apt-cacher-ng caches Debian repositories (including repositories for Ubuntu and other Debian-based distributions). The full documentation is available on the project's homepage (see in particular the excellent user manual).

Contents

  1. Server
    1. Mirror URLs didn't work before bookworm
  2. Clients
  3. HTTPS repositories
  4. Maintenance tasks

Server

Just install the package: 

sudo apt install apt-cacher-ng

You may also want to advertise your server with Avahi: 

apt install avahi-daemon

Mirror URLs didn't work before bookworm

apt-cacher-ng versions before 3.7.1-1 suffered from 986356. This is fixed in bookworm, and can be fixed in buster by enabling backports.

If your server is stuck on an older version, your clients will need to replace e.g. http://deb.debian.org with e.g. http://ftp.us.debian.org in their /etc/apt/sources.list files.

Clients

Clients on your network need to know about the proxy you've created.

/!\ Only scan the local network for a proxy if you trust every host on the network. Someone who logged on to your network could add their own apt-cacher-ng server and log (or even modify) the packages you're downloading. SecureApt should ensure a proper trust chain, but consider manual configuration.

Manual configuration
Hardcode the server name in your APT configuration. May not be appropriate if you change networks often. 
 echo 'Acquire::http { Proxy "http://<your-local-ip-address>:3142"; }' \
     | sudo tee -a /etc/apt/apt.conf.d/99proxy
Automatic customisation with a script

Scan for proxies by creating a Acquire::http::ProxyAutoDetect script. 

 echo 'Acquire::http::ProxyAutoDetect "/usr/local/bin/apt-http-proxy-auto-detect"; \
     | sudo tee -a /etc/apt/apt.conf.d/99proxy
 # Write a script that detects the server:
 sudo sensible-editor /usr/local/bin/apt-http-proxy-auto-detect

The script should print the address:port of the proxy, or DIRECT if no proxy was found. You may be interested in using socat to scan a single device (socat tcp:<hostname>:3142 /dev/null) or nmap to scan your whole local network (nmap -p3142 192.168.1.*).

Automatic configuration with auto-apt-proxy

Use auto-apt-proxy to scan for common setups (including Avahi). 

 apt install auto-apt-proxy

HTTPS repositories

apt-cacher-ng will obviously fail to serve HTTPS repositories. I have found the simplest solution to be tunneling HTTPS connections directly on the proxy, by putting this in /etc/apt-cacher-ng/acng.conf: 

PassThroughPattern: ^(.*):443$

As far as I can tell, this is the only way to avoid doing a special configuration on the clients for HTTPS repositories. The downside is that HTTPS content is not cached.

For more solutions, see the upstream documentation.

Maintenance tasks

If you get Hash Sum mismatch like this: 

    W: GPG error: http://127.0.0.1:3142/repo/suite distro InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94AA13895F2AED87
    W: The repository 'http://127.0.0.1:3142/repo/suite distro InRelease' is not signed.
    E: Failed to fetch http://127.0.0.1:3142/repo/suite/dists/distro/main/source/Sources.gz  Hash Sum mismatch

Then clean expired cache files like this: 

curl http://<your-local-ip-addres>:3142/acng-report.html?abortOnErrors=aOe&byPath=bP&byChecksum=bS&truncNow=tN&incomAsDamaged=iad&purgeNow=pN&doExpire=Start+Scan+and%2For+Expiration&calcSize=cs&asNeeded=an#bottom

For more information, see AskUbuntu answer from Mark Porter.

CategoryPackageManagement | CategorySoftware | CategoryNetwork | CategorySystemAdministration