Apt-cacher

From BitFolk
Jump to navigation Jump to search

The apt-cacher service is a specialised web proxy for Debian-style archive mirrors. Users of Debian- or Ubuntu-based VPSes can use BitFolk's apt-cacher service to avoid having to use their own bandwidth to download packages that other users have already downloaded.

Overview

To make use of BitFolk's apt-cacher service all you need to do is prepend a string to the mirror URIs you would normally use. The correct string to use depends on whether you use Debian or Ubuntu.

Warning Warning: Only the specific mirrors listed below are allowed. If you use other sites in your sources.list then please let BitFolk support know and they will consider whether to add them.

If for any reason you are not able to use the apt-cacher, it's fine to use a Debian/Ubuntu mirror as normal; you'll just miss out on two small advantages:

  1. Downloads from apt-cacher do not count towards your data transfer quota. That was a bigger deal back in 2007 when customers had only 100GB/month to use, but not so much at the time of writing when it's 4TB.
  2. Downloads from apt-cacher will be quicker if another customer already downloaded the packages you wanted, since they'll be in the cache.

Debian

Available mirrors

  • deb.debian.org (over https)
  • ftp.uk.debian.org
  • ftp.debian.org
  • security.debian.org
  • archive.debian.org
  • deb.freexian.com (over https)
  • jonas.genannt.name

apt-cacher URI

apt-cacher.lon.bitfolk.com/debian/

Worked examples

If the mirror hostname you wish to use is listed above then you can use it through BitFolk's apt-cacher by prepending the apt-cacher URI to the beginning. For example, if you wished to use:

   deb http://deb.debian.org/debian buster-backports main

This would be added as:

   deb http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian buster-backports main

Here's another complete set of sources for Debian 11 (bullseye):

deb     http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian          bullseye                  main
deb-src http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian          bullseye                  main

deb     http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian          bullseye-updates          main
deb-src http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian          bullseye-updates          main

deb     http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian-security bullseye-security/updates main
deb-src http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian-security bullseye-security/updates main

BitFolk's installers automatically enable use of the apt-cacher.

Ubuntu

Available mirrors

  • gb.archive.ubuntu.com
  • archive.ubuntu.com
  • security.ubuntu.com

apt-cacher URI

apt-cacher.lon.bitfolk.com/ubuntu/

Example

For Ubuntu 12.04.x LTS (Precise Pangolin):

deb http://apt-cacher.lon.bitfolk.com/ubuntu/gb.archive.ubuntu.com/ubuntu/ precise          main restricted universe multiverse
deb http://apt-cacher.lon.bitfolk.com/ubuntu/gb.archive.ubuntu.com/ubuntu/ precise-updates  main restricted universe multiverse
deb http://apt-cacher.lon.bitfolk.com/ubuntu/security.ubuntu.com/ubuntu/   precise-security main restricted universe multiverse

Other

HTTPS?

BitFolk's apt-cacher uses HTTPS connections to backend mirrors which are known to support that. At this time that means:

  • deb.debian.org
  • deb.torproject.org

For these mirrors HTTPS will always be used and you do not need to change anything in your configuration (and cannot influence this in any way).

If you know of other mirrors that are currently in use that reliably support HTTPS then please let support know so that they too can be switched over to using HTTPS.

The main purposes in using HTTPS here are:

  • Preventing traffic analysis outside of BitFolk from revealing what packages are in use by any given client
  • Preventing man-in-the-middle, DNS or BGP attacks out on the Internet from substituting in an entirely different backend mirror

as such, BitFolk currently does not see any point in enabling HTTPS for this across its internal network between your VMs and the apt-cacher hosts.

Even if that was enabled, given that the apt-cachers are proxies you still would not have any way to verify that they were talking HTTPS to the backend mirrors or that they even contact the correct mirrors. You would still have to trust BitFolk on that. If you have concerns about that then you are better off just not using the apt-cacher service. The additional traffic use is unlikely to be an issue for you.

Debugging

If you're having problems with the apt-cacher service then the first and most important thing to try is to see if the problem manifests itself when the apt-cacher is not used. apt-cacher cannot cache files that are missing, or perhaps the source mirror is unreachable. Just remove the apt-cacher URI from the start of your mirror URIs and try again. If the problem persists then it's a problem with the actual mirror itself, which is not operated by BitFolk.

If problems only manifest themselves when using the apt-cacher but not when using the actual mirror directly then there could be a problem that BitFolk should know about. Please repeat your apt-get command with debugging enabled:

# apt-get update -o Debug::Acquire::Http=true

and send the output to support. In the mean time, switch to using mirrors directly.

IPv6

The apt-cacher has an IPv6 address as well as an IPv4 address. By default Linux will try to use IPv6 addresses before IPv4 if it thinks it has global IPv6 connectivity. If your initial connections to the apt-cacher attempt to go over IPv6, fail with a long timeout and then work over IPv4 then it is likely that your VPS's IPv6 connectivity is broken. You may wish to contact support to help get it fixed, disable IPv6 or prefer IPv4.

Trivia

The apt-cacher service is actually provided using the apt-cacher-ng software.