Apt-Cache-ng is A caching proxy. Specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those.
A caching proxy have the following benefits:
- Lower latency
- Reduce WAN traffic
- Higher speed for cached contents
Source: Debian Salsa Git Repository homepage: unix-ag.uni-kl.de
+--------------+ +-------------+ +------------+ | | | | | | | Apt Client | <------+ Apt Cache | <------+ Apt Mirror | | | | | | | | | | | | | +--------------+ +-------------+ +------------+
Contents
Install package
sudo apt-get install apt-cacher-ng
Server configuration
After installation completes, the apt-cacher-ng will start automatically. Now open and edit the cache-ng configuration file located under /etc/apt-cacher-ng directory.
sudo vim /etc/apt-cacher-ng/acng.conf
Set Username and password for webpage
ReportPage: acng-report.html ### Web managment
AdminAuth: myuser:mypassword123 ### set Username and password for Web managment
Web server
- Default enabled for docs
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng ## LocalDirs: "sub-direct for url" "Folder path on disk"
Caching
- Default Enabled
Change path to where you like it to store it.
CacheDir: /var/cache/apt-cacher-ng
APT-cache-ng will store the files under diffrent repos:
/var/cache/apt-cacher-ng ├── archive.raspberrypi.org │ └── debian │ └── dists │ └── buster │ ├── InRelease │ ├── InRelease.head │ └── main │ └── binary-armhf │ ├── Packages.gz │ └── Packages.gz.head ├── deb.playonlinux.com │ └── dists │ └── trusty │ ├── InRelease │ ├── InRelease.head │ └── main │ ├── binary-amd64 │ │ ├── Packages.gz │ │ └── Packages.gz.head │ └── binary-i386 │ ├── Packages.gz │ └── Packages.gz.head ├── debrep │ └── dists │ └── buster-backports │ ├── InRelease │ ├── InRelease.head │ └── main │ ├── binary-armhf │
Take not of the debrep, if defined it will merge diffrent Repository that matches Remap-debrep, and merge them together.
Tuning cache
ExThreshold: 4 # days before purgeing ExStartTradeOff: 500m # Size of local cache, expiration run is suppressed, until limited is surpaced.
Repository remapping
Repository remapping is a way to merge together all urls to the same repository.
On some restricted networks, it may be needed to enforce the use of predefined mirrors. If the ForceManaged option is set, only requests to URL matched in some Remap-... config is allowed.
If multiple Remap- lines for the same Repository are specified, the contents of both URL lists are merged.
Format:
Remap-RepositoryName: MergingURLs ; TargetURLs ; OptionalFlags
Example with ubuntu, where a seperate file holds the upstream URLS, and all urls in file:ubuntu_mirrors or/ubuntu are using the TargetURLs
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
Pre caching
- Default off
PrecacheFor: {uburep,secdeb,debrep}/*/*{Packages,InRelease,Packages.xz,Translation,Commands}*
log setting
- Default Enabled
Change path to where you like it to store it.
LogDir: /var/log/apt-cacher-ng
Address and Port
Default Port:3142
- Default: listens on all interfaces and protocols
To change port or hostname, uncomment. BindAddress can be multiple address that are resolved at start.
Port:3142 BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
Upstream proxy
- Default No proxy
To use proxy uncomment and set your upstream proxy.
Proxy: http://www-proxy.example.net:3128 # or Proxy: https://username:proxypassword@proxy.example.net:3129
Client setup
There is multiple ways to set proxy for use:
- Hardcoded
- via DNS
- via multicast DNS
- via list
To force the client to use the proxy we can hardcodes the server name in the APT configuration and may not be appropriate if you change networks often.
echo 'Acquire::http { Proxy "http://${proxy_server}:3142"; }' | sudo tee -a /etc/apt/apt.conf.d/proxy
Dynamic usage of proxy using DNS, and auto-apt-proxy
It is posible to use the local DNS server to lookup apt proxy server
DNS server setting
The DNS server needs to have a SRV record of _apt_proxy._tcp.${domain}.
Note: Current v13 auto-apt-proxy needs the ${domain} to set via in hostname. sudo hostnamectl set-hostname client.example.com
The appropriate SRV record in dnsmasq.conf would look like this:
srv-host=_apt_proxy._tcp.example.com,apt-cacher-ng.example.com,3142
_apt_proxy._tcp.${domain} is the URL getting reqestetd.
apt-cacher-ng.example.com is the URL being returned, can be any valid URL
3142 is the port used, on the server being returned.
Client
Current v13 of auto-apt-proxy needs the ${domain} to set via in hostname. sudo hostnamectl set-hostname client.${domain} , and hostname need to reflect in /etc/hosts:
127.0.1.1 client.${domain} client- The order is important, FQDN, then short.
client.${domain}, FQDN.
client, short hostname.
alternativt a host named apt-proxy can be defined in /etc/hosts.
Install auto-apt-proxy:
sudo apt install auto-apt-proxy
This will add the following to /etc/apt/apt.conf.d/auto-apt-proxy.conf:
Acquire::http::Proxy-Auto-Detect "/usr/bin/auto-apt-proxy";
Dynamic usage of proxy using multicast DNS
With the use of Zero-configuration networking, it is posible for clients dynamicly use the local proxy server. This is useful for laptops but could be a security issue as anyone can then become a proxy for you and serve any content they wish (although SecureApt should still ensure a proper trust chain).
Server
To announce the service to the network, you install Avahi:
sudo apt install avahi-daemon
Client
On the client side we need squid-deb-proxy-client
sudo apt install squid-deb-proxy-client
This will add the following to /etc/apt/apt.conf.d/30autoproxy:
Acquire::http::ProxyAutoDetect "/usr/share/squid-deb-proxy-client/apt-avahi-discover";
Verfie it is working
$/usr/share/squid-deb-proxy-client/apt-avahi-discover
http://192.168.0.7:3142/
$"--debug" flag can be used for more info.
Dynamic usage a list
If you have a list of server you like the client to try you can use.
There setting calls Acquire::http::ProxyAutoDetect.
This setting should contains the full path to the binary and cannot have arguments. The command should output the proxy to be used (example: http://10.0.0.1:3142).
Given the above information, a script could be created that tries a proxy before setting it. If no ProxyAutoDetecto proxy is available, a direct connection should be used.
Below is such a proxy detection script which tries the http://10.0.0.1:3142 and http://10.0.0.2:3142 proxies.
Put the code in /etc/apt/detect-http-proxy:
#!/bin/bash
# detect-http-proxy - Returns a HTTP proxy which is available for use
# Author: Lekensteyn <lekensteyn@gmail.com>
# Supported since APT 0.7.25.3ubuntu1 (Lucid) and 0.7.26~exp1 (Debian Squeeze)
# Unsupported: Ubuntu Karmic and before, Debian Lenny and before
# Put this file in /etc/apt/detect-http-proxy and create and add the below
# configuration in /etc/apt/apt.conf.d/30detectproxy
# Acquire::http::ProxyAutoDetect "/etc/apt/detect-http-proxy";
# APT calls this script for each host that should be connected to. Therefore
# you may see the proxy messages multiple times (LP 814130). If you find this
# annoying and wish to disable these messages, set show_proxy_messages to 0
show_proxy_messages=1
# on or more proxies can be specified. Note that each will introduce a routing
# delay and therefore its recommended to put the proxy which is most likely to
# be available on the top. If no proxy is available, a direct connection will
# be used
try_proxies=(
10.0.0.1:3142
10.0.0.2:3142
)
print_msg() {
# \x0d clears the line so [Working] is hidden
[ "$show_proxy_messages" = 1 ] && printf '\x0d%s\n' "$1" >&2
}
for proxy in "${try_proxies[@]}"; do
# if the host machine / proxy is reachable...
if nc -z ${proxy/:/ }; then
proxy=http://$proxy
print_msg "Proxy that will be used: $proxy"
echo "$proxy"
exit
fi
done
print_msg "No proxy will be used"
# Workaround for Launchpad bug 654393 so it works with Debian Squeeze (<0.8.11)
echo DIRECTin /etc/apt/apt.conf.d/30detectproxy set:
# Fail immediately if a file could not be retrieved. Comment if you have a bad # Internet connection Acquire::Retries 0; # It should be an absolute path to the program, no arguments are allowed. stdout contains the proxy # server, stderr is shown (in stderr) but ignored by APT Acquire::http::ProxyAutoDetect "/etc/apt/detect-http-proxy";