getting apt-cacher-ng to pass auth through
Hi, I would like to use apt-cacher-ng to cache the updates from
enterprise.proxmox.com. One thing about this repo is that they have two
different kinds, the http one and the https one, the http one is
non-enterprise and open to all, but the https one is closed and needs a
subscription with a username/password.
In our current setup the proxmox node connects directly to the
enterprise.proxmox.com server and asks for updates but we would like to
stop that and use a cacher instead. My problem is that the
authentication does not seem to be sent through the cacher.
What I have tried so far is to set apt-cacher-ng up with the following
rewrite in /etc/apt-cacher-ng/acng.conf
Remap-proxmox: http://enterprise.proxmox.com ;
https://enterprise.proxmox.com
In the proxmox machine I have told it to use our local cacher by setting
this in /etc/apt.conf.d/02proxy
Acquire::http::Proxy "http://192.168.140.18:3142";;
where 192.168.140.18 is the IP of our apt-cacher-ng server. In
/etc/apt/sources.list.d/pve-enterprise.list we put deb
http://enterprise.proxmox.com/debian/pve buster pve-enterprise (the http
is needed since apt-cacher-ng does not understand https).
With this setup then I run apt-update and it fails in the way that it
fetches the http Release file instead of the https one, here is the
output on the proxmox machine:
root@production-proxmox-slave01:~# apt update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://ftp.dk.debian.org/debian buster InRelease
Hit:3 http://ftp.dk.debian.org/debian buster-updates InRelease
Err:4 http://enterprise.proxmox.com/debian/pve buster InRelease
401 Unauthorized [IP: 192.168.140.18 3142]
Reading package lists... Done
E: Failed to fetch
http://enterprise.proxmox.com/debian/pve/dists/buster/InRelease 401
Unauthorized [IP: 192.168.140.18 3142]
E: The repository 'http://enterprise.proxmox.com/debian/pve buster
InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
As you can see the cacher works fine for normal debian repos
On the apt-cacher-ng server I put VerboseLog to 2 and Debug to 7, the
output to /var/log/apt-cacher-ng/apt-cacher.err is the following:
Tue Jul 6 10:51:52 2021|fileitem::DoDelayedUnregAndCheck, nextRunTime
now: 9223372036854775805
Tue Jul 6 10:51:55 2021|Detected incoming connection from the TCP socket
Tue Jul 6 10:51:55 2021|Client name: 192.168.140.30
Tue Jul 6 10:51:55 2021|Detected incoming connection from the TCP socket
Tue Jul 6 10:51:55 2021|Client name: 192.168.140.30
Tue Jul 6 10:51:55 2021|Detected incoming connection from the TCP socket
Tue Jul 6 10:51:55 2021|Client name: 192.168.140.30
Tue Jul 6 10:51:55 2021|Decoded request URI:
http://ftp.dk.debian.org/debian/dists/buster/InRelease
Tue Jul 6 10:51:55 2021|Processing new job, GET
http://ftp.dk.debian.org/debian/dists/buster/InRelease HTTP/1.1
Tue Jul 6 10:51:55 2021|Decoded request URI:
http://security.debian.org/dists/buster/updates/InRelease
Tue Jul 6 10:51:55 2021|Processing new job, GET
http://security.debian.org/dists/buster/updates/InRelease HTTP/1.1
Tue Jul 6 10:51:55 2021|Decoded request URI:
http://enterprise.proxmox.com/debian/pve/dists/buster/InRelease
Tue Jul 6 10:51:55 2021|Processing new job, GET
http://enterprise.proxmox.com/debian/pve/dists/buster/InRelease HTTP/1.1
Tue Jul 6 10:51:55 2021|Download started, storeHeader for
secdeb/dists/buster/updates/InRelease, current status: 1
Tue Jul 6 10:51:55 2021|Response header to be sent in the next cycle:
HTTP/1.1 304 Not Modified
Content-Length: 0
Date: Tue Jul 6 08:51:55 2021
Server: Debian Apt-Cacher NG/3.2.1
X-Original-Source: http://security.debian.org/dists/buster/updates/InRelease
Connection: Keep-Alive
Tue Jul 6 10:51:55 2021|Returning to last state, 6
Tue Jul 6 10:51:55 2021|Download started, storeHeader for
debrep/dists/buster/InRelease, current status: 1
Tue Jul 6 10:51:55 2021|known data hit, don't write to:
debrep/dists/buster/InRelease
Tue Jul 6 10:51:55 2021|Response header to be sent in the next cycle:
HTTP/1.1 304 Not Modified
Content-Length: 0
Date: Tue Jul 6 08:51:55 2021
Server: Debian Apt-Cacher NG/3.2.1
X-Original-Source: http://deb.debian.org/debian/dists/buster/InRelease
Connection: Keep-Alive
Tue Jul 6 10:51:55 2021|Returning to last state, 6
Tue Jul 6 10:51:55 2021|Decoded request URI:
http://ftp.dk.debian.org/debian/dists/buster-updates/InRelease
Tue Jul 6 10:51:55 2021|Processing new job, GET
http://ftp.dk.debian.org/debian/dists/buster-updates/InRelease HTTP/1.1
Tue Jul 6 10:51:55 2021|Download started, storeHeader for
debrep/dists/buster-updates/InRelease, current status: 1
Tue Jul 6 10:51:55 2021|known data hit, don't write to:
debrep/dists/buster-updates/InRelease
Tue Jul 6 10:51:55 2021|Response header to be sent in the next cycle:
HTTP/1.1 304 Not Modified
Content-Length: 0
Date: Tue Jul 6 08:51:55 2021
Server: Debian Apt-Cacher NG/3.2.1
X-Original-Source:
http://deb.debian.org/debian/dists/buster-updates/InRelease
Connection: Keep-Alive
Tue Jul 6 10:51:55 2021|Returning to last state, 6
Tue Jul 6 10:51:55 2021|Download started, storeHeader for
proxmox/debian/pve/dists/buster/InRelease, current status: 1
Tue Jul 6 10:51:55 2021|Response header to be sent in the next cycle:
HTTP/1.1 401 Unauthorized
Content-Length: 0
Date: Tue Jul 6 08:51:55 2021
Server: Debian Apt-Cacher NG/3.2.1
X-Original-Source:
https://enterprise.proxmox.com/debian/pve/dists/buster/InRelease
Connection: Keep-Alive
Tue Jul 6 10:51:55 2021|Returning to last state, 6
The above shows successfull processing of normal debian repos but the
last one is for proxmox and we get a HTTP/1.1 401 Unauthorized.
I know that https rewrite works because I have done the same kind of
rewrite for elasticsearch which also needs https but no authentication
so the only caulprit I can find the authentication. How to send that
through the proxy or give the proxy the neccesary credentials?
Best regards, Oli
Reply to: