APT/Raspbian caching

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

APT/Raspbian caching

One of the deployments I have is a cluster of Raspberry Pis. I am trying to cache apt content. The cluster has one node running (only) squid 3.5.23 with an external HDD. All the nodes have an entry in apt.conf.d pointing to the squid node:

Acquire::http::Proxy "http://localhost:3128";  (this is on the squid machine)

I find that the fetching of the release and index files is painfully slow. Squid seems to be caching the .deb and .udeb files and providing them once they've been downloaded but the apt update command seems particularly slow. All the Pi's are running the stretch release with some also using (Debian's) stretch-backports

Thoughts that spring to mind:

1. The Raspberry Pi foundation machines/network are overloaded.

2. IPv6 timing out and then trying IPv4 (both are enabled on the Pi)

3. Maybe APT is using HTTPS and I need to define a port for it to listen on.

Has anyone on the list tried using apt-cacher-ng with squid?

Below is my squid.conf and some output from apt taken from the Pi3 running squid.


sudo apt update

Get:1 http://archive.raspberrypi.org/debian stretch InRelease [25.3 kB]

Get:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease [15.0 kB]

Fetched 40.2 kB in 1min 2s (639 B/s)

Reading package lists... Done

Building dependency tree

Reading state information... Done

All packages are up to date.

ping archive.raspberrypi.org

PING lb.raspberrypi.org ( 56(84) bytes of data.

64 bytes from ( icmp_seq=1 ttl=52 time=301 ms

64 bytes from ( icmp_seq=2 ttl=52 time=301 ms

PING mirrordirector.raspbian.org ( 56(84) bytes of data.

64 bytes from ( icmp_seq=1 ttl=52 time=300 ms

64 bytes from ( icmp_seq=2 ttl=52 time=301 ms


acl localnet src # internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl aptop src 192.168.*.**  # lappie (redacted)

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http


acl ads dstdomain .doubleclick.net

acl phishing dstdomain .flashtalking.com


# Recommended minimum Access Permission configuration:


# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# Deny adverts and phishing

http_access deny ads

http_access deny phishing

# Only allow cachemgr access from laptop

http_access allow laptop manager

http_access deny manager




# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

http_port 3128

# Memory to use (default 8Mb)

cache_mem 500 MB

# Max object to cache (default 4Mb)

maximum_object_size 256 MB

# replacement_policy (default lru)

memory_replacement_policy lru

cache_replacement_policy heap LFUDA

# disk cache aufs, directory, 18Gb, 32x256 directories

cache_dir aufs /var/spool/squid 18432 32 256

# Dont abort downloads cache them

quick_abort_min -1 KB

# client_request_buffer_max_size (default 512 KB) used for uploads

client_request_buffer_max_size 128 KB

# Coredumps

coredump_dir /var/spool/squid

# Access logging

access_log /var/log/squid/access.log squid

# Cache log

cache_log /var/log/squid/cache.log

# number of logfiles to keep

logfile_rotate 5

# NetDB log disabled

netdb_filename none

# debian refresh pattern

refresh_pattern (\.deb|\.udeb)$ 1440 80% 10080


# Add any of your own refresh_pattern entries above these.


refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

# iinet DNS name servers


# verify dest servers (default off)

host_verify_strict on

# max number of open files

max_filedescriptors 1024

# try IPv4 before IPv6

dns_v4_first on

# disable pinger (default on)

pinger_enable off

# shutdown delay (default 30 secs)

shutdown_lifetime 5 seconds
squid-users mailing list
[hidden email]