How to Setup APT-Caching Server Using Apt-Cacher NG on Ubuntu 18.04

3
6510

Good day all. Welcome to our guide on how to set up apt-caching server using Apt-Cacher NG on Ubuntu 18.04 server. Well, so what is Apt-Cacher NG?

Apt-Cacher NG is special caching proxy for Debian based distributions that creates a local cache of Debian-based mirrors as well as other Linux distributions. This means that whenever a package is pulled from the official repositories, an APT Cache server caches them such that if any other local machine would want to install the same package, it just pulls it from the local caching server. This helps eliminates the bottlenecks of slow internet connections.

Some of the features of Apt-Cacher NG include;

  • It is lightweight and can run on systems with low memory and processing power
  • It supports internal threading thus avoids process fork’ing, kludges for pseudo-thread synchronization nor rely on special file system features for internal operations
  • Supports HTTP pipelining and thus reduction of resource overhead and minimization of possible points of failure

Installing Apt-Cacher NG

Since Apt-Cacher NG is available on the default Ubuntu repositories by default, you can install it using the package manager as shown below;

apt install apt-cacher-ng

Apt-Cacher NG starts automatically by default after the installation. You can verify the same by running the command below;

systemctl status apt-cacher-ng
 apt-cacher-ng.service - Apt-Cacher NG software download proxy
   Loaded: loaded (/lib/systemd/system/apt-cacher-ng.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-11-08 13:17:15 EAT; 4min 49s ago
 Main PID: 30936 (apt-cacher-ng)
    Tasks: 1 (limit: 1110)
   CGroup: /system.slice/apt-cacher-ng.service
           └─30936 /usr/sbin/apt-cacher-ng SocketPath=/run/apt-cacher-ng/socket -c /etc/apt-cacher-ng ForeGround=1
...

It is also enabled to run on system reboot;

systemctl is-enabled apt-cacher-ng
enabled

Apt-Cacher NG comes installed with a web server that enables it to proxy the HTTP package downloads. The web server can also be used to perform other tasks administrative tasks such as reporting.

Apt-Cacher NG also listens on port 3142/TCP by default. Therefore, if UFW is running, open this port.

ufw allow 3142/tcp
ufw reload

To verify that your Apt-Cacher is working fine, just navigate to your browser and enter the URL in the format, http://<hostname or IP>:3142/apt-cacher

apt-cacher
apt-cacher

Configuring Apt-Cacher NG

Server Configuration

The main configuration file for Apt-Cacher NG is located at /etc/apt-cacher-ng/acng.conf. The file is highly commented and in most cases, it can just run with the default parameters.

Basically, the following are the some of the parameters that are enabled by default in the Apt-Cacher NG configuration file.

...
# Storage directory for downloaded data and related maintenance activity.
#
CacheDir: /var/cache/apt-cacher-ng

# Log file directory, can be set empty to disable logging
#
LogDir: /var/log/apt-cacher-ng

# A place to look for additional configuration and resource files if they are not
# found in the configuration directory
#
SupportDir: /usr/lib/apt-cacher-ng

# Repository remapping. Defines distributions to cache their packages
#

Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
Remap-sfnet:  file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
Remap-fedora: file:fedora_mirrors # Fedora Linux
Remap-epel:   file:epel_mirrors # Fedora EPEL
Remap-slrep:  file:sl_mirrors # Scientific Linux
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives

#Virtual page accessible in a web browser to see statistics and status
# information, i.e. under http://localhost:3142/acng-report.html
#
ReportPage: acng-report.html

# Store the pid of the daemon process in the specified text file.
# Default: disabled
#
PidFile: /var/run/apt-cacher-ng/pid

# Days before considering an unreferenced file expired (to be deleted).
#
ExThreshold: 4
...

In order to serve HTPPS repositories, you need to configure HTPPS connection tunneling through the Apt-Cacher proxy by uncommenting the line, # PassThroughPattern: .* # this would allow CONNECT to everything such that it looks like;

PassThroughPattern: .*

Note, whenever you make any configuration changes, you need to restart apt-cacher-ng in order for the changes to take effect by running the command;

systemctl restart apt-cacher-ng

Define Allowed Hosts

As a security measure, you need to define hosts that are only allowed to download packages via the Apt-Cacher. Apt-Cache-ng supports Access Control Lists using TCP wrappers. Therefore, you can use the /etc/hosts.allow and /etc/hosts.deny files to whitelist or blacklist certain hosts respectively.

For example;

To allow host 192.168.1.17 and all hosts on the network 192.168.43.0/24 to use Apt-Cacher server, put the following line in /etc/hosts.allow

apt-cacher-ng : 192.168.1.17 192.168.43.0/24

To block all hosts on the network 192.168.43.0/24 except the host 192.168.43.27;

  • put the following line in /etc/hosts.deny
apt-cacher-ng : 192.168.43.0/24
  • and the following line in the /etc/hosts.allow
apt-cacher-ng : 192.168.43.27

Client Configuration

Once you are done customizing your Apt-Cacher server configurations, you need to configure your clients so that they do package installation via the Apt-Cacher server.

There are two ways in which clients can be configured to download packages through the Apt-Cacher.

  • Specifying the caching machine as HTTP Proxy for the client
    In this method, you need to create the proxy configuration file pointing to the caching server in /etc/apt/apt.conf.d as shown below;

vim /etc/apt/apt.conf.d/02proxy

Acquire::http::Proxy "http://192.168.43.17:3142";

Where 192.168.43.17 is your cache server IP address.

  • Replacing all mirror hostnames with Caching host in sources.list
    In this case, you need to replace all mirror hostnames with the cachin server IP address.
    For example a mirror hostname like deb http://ke.archive.ubuntu.com/ubuntu/ bionic main, would be formatted like;deb http://192.168.43.17:3142/ke.archive.ubuntu.com/ubuntu/ bionic main

The first method is more convenient as compared to the second method.

To verify this, login to your client and configure it as shown below;

echo "Acquire::http::Proxy "http://192.168.43.17:3142";" > /etc/apt/apt.conf.d/02proxy

After that, run a command to update and upgrade the packages. As you can see below, my client has 173 packages that can be updated.

client-updates
client-updates

Before you can update your client server, tail the logs on the server so you can see the client actions:

tail -f /var/log/apt-cacher-ng/apt-cacher.log

Then tun the update command

apt-get update

You should be able to see some actions on the log file.

You can also check the report from the server.

Apt-Cacher NG report
apt-cacher-report

You can click on Count Data button to show the number of requests and data hits that have been processed already

Apt-Cacher NG requests-data-hits
requests-data-hits

To save on storage, you may want to clean cache from time to time. You can be able to do this from the reporting page. Click on Start Scan and/or Expiration.

Apt-Cacher NG clean-local-cache
clean-local-cache

That is all we could cover about installing and setting up Apt-Cacher server on Ubuntu 18.04. You can learn more about it here and here. We hope this guide helped. Thanks for reading.

3 COMMENTS

  1. Great and easy to follow howto, with lots ofe details compared to the other howto’s!

    Only 1 question, shouldn’t:

    vim /etc/pki/apt/apt.conf.d/02proxy

    be:

    vim /etc/apt/apt.conf.d/02proxy

LEAVE A REPLY

Please enter your comment!
Please enter your name here