Hey there! Setting up an APT proxy server on a Raspberry Pi is a great way for us to speed up software installs and updates across all our Ubuntu, Debian, and Raspbian machines. It may sound complex, but having a local cache for these distros‘ packages makes the update process fly by while saving tons of bandwidth – let‘s get started!
What Exactly is APT Caching?
As you probably know, the Advanced Packaging Tool (APT) built into most Linux distributions handles all software package management duties – installing new apps, applying security patches, upgrading between versions, etc.
By default, APT connects directly to central repositories hosted by the distro whenever you run apt install
, apt upgrade
, or related commands. It downloads all needed files for each operation every single time straight from the internet source.
You can see how this gets slow and bandwidth-intensive, especially when updating multiple computers!
This is where a caching APT proxy like apt-cacher-ng comes to the rescue. It gives us a central local server that stores copies of all packages after the first download. Now when we go to install the same software somewhere else, those files come straight from the cache instead of the internet. No more redundant copying of the same stuff again and again!
Why apt-cacher-ng?
Specifically, apt-cacher-ng is a next generation fork of the original apt-cacher project aiming to be a fast, efficient, and easy-to-use caching solution. Some key advantages:
- Designed from the ground up to support concurrency with multiple clients. Benchmarks show over 5x throughput growth compared to old apt-cacher!
- Low system resource usage – consumes only ~15MB of RAM even under heavy load.
- Advanced cache awareness features prevent stale data.
- Built-in web admin interface and monitoring capabilities.
- Support for HTTPS repositories and access controls.
Plus, Debian-based distributions now directly package apt-cacher-ng making installation trivial. The Raspberry Pi‘s low-cost hardware and Linux environment make it a perfect apt-cacher host!
The project‘s founders report it being used to cache over 140TB of Debian packages by over 600 networks and counting!
Let‘s join them by setting up our own internal apt proxy, with pictures for each step below. You‘ll be glad you did!
My own Raspberry Pi apt-cacher-ng caching server!
Hardware and Software Requirements
In order to follow along with this guide, you‘ll need:
Raspberry Pi
Obviously we‘ll be using a Raspberry Pi single board computer as the host for apt-cacher-ng. Nearly any model will work fine, but I personally recommend one of:
- Raspberry Pi 4 Model B – Best performance and plenty of RAM available. Provides room to run additional services down the road too.
- Raspberry Pi 400 – Awesome all-in-one unit with built in keyboard. Less expandable but extra convenient.
Either will serve our needs well with all models featuring fast Gigabit ethernet crucial for acting as a server.
Wired Network Connection
Be sure to connect your Pi to your router or switch via wired ethernet, not WiFi. This ensures maximum throughput without any chance of wireless interference. The proxy will be passing hundreds of megabytes if not multiple gigabytes of data.
MicroSD Card
You‘ll also want a speedy, high-endurance MicroSD card like this Samsung model. Expect to handle tens if not hundreds of gigabytes of storage once the cache builds up.
A 16GB or 32GB card gives you room to grow. But anything over 8GB or so will work for just apt-cacher-ng and basic Linux OS needs.
Software
On the software side, we‘ll be running the standard Raspberry Pi OS distribution. Their Raspbian image works perfectly.
Alternatively, you could use Ubuntu Server or another Debian-based distro. But Raspbian tends to be the path of least resistance.
We‘ll install and configure the apt-caching software itself once booted up.
Initial Raspberry Pi Setup
With the hardware in hand, let‘s get our Pi ready for some serious caching duty!
1. Flash OS Image and Boot
Install Raspberry Pi OS to your microSD card by grabbing the image from their site and using Etcher, UNetbootin, or similar imaging tools.
Pop the microSD into your Pi, connect ethernet + power, and allow it to boot up to the desktop for standard configuration using raspi-config
.
Expand the file system, change passwords, enable SSH if desired, and finish any other initial tweaks you want.
2. Software Update
Like any good admin, we‘ll start off by upgrading all existing software packages to the latest versions:
sudo apt update
sudo apt full-upgrade -y
This prepares things like the kernel, OpenSSL libraries, and other core components for what‘s next. Reboot once done.
3. Install APT Proxy Package
Now we can finally grab the actual apt-cacher-ng
software right from the standard Raspbian repositories:
sudo apt install apt-cacher-ng
Press enter when asked about enabling HTTPS support. We‘ll instead have the proxy talk to clients over plain HTTP for simplicity.
Installation wraps up quickly, automatically configuring systemd
unit files to launch the service on every boot.
Configuration Tweaks for an Optimized Proxy
Before sending client traffic towards our new cache server, tweak some settings to optimize performance for our environment.
1. Define Cache Directories
First, locate the main configuration at /etc/apt-cacher-ng/acng.conf
. Scroll down to the storage related paths:
# Cache dir config
CacheDir=/var/cache/apt-cacher-ng
LogDir=/var/log/apt-cacher-ng
Adjust CacheDir to point to a disk partition with ample free space for cached packages. I set mine to an external USB 3.0 drive.
Monitor this location and increase the storage as your network usage grows over time.
2. Set Local Cache URL Prefix
Further down, you‘ll see a CachePrefix
directive. This controls the URL used to access cached content:
CachePrefix=192.168.1.100
Change that IP address to match your Pi‘s address. You can find it via hostname -I
.
3. Customize Expiration Policies
There are also quite a few options that begin with ExT
for customizing expiry rules – how long a package stays cached after the last access.
Some reasonable defaults for a home setup might be:
ExMaxFileSize=100M
ExMaxTotalSize=20G
ExTTL=60d
ExGarbageCollect=1d
That caches packages up to 100MB in size, allows 20GB total storage, keeps things 60 days if unaccessed, and garbage collects daily.
4. Review Documentation for More Optimization Opportunities
Tons more ways to tweak based on your unique preferences and traffic patterns. See man apt-cacher-ng
, /usr/share/doc/apt-cacher-ng
, or even the source documentation for all available levers.
We‘ll now put our changes into effect and confirm things are working!
Validating Basic apt-cacher-ng Functionality
Let‘s restart the service and validate all systems go:
1. Restart Daemon and Check Status
Push the latest config and restart via systemd:
sudo systemctl restart apt-cacher-ng
sudo systemctl status apt-cacher-ng
The second command there verifies it came back up cleanly. Leave that terminal open tailing logs with journalctl -f -u apt-cacher-ng
too.
2. Browse to Admin Web Interface
Now if you open a browser and navigate to the IP and port:
http://192.168.1.100:3142/acng-report.html
You should reach the built-in web admin interface, showing you a sleek dashboard with storage usage stats, request/hit counts, and more all at a glance:
3. Confirm Clean Package Installation
Try installing something random via apt, like sl
– a silly steam engine text animation program:
sudo apt install sl
Watch the web interface or log output, and you should packets flowing through with no issues.
Redirecting Client APT Sources to Leverage Cache
Now comes the fun part – pointing your various Debian or Ubuntu PCs to take advantage of the high-speed proxy cache for their package requests!
1. Identify Proxy IP and Port
On the Pi itself, run hostname -I
once more. Grab that IP – your client systems will use it when connecting.
You‘ll also want the default port – 3142.
2. Update APT Sources Lists
Hop onto each Linux computer you want to optimize. Edit /etc/apt/sources.list
and modify existing lines to prefix with your Pi‘s IP and port:
# Old way
deb http://us.archive.ubuntu.com/ubuntu/ focal main restricted
# New proxied way
deb http://192.168.1.100:3142/us.archive.ubuntu.com/ubuntu/ focal main restricted
Do this modification for each repository line. Save changes once complete.
Repeat the process for other sources present under /etc/apt/sources.list.d/
too.
3. Optional – Flush Cache and Test
Optionally, you can delete apt‘s cache and force a refresh to confirm the proxy works as expected:
sudo rm -r /var/lib/apt/lists/*
sudo apt update
Watch network traffic and the web UI to validate packages now route through the central cache as desired.
Maintaining a Performant and Reliable Cache
Like most Linux services, apt-cacher-ng happily hums along in the background without much input once configured. But let‘s review some recommended maintenance items:
1. Monitor Disk Space
Keep an eye on storage consumption via the web UI or CLI. The package cache can grow quickly across multiple clients and distros.
Expand the backing physical or network storage as needed. Or tighten cache expiry rules if space runs short.
2. Watch Cache Hit Rate
Cache hit percentage on the dashboard shows how often requests are served from cache vs. still hitting the internet.
Aim for high 90s percentile and investigate outliers. May signal problems with specific clients, unusual packages, or expired entries.
3. Automated Cache Cleaning
A cron script handles pruning expired cache entries daily. But forcibly wiping the entire cache via the web UI may occasionally help if you suffer odd issues.
4. Consider Access Controls
By default apt-cacher-ng allows unauthenticated access on the listening network. But you can lock down access to specific clients via IP tables if desired.
Or proxy requests through a VPN, VLAN, etc. for extra security.
5. Scale UP Resources Over Time
If managing an apt cache for a large environment or you find resource constraints hitting, consider upgrading to a Raspberry Pi 4 or 400 model.
Or distribute load across a cluster of multiple Pis!
Final Thoughts
Well, there you have it! We‘re now caching Debian/Ubuntu packages on the local network with room to spare for growth. No more slow, redundant internet software downloads whenever we run apt
commands!
A Raspberry Pi running apt-cacher-ng makes an incredibly cost-effective and versatile server platform. Don‘t be afraid to experiment with advanced features like subgroups, disk backends, or statistics integrations too.
If you end up taking this apt proxy concept into large scale production, be sure to explore redundancy and failover tactics as well – whether standby Pis, replicated caches, or integrating with existing server infrastructure.
But for most home and small office uses, revel in those lighting fast package upgrades! Now over to installing OpenStack or maybe Jenkins on our newly optimized Raspberry Pi…but that‘s a topic for another day!
Happy caching!