Previous Page

notorious - 2023-10-20

Apt-Cacher Setup

For a whole host of reasons, it can be useful to have a locally-hosted server to redistribute updates to the whole park. That's what we're going to do today with apt-cacher, which will fetch packages from the official repositories when a client requests them, before making them available on the local LAN. This applies to all downloaded packages, so whether you're installing an application or simply updating your system, the proxy will fetch the packages for us.

Initial Setup

Install Apt-Cacher-NG by using the below command

#Install the service
apt install apt-cacher-ng -y

Once the Apt-Cacher-NG package is installed, start the Apt-Cacher-NG service and enable it to start at system reboot and check his current status.

#Start, enable at boot and check the status of the service 
systemctl start apt-cacher-ng
systemctl enable apt-cacher-ng
systemctl status apt-cacher-ng

Apt-Cacher-NG listens on port 3142. Now check if the service is correctly running by using the below command

ss -ntlp| grep apt


Now we need to configure it by editing the configuration file

vim /etc/apt-cacher-ng/acng.conf

Example of configuration

# Letter case in directive names does not matter. Must be separated with colons.
# Valid boolean values are a zero number for false, non-zero numbers for true.
CacheDir: /var/cache/apt-cacher-ng
# set empty to disable logging
LogDir: /var/log/apt-cacher-ng
# TCP (http) port
# Set to 9999 to emulate apt-proxy
Port: 3142
# Addresses or hostnames to listen on. Multiple addresses must be separated by
# spaces. Each entry must be associated with a local interface. DNS resolution
# is performed using getaddrinfo(3) for all available protocols (i.e. IPv4 and
# IPv6 if available).
# Default: not set, will listen on all interfaces.
# BindAddress: localhost publicNameOnMainInterface
# Repository remapping. See manual for details.
# In this example, backends file is generated during package installation.
#Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
Remap-debrep: file:deb_mirrors*.gz /debian ; file:backends_debian
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
# Virtual page accessible in a web browser to see statistics and status
# information, i.e. under http://localhost:3142/acng-report.html
ReportPage: acng-report.html
# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
# used with inetd bridge or cron client.
# SocketPath:/var/run/apt-cacher-ng/socket
# Forces log file to be written to disk after every line when set to 1. Default
# is 0, buffer flush happens after client disconnects.
# (technically, this is an alias to the Debug option provided for convenience)
#Allow HTTPS tunnels
PassThroughPattern: .*
# UnbufferLogs: 0
# Set to 0 to store only type, time and transfer sizes.
# 1 -> client IP and relative local path are logged too
VerboseLog: 0
# Don't detach from the console
# ForeGround: 0
# Store the pid of the daemon process therein
PidFile: /var/run/apt-cacher-ng/pid
# Forbid outgoing connections, work around them or respond with 503 error
# offlinemode:0
# Forbid all downloads that don't run through preconfigured backends (.where)
#ForceManaged: 0
# Days before considering an unreferenced file expired (to be deleted).
# Warning: if the value is set too low and particular index files are not
# available for some days (mirror downtime) there is a risk of deletion of
# still usefull package files.
ExTreshold: 4
# Stop expiration when a critical problem appeared. Currently only failed
# refresh of an index file is considered as critical.
# WARNING: don't touch this option or set to a non-zero number.
# Anything else is DANGEROUS and may cause data loss.
# ExAbortOnProblems: 1
# Replace some Windows/DOS-FS incompatible chars when storing
# StupidFs: 0
# Experimental feature for apt-listbugs: pass-through SOAP requests and
# responses to/from If not set, default is true if
# ForceManaged is enabled and false otherwise.
# ForwardBtsSoap: 1 
# The daemon has a small cache for DNS data, to speed up resolution. The
# expiration time of the DNS entries can be configured in seconds.
# DnsCacheSeconds: 3600
# Don't touch the following values without good consideration! 
# Max. count of connection threads kept ready (for faster response in the
# future). Should be a sane value between 0 and average number of connections,
# and depend on the amount of spare RAM.
# MaxStandbyConThreads: 8
# Hard limit of active thread count for incomming connections, i.e. operation
# is refused when this value is reached (below zero = unlimited).
# MaxConThreads: -1
#VfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
#PfilePattern = .*(\.deb|\.rpm|\.dsc|\.tar\.gz\.gpg|\.tar\.gz|\.diff\.gz|\.diff\.bz2|\.jigdo|\.template|changelog|copyright|\.udeb|\.diff/.*\.gz|vmlinuz|initrd\.gz|ReleaseAnnouncement)$
# Whitelist for expiration, file types not to be removed even when being
# unreferenced. Default: same as VfilePattern which is a safe bed. When and
# only when the only used mirrors are official repositories (with working
# Release files) then it might be set to something more restrictive, like
# (^|.*?/)(Release|Release\.gpg|release|meta-release|Translation[^/]*\.bz2)$
#WfilePattern = (^|.*?/)(Index|Packages\.bz2|Packages\.gz|Packages|Release|Release\.gpg|Sources\.bz2|Sources\.gz|Sources|release|index\.db-.*\.gz|Contents-[^/]*\.gz|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*\.bz2)$
# Higher modes only working with the debug version
# Warning, writes a lot into apt-cacher.err logfile
# Value overwrites UnbufferLogs setting (aliased)
# Usually, general purpose proxies like Squid expose the IP adress of the
# client user to the remote server using the X-Forwarded-For HTTP header. This
# behaviour can be optionally turned on with the Expose-Origin option.
# ExposeOrigin: 0
# When logging the originating IP address, trust the information supplied by
# the client in the X-Forwarded-For header.
# LogSubmittedOrigin: 0
# The version string reported to the peer, to be displayed as HTTP client (and
# version) in the logs of the mirror.
# WARNING: some archives use this header to detect/guess capabilities of the
# client (i.e. redirection support) and change the behaviour accordingly, while
# ACNG might not support the expected features. Expect side effects.
# UserAgent: Yet Another HTTP Client/1.2.3p4
# In some cases the Import and Expiration tasks might create fresh volatile
# data for internal use by reconstructing them using patch files. This
# by-product might be recompressed with bzip2 and with some luck the resulting
# file becomes identical to the *.bz2 file on the server, usable for APT
# clients trying to fetch the full .bz2 compressed version. Injection of the
# generated files into the cache has however a disadvantage on underpowered
# servers: bzip2 compession can create high load on the server system and the
# visible download of the busy .bz2 files also becomes slower.
# RecompBz2: 0
# Network timeout for outgoing connections.
# NetworkTimeout: 60

Now restart Apt-Cacher-NG

systemctl restart apt-cacher-ng

Client Configuration

For Configure Client System to use Apt-Cacher NG. Create a new proxy configuration file on your host

#Conf file to edit
vim /etc/apt/apt.conf.d/00aptproxy

#Add the following Lines:
Acquire::http::Proxy "http://MyAptCacherIP:3142";

Once apt-cacher has been installed on a server and your clients configured to use it, you can run an apt-update for example. When the command is executed, it will ask your apt-cacher server to retrieve the data before making it available to the client making the request. Via the apt-hide web page, we can check the status of the apt-hide server, the amount of data downloaded by the apt-hide server and redistributed on the local LAN, etc.


It can happen that after some time, some of your machines, especially if you're using specific repositories different from the base ones, encounter issues when fetching the latest updates. This may be caused by the package cache on the apt-cacher. To resolve this issue, here is how to clear it.

sudo /etc/init.d/apt-cacher-ng stop
sudo rm -r /var/cache/apt-cacher-ng/*
sudo /etc/init.d/apt-cacher-ng start


Death Is Near

About Notorious

Donate XMR:498pGjtN5jKGG4QJ7ubS5rVdsWEgovzgM6cCQpFwhXiPSq39q1izZE7UFTfxinyrZud2PpLRMiU6DJUnCEsR3iPGHqswj9U