Differences between revisions 11 and 12
Revision 11 as of 2021-04-22 16:37:14
Size: 3548
Editor: OsamuAoki
Comment: Use classic mirror URL (not deb.debian.org)
Revision 12 as of 2021-04-22 23:34:11
Size: 3514
Editor: PaulWise
Comment: modernise
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
   {{{#!wiki important {{{#!wiki important
Line 14: Line 14:
apt-get install apt-cacher-ng apt install apt-cacher-ng
Line 20: Line 20:
apt-get install avahi-daemon apt install avahi-daemon
Line 30: Line 30:
   {{{
apt-get install squid-deb-proxy-client
{{{
apt install squid-deb-proxy-client
Line 33: Line 33:
Line 36: Line 37:
    {{{
apt-get install auto-apt-proxy
{{{
apt install auto-apt-proxy
Line 43: Line 43:
   {{{ {{{
Line 47: Line 47:
   {{{#!wiki important {{{#!wiki important
Line 74: Line 74:

apt-cacher-ng is a nice little software to create a local cache of the Debian mirrors (but it can also operate on other distribution mirrors). The full documentation is available on the project's homepage (see in particular the excellent user manual).

Here are some quick instructions to get started.

Server

Please make sure to use classic mirror server URLs such as http://ftp.us.debian.org in your /etc/apt/sources.list instead of its modern default http://deb.debian.org to avoid 986356 before installing apt-cacher-ng.

apt install apt-cacher-ng

To announce the service on the network, you may also want to install Avahi:

apt install avahi-daemon

Clients

Now of course, clients need to know about this proxy. You have two options:

  • automatic configuration: this will use Avahi to automatically detect proxy servers on the local network. this is useful for laptops but could be a security issue as anyone can then become a proxy for you and serve any content they wish (although SecureApt should still ensure a proper trust chain).

apt install squid-deb-proxy-client
  • automatic configuration:
    • there is also auto-apt-proxy which can automatically detects common setups by checking localhost, your gateway and other "interesting" machines on your network for well-known APT proxies such as apt-cacher-ng and others.

apt install auto-apt-proxy
  • manual configuration: this hardcodes the server name in the APT configuration and may not be appropriate if you change networks often.

echo 'Acquire::http { Proxy "http://proxy:3142"; }' | sudo tee -a /etc/apt/apt.conf.d/proxy

This assumes the server's hostname is proxy, change to its IP address or another hostname as convenient.

  • You can also configure apt to check for AptCacherNg instances at one or more specific addresses, and/or fallback to using a direct connection with the following Apt configuration directive.

Acquire::http::ProxyAutoDetect "/usr/local/bin/apt-proxy-checker";

And creating a script at /usr/local/bin/apt-proxy-checker (or whatever location you configured) that will print out the address:port of AptCacherNg, or print “DIRECT” to use no proxy. This permits falling back to alternative AptCacherNg locations if one is down.

Using “DIRECT” as the final fallback value also prevents Apt from hanging and not updating packages.

There are several ways to check for listening addresses, such as using netcat with  nc -w1 -z $ADDR $PORT.

HTTPS repositories

apt-cacher-ng will obviously fail to serve HTTPS repositories. There are many solutions upstream but I have found the simplest solution to be to simply tunnel HTTPS connections directly on the proxy, by putting this in /etc/apt-cacher-ng/acng.conf:

PassThroughPattern: ^(.*):443$

This is, as far as I can tell, the only way to avoid doing a special configuration on the clients for HTTPS repositories. The downside is that HTTPS content is not cached.


CategoryPackageManagement | CategorySoftware | CategoryNetwork | CategorySystemAdministration