Force APT/Software installation to use HTTP instead of HTTPS Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

Is there a setting to toggle utilizing HTTP instead of HTTPS for APT?

Everything added in /etc/apt/sources.list and /etc/apt/sources.list.d/* are HTTPS and I would like them to be HTTP so the APT caching proxy I use (apt-cacher-ng) will cache them.

As it stands right now if I install software from the menu, repositories are added as HTTPS.
User avatar
Joulinar
Posts: 3674
Joined: Sat Nov 16, 2019 12:49 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by Joulinar »

Hi,

many thanks for your message. Simply change all source files in /etc/apt/sources.list and /etc/apt/sources.list.d/* to HTTP. There is no tool or global setting to do this.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

Joulinar wrote: Wed Jan 06, 2021 10:34 am Hi,

many thanks for your message. Simply change all source files in /etc/apt/sources.list and /etc/apt/sources.list.d/* to HTTP. There is no tool or global setting to do this.
This isn't a solution when installing software through the dietpi-software menu because the scripts automatically overwrite any changes made.

For example, if I install something that adds the mono-xamarin.list file, it will be added as HTTPS and begin downloading, giving me no time to change the file.

If I install any other software that utilizes this repository, mono-xamarin.list will be overwritten attempting to install it.
User avatar
Joulinar
Posts: 3674
Joined: Sat Nov 16, 2019 12:49 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by Joulinar »

source files created by dietpi-software are hardcoded into the script
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

Joulinar wrote: Wed Jan 06, 2021 3:15 pm source files created by dietpi-software are hardcoded into the script
Thank you. Maybe I can write a script to parse this file and replace instaces of HTTPS with HTTP.
User avatar
Joulinar
Posts: 3674
Joined: Sat Nov 16, 2019 12:49 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by Joulinar »

dietpi-software will be replaced an each dietpi-update

Did you had a look to Debian Wiki? https://wiki.debian.org/AptCacherNg
Last point is talking about how to deal with https repositories and is providing a simple solution to tunnel HTTPS connections directly on the proxy
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

Joulinar wrote: Wed Jan 06, 2021 3:37 pm dietpi-software will be replaced an each dietpi-update

Did you had a look to Debian Wiki? https://wiki.debian.org/AptCacherNg
Last point is talking about how to deal with https repositories and is providing a simple solution to tunnel HTTPS connections directly on the proxy
Yes, but tunneling HTTPS does not allow files to be cached as HTTPS cannot be understood.
The downside is that HTTPS content is not cached.
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

HTTPS can be utilized, but HTTP must be defined prior in the sources.list.

https://blog.packagecloud.io/eng/2015/0 ... h-ssl-tls/
Caching objects

To cache packages and indexes retrieved via SSL/TLS repositories, we will have to configure apt-cacher-ng to remap a chosen non-https repository url to the actual https url.

Create a file named backends_packagecloud in /etc/apt-cacher-ng that looks like:

https://packagecloud.io/julio/test_repo/ubuntu

Now, in apt-cacher-ng /etc/apt-cacher-ng/acng.conf we can specify a mapping like:

Remap-pcloud: http://fakedomain.example ; file:backends_pcloud

Finally, we can now configure all our clients to use http://fakedomain.example instead of https://packagecloud.io/julio/test_repo/ubuntu, and apt-cacher-ng will transparently proxy, and more importantly, cache, objects from https://packagecloud.io/julio/test_repo/ubuntu.
User avatar
Joulinar
Posts: 3674
Joined: Sat Nov 16, 2019 12:49 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by Joulinar »

this might be an easier solution than adjusting dietpi-software every time you update DietPi scripts. Especially in combination with PassThroughPattern: ^(.*):443$ setting, your system will continue working even if a new source file was added. You would need to adjust mapping only in this case.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dUCK
Posts: 9
Joined: Wed Sep 12, 2018 6:25 am

Re: Force APT/Software installation to use HTTP instead of HTTPS

Post by dUCK »

Joulinar wrote: Wed Jan 06, 2021 4:00 pm this might be an easier solution than adjusting dietpi-software every time you update DietPi scripts. Especially in combination with PassThroughPattern: ^(.*):443$ setting, your system will continue working even if a new source file was added. You would need to adjust mapping only in this case.
The clients still require sources.list to be in HTTP format (apt-cacher-ng cannot understand HTTPS,) so it will have to be modified every time dietpi-sofware updates.

Although, it will allow me to utilize HTTPS after HTTP traffic hits the apt-cacher-ng proxy.
Post Reply