On Thu, Aug 23, 2018 at 02:20:36PM -0400, Michael Stone wrote: > On Thu, Aug 23, 2018 at 01:16:26PM -0400, Roberto C. Sánchez wrote: > > deb http://apt-cache.localdomain:3142/security/ stretch/updates main > > contrib non-free > > deb http://apt-cache.localdomain:3142/debian/ stretch main non-free contrib > > apt-cacher would typically be used by putting something like > Acquire::http::Proxy "http://apt-cache.localdomain:3142/"; > in /etc/apt.conf or a file in apt.conf.d and then putting the usual urls in > sources.list (http://http.us.debian.org/debian/ or whatever; see > /usr/share/doc/apt-cacher-ng/examples/000apt-cacher-ng-proxy). apt-cacher > then transparently caches the requests. What's probably happening is that > redirects are being sent which the cacher expects to intercept as the proxy, > but you're not using it as a proxy. > So, I finally got around to sorting this out*.
When I first tried the Acquire::http::Proxy configuration I started getting 403 errors related to the InRelease file from the security archive. The normal archive had no issues at all. I poked around for quite a while (looked at log files, Google searches, man pages, etc.) and figured out that I also needed update the "debsec" mirror in my apt-cacher-ng configuration to be "http://security-cdn.debian.org/"; instead of "http://security.debian.org/";. Once that was done, the 403 errors were all resolved. At that point I was able to update the configurations of all of my machines, all of my VMs, and all of my schroot/pbuilder/cowbuilder environments. As a bonus, I also found that now I can enter "http://apt-cache.localdomain:3142/"; as the http_proxy address to the Debian installer (for example, when creating a new VM) and it will use the apt-cacher-ng instance for all package downloads. Previously, I would enter http://apt-cache.localdomain:3142/debian/ as the mirror address, but the installer still used http://security.debian.org/ for the security mirror (and it seems this cannot be changed). That was alays a bit annoying the further one gets from a point release as the number of packages in the security archive builds up. Even more annoying is that if you tell the installer to not use a network mirror, it still tries to reach the security mirror over the network. I did not realize this and actually chewed through most of a month's quota installing a VM recently. That was what finally motivated me to figure this out and fix all of my configurations. In any event, I wanted to follow-up here in case anybody else later searches for something like "apt-cacher-ng 403" because of the security-cdn issue. Regards, -Roberto [*] As of a few months ago I am on a metered Internet connection and so I became motivated to figure this out so that I could update all the machines on my network without obliterating my quota. -- Roberto C. Sánchez
