Supercharge Your Debian Network‘s Speed with an APT Proxy on the Raspberry Pi

Hey there! Setting up an APT proxy server on a Raspberry Pi is a great way for us to speed up software installs and updates across all our Ubuntu, Debian, and Raspbian machines. It may sound complex, but having a local cache for these distros‘ packages makes the update process fly by while saving tons of bandwidth – let‘s get started!

What Exactly is APT Caching?

As you probably know, the Advanced Packaging Tool (APT) built into most Linux distributions handles all software package management duties – installing new apps, applying security patches, upgrading between versions, etc.

By default, APT connects directly to central repositories hosted by the distro whenever you run apt install, apt upgrade, or related commands. It downloads all needed files for each operation every single time straight from the internet source.

You can see how this gets slow and bandwidth-intensive, especially when updating multiple computers!

This is where a caching APT proxy like apt-cacher-ng comes to the rescue. It gives us a central local server that stores copies of all packages after the first download. Now when we go to install the same software somewhere else, those files come straight from the cache instead of the internet. No more redundant copying of the same stuff again and again!

Why apt-cacher-ng?

Specifically, apt-cacher-ng is a next generation fork of the original apt-cacher project aiming to be a fast, efficient, and easy-to-use caching solution. Some key advantages:

  • Designed from the ground up to support concurrency with multiple clients. Benchmarks show over 5x throughput growth compared to old apt-cacher!
  • Low system resource usage – consumes only ~15MB of RAM even under heavy load.
  • Advanced cache awareness features prevent stale data.
  • Built-in web admin interface and monitoring capabilities.
  • Support for HTTPS repositories and access controls.

Plus, Debian-based distributions now directly package apt-cacher-ng making installation trivial. The Raspberry Pi‘s low-cost hardware and Linux environment make it a perfect apt-cacher host!

The project‘s founders report it being used to cache over 140TB of Debian packages by over 600 networks and counting!

Let‘s join them by setting up our own internal apt proxy, with pictures for each step below. You‘ll be glad you did!

Raspberry Pi APT Proxy Server

My own Raspberry Pi apt-cacher-ng caching server!

Hardware and Software Requirements

In order to follow along with this guide, you‘ll need:

Raspberry Pi

Obviously we‘ll be using a Raspberry Pi single board computer as the host for apt-cacher-ng. Nearly any model will work fine, but I personally recommend one of:

  • Raspberry Pi 4 Model B – Best performance and plenty of RAM available. Provides room to run additional services down the road too.
  • Raspberry Pi 400 – Awesome all-in-one unit with built in keyboard. Less expandable but extra convenient.

Either will serve our needs well with all models featuring fast Gigabit ethernet crucial for acting as a server.

Wired Network Connection

Be sure to connect your Pi to your router or switch via wired ethernet, not WiFi. This ensures maximum throughput without any chance of wireless interference. The proxy will be passing hundreds of megabytes if not multiple gigabytes of data.

MicroSD Card

You‘ll also want a speedy, high-endurance MicroSD card like this Samsung model. Expect to handle tens if not hundreds of gigabytes of storage once the cache builds up.

A 16GB or 32GB card gives you room to grow. But anything over 8GB or so will work for just apt-cacher-ng and basic Linux OS needs.


On the software side, we‘ll be running the standard Raspberry Pi OS distribution. Their Raspbian image works perfectly.

Alternatively, you could use Ubuntu Server or another Debian-based distro. But Raspbian tends to be the path of least resistance.

We‘ll install and configure the apt-caching software itself once booted up.

Initial Raspberry Pi Setup

With the hardware in hand, let‘s get our Pi ready for some serious caching duty!

1. Flash OS Image and Boot

Install Raspberry Pi OS to your microSD card by grabbing the image from their site and using Etcher, UNetbootin, or similar imaging tools.

Pop the microSD into your Pi, connect ethernet + power, and allow it to boot up to the desktop for standard configuration using raspi-config.

Expand the file system, change passwords, enable SSH if desired, and finish any other initial tweaks you want.

2. Software Update

Like any good admin, we‘ll start off by upgrading all existing software packages to the latest versions:

sudo apt update
sudo apt full-upgrade -y

This prepares things like the kernel, OpenSSL libraries, and other core components for what‘s next. Reboot once done.

3. Install APT Proxy Package

Now we can finally grab the actual apt-cacher-ng software right from the standard Raspbian repositories:

sudo apt install apt-cacher-ng

Press enter when asked about enabling HTTPS support. We‘ll instead have the proxy talk to clients over plain HTTP for simplicity.

Installation wraps up quickly, automatically configuring systemd unit files to launch the service on every boot.

Configuration Tweaks for an Optimized Proxy

Before sending client traffic towards our new cache server, tweak some settings to optimize performance for our environment.

1. Define Cache Directories

First, locate the main configuration at /etc/apt-cacher-ng/acng.conf. Scroll down to the storage related paths:

# Cache dir config

Adjust CacheDir to point to a disk partition with ample free space for cached packages. I set mine to an external USB 3.0 drive.

Monitor this location and increase the storage as your network usage grows over time.

2. Set Local Cache URL Prefix

Further down, you‘ll see a CachePrefix directive. This controls the URL used to access cached content:


Change that IP address to match your Pi‘s address. You can find it via hostname -I.

3. Customize Expiration Policies

There are also quite a few options that begin with ExT for customizing expiry rules – how long a package stays cached after the last access.

Some reasonable defaults for a home setup might be:


That caches packages up to 100MB in size, allows 20GB total storage, keeps things 60 days if unaccessed, and garbage collects daily.

4. Review Documentation for More Optimization Opportunities

Tons more ways to tweak based on your unique preferences and traffic patterns. See man apt-cacher-ng, /usr/share/doc/apt-cacher-ng, or even the source documentation for all available levers.

We‘ll now put our changes into effect and confirm things are working!

Validating Basic apt-cacher-ng Functionality

Let‘s restart the service and validate all systems go:

1. Restart Daemon and Check Status

Push the latest config and restart via systemd:

sudo systemctl restart apt-cacher-ng
sudo systemctl status apt-cacher-ng

The second command there verifies it came back up cleanly. Leave that terminal open tailing logs with journalctl -f -u apt-cacher-ng too.

2. Browse to Admin Web Interface

Now if you open a browser and navigate to the IP and port:

You should reach the built-in web admin interface, showing you a sleek dashboard with storage usage stats, request/hit counts, and more all at a glance:

apt-cacher-ng Admin Web UI

3. Confirm Clean Package Installation

Try installing something random via apt, like sl – a silly steam engine text animation program:

sudo apt install sl

Watch the web interface or log output, and you should packets flowing through with no issues.

Redirecting Client APT Sources to Leverage Cache

Now comes the fun part – pointing your various Debian or Ubuntu PCs to take advantage of the high-speed proxy cache for their package requests!

1. Identify Proxy IP and Port

On the Pi itself, run hostname -I once more. Grab that IP – your client systems will use it when connecting.

You‘ll also want the default port – 3142.

2. Update APT Sources Lists

Hop onto each Linux computer you want to optimize. Edit /etc/apt/sources.list and modify existing lines to prefix with your Pi‘s IP and port:

# Old way
deb focal main restricted

# New proxied way  
deb focal main restricted 

Do this modification for each repository line. Save changes once complete.

Repeat the process for other sources present under /etc/apt/sources.list.d/ too.

3. Optional – Flush Cache and Test

Optionally, you can delete apt‘s cache and force a refresh to confirm the proxy works as expected:

sudo rm -r /var/lib/apt/lists/*
sudo apt update

Watch network traffic and the web UI to validate packages now route through the central cache as desired.

Maintaining a Performant and Reliable Cache

Like most Linux services, apt-cacher-ng happily hums along in the background without much input once configured. But let‘s review some recommended maintenance items:

1. Monitor Disk Space

Keep an eye on storage consumption via the web UI or CLI. The package cache can grow quickly across multiple clients and distros.

Expand the backing physical or network storage as needed. Or tighten cache expiry rules if space runs short.

2. Watch Cache Hit Rate

Cache hit percentage on the dashboard shows how often requests are served from cache vs. still hitting the internet.

Aim for high 90s percentile and investigate outliers. May signal problems with specific clients, unusual packages, or expired entries.

3. Automated Cache Cleaning

A cron script handles pruning expired cache entries daily. But forcibly wiping the entire cache via the web UI may occasionally help if you suffer odd issues.

4. Consider Access Controls

By default apt-cacher-ng allows unauthenticated access on the listening network. But you can lock down access to specific clients via IP tables if desired.

Or proxy requests through a VPN, VLAN, etc. for extra security.

5. Scale UP Resources Over Time

If managing an apt cache for a large environment or you find resource constraints hitting, consider upgrading to a Raspberry Pi 4 or 400 model.

Or distribute load across a cluster of multiple Pis!

Final Thoughts

Well, there you have it! We‘re now caching Debian/Ubuntu packages on the local network with room to spare for growth. No more slow, redundant internet software downloads whenever we run apt commands!

A Raspberry Pi running apt-cacher-ng makes an incredibly cost-effective and versatile server platform. Don‘t be afraid to experiment with advanced features like subgroups, disk backends, or statistics integrations too.

If you end up taking this apt proxy concept into large scale production, be sure to explore redundancy and failover tactics as well – whether standby Pis, replicated caches, or integrating with existing server infrastructure.

But for most home and small office uses, revel in those lighting fast package upgrades! Now over to installing OpenStack or maybe Jenkins on our newly optimized Raspberry Pi…but that‘s a topic for another day!

Happy caching!