | tar -xzC .
+curl "https://repo.stackable.tech/repository/packages/statsd_exporter/statsd_exporter-${PRODUCT}.src.tar.gz" | tar -xzC .
 (
   cd "statsd_exporter-${PRODUCT}" || exit
   go build -o ../statsd_exporter
diff --git a/testing-tools/Dockerfile b/testing-tools/Dockerfile
index ae39b88eb..3efb417d2 100644
--- a/testing-tools/Dockerfile
+++ b/testing-tools/Dockerfile
@@ -55,7 +55,7 @@ COPY testing-tools/python /stackable/python
 COPY testing-tools/licenses /licenses
 
 ENV PATH=/stackable/keycloak/bin:$PATH
-RUN curl --fail https://repo.stackable.tech/repository/packages/keycloak/keycloak-${KEYCLOAK_VERSION}.tar.gz | tar -xzC /stackable && \
+RUN curl --fail -L https://repo.stackable.tech/repository/packages/keycloak/keycloak-${KEYCLOAK_VERSION}.tar.gz | tar -xzC /stackable && \
     ln -s /stackable/keycloak-${KEYCLOAK_VERSION} /stackable/keycloak
 
 RUN pip install --no-cache-dir --upgrade pip && \
diff --git a/tools/Dockerfile b/tools/Dockerfile
index 838d58cc2..f953fbb52 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -34,10 +34,10 @@ WORKDIR /stackable/bin
 ENV PATH=/stackable/bin:$PATH
 
 # Get latest stable version from curl -L -s https://dl.k8s.io/release/stable.txt
-RUN	curl -L https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
+RUN	curl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
     -o /stackable/bin/kubectl && chmod +x /stackable/bin/kubectl
 
-RUN	curl -L https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
+RUN	curl https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
     -o /stackable/bin/jq && \
     chmod +x /stackable/bin/jq
 
diff --git a/trino-cli/Dockerfile b/trino-cli/Dockerfile
index aa5a8a06e..75f3c48f1 100644
--- a/trino-cli/Dockerfile
+++ b/trino-cli/Dockerfile
@@ -28,7 +28,7 @@ COPY --chown=stackable:stackable trino-cli/licenses /licenses
 
 WORKDIR /stackable/trino-cli
 
-RUN curl --fail -L -O https://repo.stackable.tech/repository/packages/trino-cli/trino-cli-${PRODUCT}-executable.jar \
+RUN curl -O https://repo.stackable.tech/repository/packages/trino-cli/trino-cli-${PRODUCT}-executable.jar \
     && ln -s trino-cli-${PRODUCT}-executable.jar trino-cli-executable.jar
 
 ENTRYPOINT ["java", "-jar", "/stackable/trino-cli/trino-cli-executable.jar"]
diff --git a/trino/Dockerfile b/trino/Dockerfile
index 22a28f212..9f2ce1584 100644
--- a/trino/Dockerfile
+++ b/trino/Dockerfile
@@ -20,7 +20,7 @@ WORKDIR /stackable
 COPY --chown=stackable:stackable trino/stackable/patches/apply_patches.sh /stackable/trino-storage-${STORAGE_CONNECTOR}-src/patches/apply_patches.sh
 COPY --chown=stackable:stackable trino/stackable/patches/trino-storage/${STORAGE_CONNECTOR} /stackable/trino-storage-${STORAGE_CONNECTOR}-src/patches/${STORAGE_CONNECTOR}
 
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/trino-storage/trino-storage-${STORAGE_CONNECTOR}-src.tar.gz" | tar -xzC .
+RUN curl "https://repo.stackable.tech/repository/packages/trino-storage/trino-storage-${STORAGE_CONNECTOR}-src.tar.gz" | tar -xzC .
 # adding a hadolint ignore for SC2215, due to https://github.com/hadolint/hadolint/issues/980
 # hadolint ignore=SC2215
 RUN --mount=type=cache,target=/root/.m2/repository cd trino-storage-${STORAGE_CONNECTOR}-src && \
@@ -48,7 +48,7 @@ EOF
 
 WORKDIR /stackable
 
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/trino-server/trino-server-${PRODUCT}-src.tar.gz" | tar -xzC .
+RUN curl "https://repo.stackable.tech/repository/packages/trino-server/trino-server-${PRODUCT}-src.tar.gz" | tar -xzC .
 
 COPY --chown=stackable:stackable trino/stackable/patches/apply_patches.sh /stackable/trino-server-${PRODUCT}-src/patches/apply_patches.sh
 COPY --chown=stackable:stackable trino/stackable/patches/${PRODUCT} /stackable/trino-server-${PRODUCT}-src/patches/${PRODUCT}
@@ -108,7 +108,7 @@ WORKDIR /stackable
 COPY --chown=stackable:stackable trino/stackable/patches/apply_patches.sh /stackable/jmx_prometheus-${JMX_EXPORTER}-src/patches/apply_patches.sh
 COPY --chown=stackable:stackable trino/stackable/patches/jmx-exporter/${JMX_EXPORTER} /stackable/jmx_prometheus-${JMX_EXPORTER}-src/patches/${JMX_EXPORTER}
 
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus-${JMX_EXPORTER}-src.tar.gz" | tar -xzC .
+RUN curl "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus-${JMX_EXPORTER}-src.tar.gz" | tar -xzC .
 # adding a hadolint ignore for SC2215, due to https://github.com/hadolint/hadolint/issues/980
 # hadolint ignore=SC2215
 RUN --mount=type=cache,target=/root/.m2/repository cd jmx_prometheus-${JMX_EXPORTER}-src && \
diff --git a/ubi8-rust-builder/Dockerfile b/ubi8-rust-builder/Dockerfile
index 1fc80a459..8df839f4a 100644
--- a/ubi8-rust-builder/Dockerfile
+++ b/ubi8-rust-builder/Dockerfile
@@ -67,7 +67,7 @@ WORKDIR /opt/protoc
 # Prost does not document which version of protoc it expects (https://docs.rs/prost-build/0.12.4/prost_build/), so this should be the latest upstream version
 # (within reason).
 RUN ARCH=$(arch | sed 's/^aarch64$/aarch_64/') \
-  && curl --location --output protoc.zip "https://repo.stackable.tech/repository/packages/protoc/protoc-${PROTOC_VERSION}-linux-${ARCH}.zip" \
+  && curl --fail --location --output protoc.zip "https://repo.stackable.tech/repository/packages/protoc/protoc-${PROTOC_VERSION}-linux-${ARCH}.zip" \
   && unzip protoc.zip \
   && rm protoc.zip
 ENV PROTOC=/opt/protoc/bin/protoc
diff --git a/ubi9-rust-builder/Dockerfile b/ubi9-rust-builder/Dockerfile
index 8d16f6b90..6d3019dc7 100644
--- a/ubi9-rust-builder/Dockerfile
+++ b/ubi9-rust-builder/Dockerfile
@@ -66,7 +66,7 @@ WORKDIR /opt/protoc
 # Prost does not document which version of protoc it expects (https://docs.rs/prost-build/0.12.4/prost_build/), so this should be the latest upstream version
 # (within reason).
 RUN ARCH=$(arch | sed 's/^aarch64$/aarch_64/') \
-  && curl --location --output protoc.zip "https://repo.stackable.tech/repository/packages/protoc/protoc-${PROTOC_VERSION}-linux-${ARCH}.zip" \
+  && curl --fail --location --output protoc.zip "https://repo.stackable.tech/repository/packages/protoc/protoc-${PROTOC_VERSION}-linux-${ARCH}.zip" \
   && unzip protoc.zip \
   && rm protoc.zip
 ENV PROTOC=/opt/protoc/bin/protoc
diff --git a/zookeeper/Dockerfile b/zookeeper/Dockerfile
index 42eced6f8..21d87b91e 100644
--- a/zookeeper/Dockerfile
+++ b/zookeeper/Dockerfile
@@ -15,7 +15,7 @@ USER stackable
 WORKDIR /stackable
 
 # Download ZooKeeper sources from our own repo
-RUN curl --fail -L "https://repo.stackable.tech/repository/packages/zookeeper/apache-zookeeper-${PRODUCT}.tar.gz" | tar -xzC . && \
+RUN curl "https://repo.stackable.tech/repository/packages/zookeeper/apache-zookeeper-${PRODUCT}.tar.gz" | tar -xzC . && \
     # Apply any required patches
     patches/apply_patches.sh ${PRODUCT} && \
     cd /stackable/apache-zookeeper-${PRODUCT}/ && \
@@ -31,7 +31,7 @@ RUN curl --fail -L "https://repo.stackable.tech/repository/packages/zookeeper/ap
     rm -rf /stackable/apache-zookeeper-${PRODUCT}-bin/docs && \
     rm /stackable/apache-zookeeper-${PRODUCT}-bin/README_packaging.md && \
     # Download the JMX exporter jar from our own repo
-    curl --fail "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" \
+    curl "https://repo.stackable.tech/repository/packages/jmx-exporter/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" \
     -o "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" && \
     chmod +x "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" && \
     ln -s "/stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar" /stackable/jmx/jmx_prometheus_javaagent.jar

From a2afa606b6cb8b443eaa50f81c54bbe75acdd061 Mon Sep 17 00:00:00 2001
From: Lars Francke <lars.francke@stackable.tech>
Date: Tue, 17 Sep 2024 11:23:32 +0200
Subject: [PATCH 2/4] Update tools/Dockerfile

Co-authored-by: Nick <10092581+NickLarsenNZ@users.noreply.github.com>
---
 tools/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/Dockerfile b/tools/Dockerfile
index f953fbb52..81946690d 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -34,7 +34,7 @@ WORKDIR /stackable/bin
 ENV PATH=/stackable/bin:$PATH
 
 # Get latest stable version from curl -L -s https://dl.k8s.io/release/stable.txt
-RUN	curl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
+RUN curl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
     -o /stackable/bin/kubectl && chmod +x /stackable/bin/kubectl
 
 RUN	curl https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \

From 3041fea7c05d226447c6cdd5a9122eb25eb19322 Mon Sep 17 00:00:00 2001
From: Lars Francke <lars.francke@stackable.tech>
Date: Tue, 17 Sep 2024 11:23:39 +0200
Subject: [PATCH 3/4] Update tools/Dockerfile

Co-authored-by: Nick <10092581+NickLarsenNZ@users.noreply.github.com>
---
 tools/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/Dockerfile b/tools/Dockerfile
index 81946690d..f4fed14c3 100644
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@@ -37,7 +37,7 @@ ENV PATH=/stackable/bin:$PATH
 RUN curl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
     -o /stackable/bin/kubectl && chmod +x /stackable/bin/kubectl
 
-RUN	curl https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
+RUN curl https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
     -o /stackable/bin/jq && \
     chmod +x /stackable/bin/jq
 

From 164d3e821b15ef4b4dfbb05c65794babaa56e7c6 Mon Sep 17 00:00:00 2001
From: Lars Francke <git@lars-francke.de>
Date: Tue, 17 Sep 2024 11:31:34 +0200
Subject: [PATCH 4/4] Fix formatting/order etc.

---
 stackable-base/stackable/curlrc | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/stackable-base/stackable/curlrc b/stackable-base/stackable/curlrc
index 284b6694e..32ca5fc92 100644
--- a/stackable-base/stackable/curlrc
+++ b/stackable-base/stackable/curlrc
@@ -5,7 +5,7 @@
 # https://everything.curl.dev/http/redirects.html#tell-curl-to-follow-redirects
 location
 
-# Retry the request up to 5 times on transient errors (e.g., network issues).
+# Retry the request up to 10 times on transient errors (e.g., network issues)
 # https://everything.curl.dev/usingcurl/downloads/retry.html#retry
 retry = 10
 
@@ -17,11 +17,11 @@ retry-connrefused
 # https://everything.curl.dev/usingcurl/downloads/retry.html#tweak-your-retries
 retry-delay = 15
 
-# Limit the total retry time to 1200 seconds (20 minutes), this is across all retries.
+# Limit the total retry time to 1200 seconds (20 minutes), this is across all retries
 # https://everything.curl.dev/usingcurl/downloads/retry.html#tweak-your-retries
 retry-max-time = 1200
 
-# Fail the request if the server returns an error (4xx or 5xx HTTP status code).
+# Fail the request if the server returns an error (4xx or 5xx HTTP status code)
 # https://everything.curl.dev/http/response.html#http-response-codes
 fail
 
@@ -29,15 +29,15 @@ fail
 # https://everything.curl.dev/usingcurl/timeouts.html#maximum-time-allowed-to-spend
 max-time = 600
 
-# Set the connection timeout to 30 seconds to avoid hanging too long on connection attempts.
+# Set the connection timeout to 30 seconds to avoid hanging too long on connection attempts
 # https://everything.curl.dev/usingcurl/timeouts.html#never-spend-more-than-this-to-connect
 connect-timeout = 30
 
-# (Optional) Protect against downloading files larger than 100GB
-# https://everything.curl.dev/usingcurl/downloads/max-filesize.html#maximum-filesize
-# max-filesize = 107374182400
-
 # Suppress progress output, but still show errors
 # https://everything.curl.dev/usingcurl/verbose/index.html?highlight=silent#silence
 silent
 show-error
+
+# (Optional) Protect against downloading files larger than 100GB
+# https://everything.curl.dev/usingcurl/downloads/max-filesize.html#maximum-filesize
+# max-filesize = 107374182400