Differences between revisions 6 and 8 (spanning 2 versions)
Revision 6 as of 2019-07-20 09:13:51
Size: 2393
Editor: ?Syam G Krishnan
Comment:
Revision 8 as of 2019-09-12 18:26:21
Size: 2499
Editor: nodiscc
Comment: add categories
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
 * automatic configuration: this will use Avahi to automatically detect proxy servers on the local network. this is useful for laptops but could be a security issue as anyone can then become a proxy for you and serve any content they wish (although AptSecure should still ensure a proper trust chain)  * automatic configuration: this will use Avahi to automatically detect proxy servers on the local network. this is useful for laptops but could be a security issue as anyone can then become a proxy for you and serve any content they wish (although SecureApt should still ensure a proper trust chain).
Line 55: Line 55:

----

CategoryPackageManagement | CategorySoftware | CategoryNetwork | CategorySystemAdministration

apt-cacher-ng is a nice little software to create a local cache of the Debian mirrors (but it can also operate on other distribution mirrors). The full documentation is available on the project's homepage (see in particular the excellent user manual).

Here are some quick instructions to get started.

Server

apt-get install apt-cacher-ng

To announce the service on the network, you may also want to install Avahi:

apt-get install avahi-daemon

Clients

Now of course, clients need to know about this proxy. You have two options:

  • automatic configuration: this will use Avahi to automatically detect proxy servers on the local network. this is useful for laptops but could be a security issue as anyone can then become a proxy for you and serve any content they wish (although SecureApt should still ensure a proper trust chain).

    • apt-get install squid-deb-proxy-client
  • automatic configuration:
    • there is also auto-apt-proxy which can automatically detects common setups by checking localhost, your gateway and other "interesting" machines on your network for well-known APT proxies such as apt-cacher-ng and others.

      • apt-get install auto-apt-proxy
  • manual configuration: this hardcodes the server name in the APT configuration and may not be appropriate if you change networks often.
    • echo 'Acquire::http { Proxy "http://proxy:3142"; }' | sudo tee -a /etc/apt/apt.conf.d/proxy

      This assumes the server's hostname is proxy, change to its IP address or another hostname as convenient.

HTTPS repositories

apt-cacher-ng will obviously fail to serve HTTPS repositories. There are many solutions upstream but I have found the simplest solution to be to simply tunnel HTTPS connections directly on the proxy, by putting this in /etc/apt-cacher-ng/acng.conf:

PassThroughPattern: .*

This is, as far as I can tell, the only way to avoid doing a special configuration on the clients for HTTPS repositories. The downside is that HTTPS content is not cached.


CategoryPackageManagement | CategorySoftware | CategoryNetwork | CategorySystemAdministration