Task 005: apt-cacher-ng for repository caching

Running a bunch of VM/containers requires LOTS of downloading lots of packages, and fetching them everytime is just waste of time and effort and traffic.

A drawback of ACNG is that it can't proxy HTTPS repositories. Some people workaround this with PassThroughPattern: .*, but I believe this is a security risk. Instead, I just configure it to "remap" HTTP repository to HTTPS ones.

Setting up ACNG

  1. Install: apt install apt-cacher-ng

  2. If apt asks you to do enable something, just ignore them.

  3. Put you favorite mirror in /etc/apt-cacher-ng/backends_debian. (e.g. http://cloudfront.debian.net/debian/)

  4. Configure apt to use local proxy

    echo 'Acquire::http { Proxy "http://localhost:3142"; }' > /etc/apt/apt.conf.d/proxy.conf 
    
  5. Remove /var/cache/apt to completely clean your local apt cache.

  6. apt update

Auto-detect proxy for host nodes

For guests, I can just blindly use this proxy, assuming it works 24/7. But, for hosts? I should be careful not to rely on guest services. Luckily, apt can dynamically choose proxy using Acquire::http::Proxy-Auto-Detect. (see apt.conf(5) and apt-transport-http(5) for more details)

This can be achieved w/ something like this:

  • /etc/apt/apt.conf.d/99autoproxy.conf:

     Acquire::http {
             Proxy-Auto-Detect "/etc/apt/detect-proxy.sh"
     }
    
  • /etc/apt/detect-proxy.sh:

     #!/bin/sh
     
     if nc -z "apt-cacher.eon.lan" 3142; then
             echo "http://apt-cacher.eon.lan:3142/"
             exit
     fi 2>/dev/null
     
     echo "DIRECT"
    

I attached a script file that automatically installs these files.