In general, replace the default Debian source address http://deb.debian.org/ with the mirror address in the /etc/apt/sources.list file.
Debian Buster and later versions default to supporting HTTPS sources. If you encounter issues fetching HTTPS sources, please use HTTP sources first and then proceed with the installation.
For convenient and quick configuration, here is the configuration for debian-security as well. In general, mirror sites usually provide debian-security. As of the document's writing, DNUI, HIT, and NYIST do not offer this mirror. For more accurate information, you can visit Debian Security Help to confirm.
However, generally speaking, for more timely access to security updates, it is not recommended to use mirror sites for security update software sources, as mirror sites often have synchronization delays. Refer to https://www.debian.org/security/faq.en.html#mirror
The purpose of security.debian.org is to make security updates available as quickly and easily as possible.
Encouraging the use of unofficial mirrors would add extra complexity that is usually not needed and that can cause frustration if these mirrors are not kept up to date.
Connection reset by peer
In apt version 2.1.9 and later, there seems to be some compatibility issues between apt's HTTP Pipelining feature and Nginx servers, which may result in high bandwidth downloading a large number of packages from the mirror site. Occasional "Connection reset by peer" errors may occur during operations like system upgrades. (Detail Debian bug #973581).
Currently, users can resolve this issue by disabling the HTTP Pipelining feature.
If needed, you can disable it by adding the parameter -o Acquire::http::Pipeline-Depth=0 when using the apt command, or by using the following command to add the relevant settings to the apt system configuration: