If you've got multiple Ubuntu/Debian computers in your home, office or virtual network, you can greatly speed up software installations, upgrades and external bandwidth by designating one of them as a "cache" server.
Using apt-cacher-ng
, any apt
operations will proxy through that computer, so packages are only downloaded once from the Internet.
Note that the computer running the cache server must be online for
apt
operations to work.
Setting up
There are two approaches:
Method | Recommendation | |
---|---|---|
Automatic | The server announces the service to the network. Clients discover the proxy. | Trusted networks |
Manual | Server runs at a fixed IP address, clients connect directly | Reliability |
I personally went with Manual on a Raspberry Pi 4 computer which runs 24/7.
To avoid repeating instructions, take a look here on how to set up the server and clients:
https://wiki.debian.org/AptCacherNg
Server Tips
-
When installing the server, you'll be prompted if you'd like to enable the HTTP proxy. Choose [Yes] since this will allow HTTPS connections to work, even though they won't be cached. This should only be enabled on trusted networks.
-
To automatically start the service at boot:
sudo systemctl enable apt-cacher-ng sudo systemctl start apt-cacher-ng
-
You can change where the cache is located by editing
/etc/apt-cacher-ng/acng.conf
(as root). For example, to use the cache on a different drive/partition:CacheDir: /media/example/
The directory needs to be owned by
apt-cacher-ng
, otherwise the service will not start.sudo chown apt-cacher-ng /media/example/
Make sure to restart the service:
sudo systemctl restart apt-cacher-ng
Note on HTTPS
Repositories that connect over HTTPS cannot be cached. Despite the contrary, a simple solution is to switch those repository URLs to HTTP via Software & Updates if the external source supports HTTP connections.
If you're interested to know why, read up on how the chain of trust works with Apt.
TL;DR: Your system already has the signing key to verify the integrity of packages, so downloading from repositories over HTTP is no more or less secure then HTTPS. Tampered or corrupt packages void the digital signature are refused installation.
Statistics
The service also runs a web page to view statistics.
http://<proxy>:3142/acng-report.html
Replace <proxy>
with the IP address or hostname of the cache server, or use localhost
if the computer running is the cache server.
Removal
If you later no longer need the cache, do the reverse and uninstall the packages. If you followed the manual steps, delete /etc/apt/apt.conf.d/proxy
too.