>I'm not familiar with this. Can you point me to a writeup on how to use it
In apt-cacher-ng (possibly originating from apt-cacher?), if you request an https repo from the cache, it will do a transparent binary proxy to the origin, but it cannot cache in that case. To work around that, you can change your sources to instead of saying "https://"; say "http://HTTPS///"; which makes the request an http request, but signals to the proxy that it should make an https request upstream. For the MITM proxy, as you say it means "Man In The Middle", apt-cacher-ultra will generate a CA key and cert. You then add the cert to the apt config of the client machines by adding the following line to your apt config: Acquire::https::CaInfo "/etc/ssl/certs/apt-cacher-ultra-ca.crt"; apt-cacher-ultra will then, when it gets an incoming request for an https repo, generate a cert for the upstream host, sign it with the CA, and then present the cert to the client. The client then thinks they are talking to the upstream, but the apt cacher can sit in between them and cache the packages in that repo. As the repos are signed, this does not introduce a security concern (in my mind). Sean On Tue, May 19, 2026 at 10:37 AM Charles Curley < [email protected]> wrote: > On Tue, 19 May 2026 08:51:34 -0600 > Sean Reifschneider <[email protected]> wrote: > > > I've been working on a new apt cacher I'm calling "apt-cacher-ultra", > > Interesting. Please keep us posted. > > > MITM https proxy so you don't need to do the "http://HTTPS///"; > > kludge, but you can also get the benefit of the cache (-ng does a > > binary passthrough which bypasses the cache). > > I'm not familiar with this. Can you point me to a writeup on how to use > it and how to use the MITM proxy? I assume here that MITM is Man In The > Middle. > > Thanks. > > -- > Does anybody read signatures any more? > > https://charlescurley.com > https://charlescurley.com/blog/ > >
