# Letter case in directive names does not matter. Must be separated with colons. # Valid boolean values are a zero number for false, non-zero numbers for true. CacheDir: <%= node['apt']['cacher_dir'] %> # set empty to disable logging LogDir: /var/log/apt-cacher-ng # place to look for additional configuration and resource files if they are not # found in the configuration directory # SupportDir: /usr/lib/apt-cacher-ng # TCP (http) port # Set to 9999 to emulate apt-proxy Port:<%= node['apt']['cacher_port'] %> # Addresses or hostnames to listen on. Multiple addresses must be separated by # spaces. Each entry must be an exact local address which is associated with a # local interface. DNS resolution is performed using getaddrinfo(3) for all # available protocols (IPv4, IPv6, ...). Using a protocol specific format will # create binding(s) only on protocol specific socket(s) (e.g. 0.0.0.0 will listen # only to IPv4). # # Default: not set, will listen on all interfaces and protocols # # BindAddress: localhost 192.168.7.254 publicNameOnMainInterface # The specification of another proxy which shall be used for downloads. # Username and password are, and see manual for limitations. # #Proxy: http://www-proxy.example.net:80 #proxy: username:proxypassword@proxy.example.net:3128 # Repository remapping. See manual for details. # In this example, some backends files might be generated during package # installation using information collected on the system. Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives # This is usually not needed for security.debian.org because it's always the # same DNS hostname. However, it might be enabled in order to use hooks, # ForceManaged mode or special flags in this context. # Remap-secdeb: security.debian.org # Virtual page accessible in a web browser to see statistics and status # information, i.e. under http://localhost:3142/acng-report.html ReportPage: acng-report.html # Socket file for accessing through local UNIX socket instead of TCP/IP. Can be # used with inetd bridge or cron client. # SocketPath:/var/run/apt-cacher-ng/socket # Forces log file to be written to disk after every line when set to 1. Default # is 0, buffers are flushed when the client disconnects. # # (technically, alias to the Debug option, see its documentation for details) # # UnbufferLogs: 0 # Set to 0 to store only type, time and transfer sizes. # 1 -> client IP and relative local path are logged too # VerboseLog: 1 # Don't detach from the console # ForeGround: 0 # Store the pid of the daemon process therein # PidFile: /var/run/apt-cacher-ng/pid # Forbid outgoing connections, work around them or respond with 503 error # offlinemode:0 # Forbid all downloads that don't run through preconfigured backends (.where) #ForceManaged: 0 # Days before considering an unreferenced file expired (to be deleted). # Warning: if the value is set too low and particular index files are not # available for some days (mirror downtime) there is a risk of deletion of # still useful package files. ExTreshold: 4 # Stop expiration when a critical problem appeared. Currently only failed # refresh of an index file is considered as critical. # # WARNING: don't touch this option or set to zero. # Anything else is DANGEROUS and may cause data loss. # # ExAbortOnProblems: 1 # Replace some Windows/DOS-FS incompatible chars when storing # StupidFs: 0 # Experimental feature for apt-listbugs: pass-through SOAP requests and # responses to/from bugs.debian.org. If not set, default is true if # ForceManaged is enabled and false otherwise. # ForwardBtsSoap: 1 # The daemon has a small cache for DNS data, to speed up resolution. The # expiration time of the DNS entries can be configured in seconds. # DnsCacheSeconds: 3600 # Don't touch the following values without good consideration! # # Max. count of connection threads kept ready (for faster response in the # future). Should be a sane value between 0 and average number of connections, # and depend on the amount of spare RAM. # MaxStandbyConThreads: 8 # # Hard limit of active thread count for incoming connections, i.e. operation # is refused when this value is reached (below zero = unlimited). # MaxConThreads: -1 # # Pigeonholing files with regular expressions (static/volatile). Can be # overriden here but not should not be done permanently because future update # of default settings would not be applied later. # VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.* # PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$ # Whitelist for expiration, file types not to be removed even when being # unreferenced. Default: many parts from VfilePattern where no parent index # exists or might be unknown. # WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.* # Higher modes only working with the debug version # Warning, writes a lot into apt-cacher.err logfile # Value overwrites UnbufferLogs setting (aliased) # Debug:3 # Usually, general purpose proxies like Squid expose the IP address of the # client user to the remote server using the X-Forwarded-For HTTP header. This # behaviour can be optionally turned on with the Expose-Origin option. # ExposeOrigin: 0 # When logging the originating IP address, trust the information supplied by # the client in the X-Forwarded-For header. # LogSubmittedOrigin: 0 # The version string reported to the peer, to be displayed as HTTP client (and # version) in the logs of the mirror. # WARNING: some archives use this header to detect/guess capabilities of the # client (i.e. redirection support) and change the behaviour accordingly, while # ACNG might not support the expected features. Expect side effects. # # UserAgent: Yet Another HTTP Client/1.2.3p4 # In some cases the Import and Expiration tasks might create fresh volatile # data for internal use by reconstructing them using patch files. This # by-product might be recompressed with bzip2 and with some luck the resulting # file becomes identical to the *.bz2 file on the server, usable for APT # clients trying to fetch the full .bz2 compressed version. Injection of the # generated files into the cache has however a disadvantage on underpowered # servers: bzip2 compression can create high load on the server system and the # visible download of the busy .bz2 files also becomes slower. # # RecompBz2: 0 # Network timeout for outgoing connections. # NetworkTimeout: 60 # Sometimes it makes sense to not store the data in cache and just return the # package data to client as it comes in. DontCache parameters can enable this # behaviour for certain URL types. The tokens are extended regular expressions # that URLs are matched against. # # DontCacheRequested is applied to the URL as it comes in from the client. # Example: exclude packages built with kernel-package for x86 # DontCacheRequested: linux-.*_10\...\.Custo._i386 # Example usecase: exclude popular private IP ranges from caching # DontCacheRequested: 192.168.0 ^10\..* 172.30 # # DontCacheResolved is applied to URLs after mapping to the target server. If # multiple backend servers are specified then it's only matched against the # download link for the FIRST possible source (due to implementation limits). # Example usecase: all Ubuntu stuff comes from a local mirror (specified as # backend), don't cache it again: # DontCacheResolved: ubuntumirror.local.net # # DontCache directive sets (overrides) both, DontCacheResolved and # DontCacheRequested. Provided for convenience, see those directives for # details. # # Default permission set of freshly created files and directories, as octal # numbers (see chmod(1) for details). # Can by limited by the umask value (see umask(2) for details) if it's set in # the environment of the starting shell, e.g. in apt-cacher-ng init script or # in its configuration file. # DirPerms: 00755 # FilePerms: 00664 # # # It's possible to use use apt-cacher-ng as a regular web server with limited # feature set, i.e. # including directory browsing and download of any file; # excluding sorting, mime types/encodings, CGI execution, index page # redirection and other funny things. # To get this behavior, mappings between virtual directories and real # directories on the server must be defined with the LocalDirs directive. # Virtual and real dirs are separated by spaces, multiple pairs are separated # by semi-colons. Real directories must be absolute paths. # NOTE: Since the names of that key directories share the same namespace as # repository names (see Remap-...) it's administrators job to avoid such # collisions on them (unless created deliberately). # # LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm # Precache a set of files referenced by specified index files. This can be used # to create a partial mirror usable for offline work. There are certain limits # and restrictions on the path specification, see manual for details. A list of # (maybe) relevant index files could be retrieved via # "apt-get --print-uris update" on a client machine. # # PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages* # Arbitrary set of data to append to request headers sent over the wire. Should # be a well formated HTTP headers part including newlines (DOS style) which # can be entered as escape sequences (\r\n). # RequestAppendix: X-Tracking-Choice: do-not-track\r\n # Specifies the IP protocol families to use for remote connections. Order does # matter, first specified are considered first. Possible combinations: # v6 v4 # v4 v6 # v6 # v4 # (empty or not set: use system default) # # ConnectProto: v6 v4 # Regular expiration algorithm finds package files which are no longer listed # in any index file and removes them of them after a safety period. # This option allows to keep more versions of a package in the cache after # safety period is over. # KeepExtraVersions: 1 # Optionally uses TCP access control provided by libwrap, see hosts_access(5) # for details. Daemon name is apt-cacher-ng. Default if not set: decided on # startup by looking for explicit mentioning of apt-cacher-ng in # /etc/hosts.allow or /etc/hosts.deny files. # UseWrap: 0 # If many machines from the same local network attempt to update index files # (apt-get update) at nearly the same time, the known state of these index file # is temporarily frozen and multiple requests receive the cached response # without contacting the server. This parameter (in seconds) specifies the # length of this period before the files are considered outdated. # Setting it too low transfers more data and increases remote server load, # setting it too high (more than a couple of minutes) increases the risk of # delivering inconsistent responses to the clients. # FreshIndexMaxAge: 27 # Usually the users are not allowed to specify custom TCP ports of remote # mirrors in the requests, only the default HTTP port can be used (instead, # proxy administrator can create Remap- rules with custom ports). This # restriction can be disabled by specifying a list of allowed ports or 0 for # any port. # # AllowUserPorts: 80 # Normally the HTTP redirection responses are forwarded to the original caller # (i.e. APT) which starts a new download attempt from the new URL. This # solution is ok for client configurations with proxy mode but doesn't work # well with configurations using URL prefixes. To work around this the server # can restart its own download with another URL. However, this might be used to # circumvent download source policies by malicious users. # The RedirMax option specifies how many such redirects the server should # follow per request, 0 disables the internal redirection. If not set, # default value is 0 if ForceManaged is used and 5 otherwise. # # RedirMax: 5