VM Config

VM Specifications:

• CPU: 1vCPU (2 cores)
• RAM: 2 GB
• HD: 100 GB

Change the hostname:

sudo hostnamectl set-hostname apt01.domain.local

Update the IP:

sudo sed -i 's/192.168.30.200/192.168.30.115/g' /etc/netplan/00-installer-config.yaml sudo cat /etc/netplan/00-installer-config.yaml

Install

Update the system

sudo apt update sudo apt -y upgrade

Install the Pre-Reqs

sudo apt -y install apt-cacher-ng

During the install, you will prompted for the following:

"Allow HTTP tunnels through Apt-Cacher NG?"

Select Yes

Configure Apache services

sudo systemctl enable apt-cacher-ng sudo systemctl restart apt-cacher-ng

Make the following changes:

ExThreshold represents the number of days after a package expires.

sudo sed -i 's/ExThreshold: 4/ExThreshold: 30/g' /etc/apt-cacher-ng/acng.conf sudo sed -i 's/# VerboseLog: 1/VerboseLog: 2/g' /etc/apt-cacher-ng/acng.conf sudo sed -i 's/# Debug:3/Debug: 5/g' /etc/apt-cacher-ng/acng.conf

Verify the changes.

sudo cat /etc/apt-cacher-ng/acng.conf | grep -i ExThreshold: sudo cat /etc/apt-cacher-ng/acng.conf | grep -i VerboseLog: sudo cat /etc/apt-cacher-ng/acng.conf | grep -i Debug:

After the above changes, restart the service.

sudo systemctl restart apt-cacher-ng

Use the followoing link to get a report of the packages that have been used:

http://apt01.domain.local:3142/acng-report.html

Firewall Changes

IPv6 is disabled in the template.

UFW is enabled in the template with a default policy todeny incoming, allow outgoing, and allow ssh.

Add firewall rules:

sudo ufw allow 3142/tcp comment apt-cacher-ng

Restart UFW.Show the policies in a numbered order.

sudo service ufw restart sudo ufw status numbered

Secure Apt-Cacher-NG

To add login crednetials to the reporting pageTest to see if active directory group name could be usedsudo vi /etc/apt-cacher-ng/security.confAdminAuth: localadmin:keyPass

echo 'AdminAuth: localadmin:keyPass' | sudo tee -a /etc/apt-cacher-ng/security.conf

Secure the apt-cacher-ng login.

sudo chmod 640 /etc/apt-cacher-ng/security.conf sudo chown root:apt-cacher-ng /etc/apt-cacher-ng/security.conf

Access Control

Access to the cache server can be controlled by using the hosts.allow or hosts deny. If you want to block alllocal traffic execpt specific hosts, use the following:

echo 'apt-cacher-ng : 192.168.30.0/24 10.159.101.150' | sudo tee -a /etc/hosts.allow echo 'apt-cacher-ng : ALL' | sudo tee -a /etc/hosts.deny

Verify the changes:

sudo cat /etc/apt-cacher-ng/security.conf | grep -i AdminAuth sudo cat /etc/hosts.allow | grep -i apt-cacher-ng sudo cat /etc/hosts.deny | grep -i apt-cacher-ng

Client Setup

OPTION 01:

Create the file and instert the following content.

echo 'Acquire::http::Proxy "http://apt01.domain.local:3142";' | sudo tee -a /etc/apt/apt.conf.d/00apt-cacher-ng sudo cat /etc/apt/apt.conf.d/00apt-cacher-ng

OPTION 02:

Option 1 is the preferred method.

sudo sed -i "s/us.archive.ubuntu.com/apt01.domain.local:3142\/us.archive.ubuntu.com/g" /etc/apt/sources.list

Troubleshooting

The default directory where bits are stored is: /var/cache/apt-cacher-ng/

/var/cache/apt-cacher-ng/

Local Cache Cleanup

If the drive fills up, you can clean it by logging intothe web interface and click "Start Scan and/or Expiration." This will purge packages based on expiration.

Alternativley, the directory could be cleared manually.

sudo rm -rf /var/cache/apt-cacher-ng/

Log files are located here:

sudo tail /var/log/apt-cacher-ng/apt-cacher.log sudo tail /var/log/apt-cacher-ng/apt-cacher.err

References

• https://linuxconfig.org/quick-debian-ubuntu-package-caching-proxy-setup-with-apt-cacher-ng
• https://linuxhint.com/ubuntu_package_cache_server
• https://www.xmodulo.com/apt-caching-server-ubuntu-debian.html
• https://www.linuxsysadmins.com/setup-apt-cache-server-on-ubuntu
• https://www.tecmint.com/apt-cache-server-in-ubuntu
• https://fabianlee.org/2018/02/11/ubuntu-a-centralized-apt-package-cache-using-apt-cacher-ng