Good day all. Welcome to our guide on how to set up apt-caching server using Apt-Cacher NG on Ubuntu 18.04 server. Well, so what is Apt-Cacher NG?
Apt-Cacher NG is special caching proxy for Debian based distributions that creates a local cache of Debian-based mirrors as well as other Linux distributions. This means that whenever a package is pulled from the official repositories, an APT Cache server caches them such that if any other local machine would want to install the same package, it just pulls it from the local caching server. This helps eliminates the bottlenecks of slow internet connections.
Some of the features of Apt-Cacher NG include;
- It is lightweight and can run on systems with low memory and processing power
- It supports internal threading thus avoids process fork’ing, kludges for pseudo-thread synchronization nor rely on special file system features for internal operations
- Supports HTTP pipelining and thus reduction of resource overhead and minimization of possible points of failure
Installing Apt-Cacher NG
Since Apt-Cacher NG is available on the default Ubuntu repositories by default, you can install it using the package manager as shown below;
apt install apt-cacher-ng
Apt-Cacher NG starts automatically by default after the installation. You can verify the same by running the command below;
systemctl status apt-cacher-ng
● apt-cacher-ng.service - Apt-Cacher NG software download proxy Loaded: loaded (/lib/systemd/system/apt-cacher-ng.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-11-08 13:17:15 EAT; 4min 49s ago Main PID: 30936 (apt-cacher-ng) Tasks: 1 (limit: 1110) CGroup: /system.slice/apt-cacher-ng.service └─30936 /usr/sbin/apt-cacher-ng SocketPath=/run/apt-cacher-ng/socket -c /etc/apt-cacher-ng ForeGround=1 ...
It is also enabled to run on system reboot;
systemctl is-enabled apt-cacher-ng
Apt-Cacher NG comes installed with a web server that enables it to proxy the HTTP package downloads. The web server can also be used to perform other tasks administrative tasks such as reporting.
Apt-Cacher NG also listens on port 3142/TCP by default. Therefore, if UFW is running, open this port.
ufw allow 3142/tcp ufw reload
To verify that your Apt-Cacher is working fine, just navigate to your browser and enter the URL in the format, http://<hostname or IP>:3142/apt-cacher
Configuring Apt-Cacher NG
The main configuration file for Apt-Cacher NG is located at /etc/apt-cacher-ng/acng.conf. The file is highly commented and in most cases, it can just run with the default parameters.
Basically, the following are the some of the parameters that are enabled by default in the Apt-Cacher NG configuration file.
... # Storage directory for downloaded data and related maintenance activity. # CacheDir: /var/cache/apt-cacher-ng # Log file directory, can be set empty to disable logging # LogDir: /var/log/apt-cacher-ng # A place to look for additional configuration and resource files if they are not # found in the configuration directory # SupportDir: /usr/lib/apt-cacher-ng # Repository remapping. Defines distributions to cache their packages # Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux Remap-fedora: file:fedora_mirrors # Fedora Linux Remap-epel: file:epel_mirrors # Fedora EPEL Remap-slrep: file:sl_mirrors # Scientific Linux Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives #Virtual page accessible in a web browser to see statistics and status # information, i.e. under http://localhost:3142/acng-report.html # ReportPage: acng-report.html # Store the pid of the daemon process in the specified text file. # Default: disabled # PidFile: /var/run/apt-cacher-ng/pid # Days before considering an unreferenced file expired (to be deleted). # ExThreshold: 4 ...
In order to serve HTPPS repositories, you need to configure HTPPS connection tunneling through the Apt-Cacher proxy by uncommenting the line,
# PassThroughPattern: .* # this would allow CONNECT to everything such that it looks like;
Note, whenever you make any configuration changes, you need to restart apt-cacher-ng in order for the changes to take effect by running the command;
systemctl restart apt-cacher-ng
Define Allowed Hosts
As a security measure, you need to define hosts that are only allowed to download packages via the Apt-Cacher. Apt-Cache-ng supports Access Control Lists using TCP wrappers. Therefore, you can use the
/etc/hosts.deny files to whitelist or blacklist certain hosts respectively.
To allow host 192.168.1.17 and all hosts on the network 192.168.43.0/24 to use Apt-Cacher server, put the following line in
apt-cacher-ng : 192.168.1.17 192.168.43.0/24
To block all hosts on the network 192.168.43.0/24 except the host 192.168.43.27;
- put the following line in
apt-cacher-ng : 192.168.43.0/24
- and the following line in the
apt-cacher-ng : 192.168.43.27
Once you are done customizing your Apt-Cacher server configurations, you need to configure your clients so that they do package installation via the Apt-Cacher server.
There are two ways in which clients can be configured to download packages through the Apt-Cacher.
- Specifying the caching machine as HTTP Proxy for the client
In this method, you need to create the proxy configuration file pointing to the caching server in /etc/apt/apt.conf.d as shown below;
Where 192.168.43.17 is your cache server IP address.
- Replacing all mirror hostnames with Caching host in sources.list
In this case, you need to replace all mirror hostnames with the cachin server IP address.
For example a mirror hostname like
deb http://ke.archive.ubuntu.com/ubuntu/ bionic main, would be formatted like;
deb http://192.168.43.17:3142/ke.archive.ubuntu.com/ubuntu/ bionic main
The first method is more convenient as compared to the second method.
To verify this, login to your client and configure it as shown below;
echo "Acquire::http::Proxy "http://192.168.43.17:3142";" > /etc/apt/apt.conf.d/02proxy
After that, run a command to update and upgrade the packages. As you can see below, my client has 173 packages that can be updated.
Before you can update your client server, tail the logs on the server so you can see the client actions:
tail -f /var/log/apt-cacher-ng/apt-cacher.log
Then tun the update command
You should be able to see some actions on the log file.
You can also check the report from the server.
You can click on Count Data button to show the number of requests and data hits that have been processed already
To save on storage, you may want to clean cache from time to time. You can be able to do this from the reporting page. Click on Start Scan and/or Expiration.