installing Ubuntu https PPA's with squid caching

Colin Watson cjwatson at ubuntu.com
Tue Nov 20 08:24:57 UTC 2018


On Sun, Nov 18, 2018 at 10:16:48PM -0700, Stuart McGraw wrote:
> TL;DR: How to set up apt and a squid proxy so that
> https urls are cached?

The standard mechanism for proxying HTTPS, and as far as I know the only
method that apt supports directly for https:// URLs, asks the proxy to
set up a tunnelled encrypted connection (using the HTTP CONNECT verb)
and then does end-to-end-encrypted communication with the target host.
When using this setup, squid can really only shuffle bytes back and
forward; it doesn't see enough of the request or response to be able to
cache anything.  (Of course this is still sometimes useful in situations
where the issue is connectivity rather than bandwidth.)

I think your best bet is going to be apt-cacher-ng: you can use its
"remapping" facility to tell it that a given set of http:// and/or
https:// mirrors are in fact to be considered identical for the purposes
of caching, or it has a hack where you can put "HTTPS///" in the URL so
that apt thinks it's using HTTP but then apt-cacher-ng uses HTTPS to
talk to the upstream mirror.  Either way is going to involve adjusting
URLs on the client side, but it sounds like that will be worth it for
you.

Some links:

  https://www.unix-ag.uni-kl.de/~bloch/acng/html/config-servquick.html#config-client
  https://www.unix-ag.uni-kl.de/~bloch/acng/html/config-serv.html#repmap
  https://www.unix-ag.uni-kl.de/~bloch/acng/html/howtos.html#ssluse

-- 
Colin Watson                                       [cjwatson at ubuntu.com]



More information about the ubuntu-users mailing list