Force APT/Software installation to use HTTP instead of HTTPS Topic is solved

[dUCK]

Is there a setting to toggle utilizing HTTP instead of HTTPS for APT?

Everything added in /etc/apt/sources.list and /etc/apt/sources.list.d/* are HTTPS and I would like them to be HTTP so the APT caching proxy I use (apt-cacher-ng) will cache them.

As it stands right now if I install software from the menu, repositories are added as HTTPS.

[Joulinar]

Hi,

many thanks for your message. Simply change all source files in /etc/apt/sources.list and /etc/apt/sources.list.d/* to HTTP. There is no tool or global setting to do this.

[dUCK]

Hi,

many thanks for your message. Simply change all source files in /etc/apt/sources.list and /etc/apt/sources.list.d/* to HTTP. There is no tool or global setting to do this.

This isn't a solution when installing software through the dietpi-software menu because the scripts automatically overwrite any changes made.

For example, if I install something that adds the mono-xamarin.list file, it will be added as HTTPS and begin downloading, giving me no time to change the file.

If I install any other software that utilizes this repository, mono-xamarin.list will be overwritten attempting to install it.

[Joulinar]

source files created by dietpi-software are hardcoded into the script

[dUCK]

source files created by dietpi-software are hardcoded into the script

Thank you. Maybe I can write a script to parse this file and replace instaces of HTTPS with HTTP.

[Joulinar]

dietpi-software will be replaced an each dietpi-update

Did you had a look to Debian Wiki? https://wiki.debian.org/AptCacherNg
Last point is talking about how to deal with https repositories and is providing a simple solution to tunnel HTTPS connections directly on the proxy

[dUCK]

dietpi-software will be replaced an each dietpi-update

Did you had a look to Debian Wiki? https://wiki.debian.org/AptCacherNg
Last point is talking about how to deal with https repositories and is providing a simple solution to tunnel HTTPS connections directly on the proxy

Yes, but tunneling HTTPS does not allow files to be cached as HTTPS cannot be understood.

The downside is that HTTPS content is not cached.

[dUCK]

HTTPS can be utilized, but HTTP must be defined prior in the sources.list.

https://blog.packagecloud.io/eng/2015/0 ... h-ssl-tls/

Caching objects

To cache packages and indexes retrieved via SSL/TLS repositories, we will have to configure apt-cacher-ng to remap a chosen non-https repository url to the actual https url.

Create a file named backends_packagecloud in /etc/apt-cacher-ng that looks like:

https://packagecloud.io/julio/test_repo/ubuntu

Now, in apt-cacher-ng /etc/apt-cacher-ng/acng.conf we can specify a mapping like:

Remap-pcloud: http://fakedomain.example ; file:backends_pcloud

Finally, we can now configure all our clients to use http://fakedomain.example instead of https://packagecloud.io/julio/test_repo/ubuntu, and apt-cacher-ng will transparently proxy, and more importantly, cache, objects from https://packagecloud.io/julio/test_repo/ubuntu.

[Joulinar]

this might be an easier solution than adjusting dietpi-software every time you update DietPi scripts. Especially in combination with PassThroughPattern: ^(.*):443$ setting, your system will continue working even if a new source file was added. You would need to adjust mapping only in this case.

[dUCK]

this might be an easier solution than adjusting dietpi-software every time you update DietPi scripts. Especially in combination with PassThroughPattern: ^(.*):443$ setting, your system will continue working even if a new source file was added. You would need to adjust mapping only in this case.

The clients still require sources.list to be in HTTP format (apt-cacher-ng cannot understand HTTPS,) so it will have to be modified every time dietpi-sofware updates.

Although, it will allow me to utilize HTTPS after HTTP traffic hits the apt-cacher-ng proxy.