APT-CACHER-NG - Base Config
Installation
Debian / Ubuntu
Install the package from the official repositories:
sudo apt update sudo apt install apt-cacher-ng
The service is automatically started after installation.
Check service status:
systemctl status apt-cacher-ng
Enable it at boot:
sudo systemctl enable apt-cacher-ng
RHEL / Rocky / AlmaLinux
Enable EPEL and install:
sudo dnf install epel-release sudo dnf install apt-cacher-ng
Start and enable the service:
sudo systemctl start apt-cacher-ng sudo systemctl enable apt-cacher-ng
Directory Layout
Default paths (may vary by distribution):
- Configuration:
/etc/apt-cacher-ng/ - Main configuration file:
/etc/apt-cacher-ng/acng.conf - Cache storage:
/var/cache/apt-cacher-ng/ - Logs:
/var/log/apt-cacher-ng/
Cache directory structure example:
deb/– cached Debian/Ubuntu packagesubuntu/– Ubuntu repositoriessecurity.ubuntu.com/partial/– incomplete downloads
Core Configuration
Edit the main configuration file:
sudo nano /etc/apt-cacher-ng/acng.conf
Cache Directory
CacheDir: /var/cache/apt-cacher-ng
Listening Port
Default port is 3142:
Port:3142
Bind Address
Restrict listening interface:
BindAddress: 0.0.0.0
For localhost only:
BindAddress: 127.0.0.1
Client Configuration
Using APT Proxy Configuration
Create a proxy configuration file on the client:
sudo nano /etc/apt/apt.conf.d/02proxy
Content:
Acquire::http::Proxy "http://APT_CACHER_IP:3142"; Acquire::https::Proxy "http://APT_CACHER_IP:3142";
Example:
Acquire::http::Proxy "http://192.168.1.10:3142";
Test:
sudo apt update
HTTPS and SSL Handling
apt-cacher-ng does not decrypt HTTPS, but tunnels it.
Ensure HTTPS support is enabled (default):
PassThroughPattern: .*
HTTPS repositories benefit from metadata caching but not from package-level deduplication.
Supported Repositories
apt-cacher-ng supports:
- Debian
- Ubuntu
- Linux Mint
- Kali Linux
- Proxmox
- Docker APT repositories
- Custom APT repositories
Example custom repository rewrite:
Remap-myrepo: file:custom_mirror /myrepo
Pre-Fetching Packages
Pre-download packages to warm the cache:
sudo apt-cacher-ng -c /etc/apt-cacher-ng/acng.conf
Or from a client:
sudo apt install --download-only linux-image-generic
Cache Maintenance
Check Cache Usage
du -sh /var/cache/apt-cacher-ng
Expire Old Packages
Manual expiration:
sudo apt-cacher-ng -c /etc/apt-cacher-ng/acng.conf -e
Clear Cache Completely
sudo systemctl stop apt-cacher-ng sudo rm -rf /var/cache/apt-cacher-ng/* sudo systemctl start apt-cacher-ng
Logging and Monitoring
Log files:
apt-cacher.logapt-cacher.errapt-cacher.debug
Tail logs in real time:
tail -f /var/log/apt-cacher-ng/apt-cacher.log
Web interface (read-only):
http://APT_CACHER_IP:3142/acng-report.html
Security Hardening
Restrict Access
Firewall example:
sudo ufw allow from 192.168.1.0/24 to any port 3142
Bind only to internal IP:
BindAddress: 192.168.1.10
Protect Administrative Pages
AdminAuth: admin:strongpassword
Performance Tuning
Increase file descriptor limit:
ulimit -n 65535
Adjust worker threads:
MaxConThreads: 50
Using SSD-backed storage for the cache significantly improves performance.
Integration with Containers
Example Docker run:
docker run -d \ -p 3142:3142 \ -v /var/cache/apt-cacher-ng:/var/cache/apt-cacher-ng \ apt-cacher-ng
Dockerfile APT proxy usage:
RUN echo 'Acquire::http::Proxy "http://host.docker.internal:3142";' \
> /etc/apt/apt.conf.d/02proxy
Troubleshooting
Clients Do Not Use Cache
- Verify proxy configuration on client
- Inspect logs:
grep CONNECT /var/log/apt-cacher-ng/apt-cacher.log
Permission Errors
Fix ownership:
sudo chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
Restart service:
sudo systemctl restart apt-cacher-ng
Port Already in Use
Check port usage:
sudo ss -tulpn | grep 3142
Change port if required:
Port:3143
Corrupted Cache
Clean and rebuild partial cache:
sudo systemctl stop apt-cacher-ng sudo rm -rf /var/cache/apt-cacher-ng/partial/* sudo systemctl start apt-cacher-ng
