Tools

Tools: Speed Up Linux Updates Across Your Homelab with apt-cacher-ng (Practical Guide)

2026-03-13 0 views admin
Tools: Speed Up Linux Updates Across Your Homelab with apt-cacher-ng (Practical Guide)

Why this works (and where it doesn’t)

1) Install apt-cacher-ng on one Linux host

2) Point Debian/Ubuntu clients at the cache

3) HTTPS repositories: choose your behavior explicitly

4) Validate cache effectiveness (don’t guess)

Client A (cold run)

Client B (warm run)

5) Safe maintenance

Expire stale cache objects

Basic service checks

Keep the server itself patched

Operational notes that matter

Conclusion

References If you update multiple Debian/Ubuntu machines, you’re probably downloading the same .deb files repeatedly. That wastes bandwidth, slows patching windows, and makes offline-ish maintenance harder than it needs to be. A better pattern is a local APT cache server with apt-cacher-ng: This post gives you a complete setup you can actually run. apt-cacher-ng acts like a proxy/cache for APT repositories. So in real deployments, gains depend on your repo mix and transport path. Choose a host reachable by your clients (for example 192.168.1.50). Default listen port is 3142. If you run a firewall: Quick health check from another machine: You should get an HTTP response (often 200 or 403 depending on endpoint/path). On each client, create /etc/apt/apt.conf.d/99proxy: If you need to disable quickly on one host: If your clients use HTTPS repository URLs, a widely used option is CONNECT pass-through on the cache host. Edit /etc/apt-cacher-ng/acng.conf: Important: with pass-through, HTTPS content is typically tunneled and not cached. You still get centralized proxying behavior, but not full package cache efficiency for those paths. Run updates on two clients back-to-back and compare behavior. Now inspect apt-cacher-ng stats on the cache host: You should see hit/miss and transfer counters move after repeated installs. apt-cacher-ng provides an admin/report endpoint for expiration tasks. If cache growth is uncontrolled, run expiration from the report UI or scripted maintenance as documented upstream. If you manage more than a couple of Debian/Ubuntu nodes, apt-cacher-ng is a low-complexity win: Start with one cache host, two clients, and verify hit rates before rolling wider. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable --now -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status --no-pager -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable --now -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status --no-pager -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable --now -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">status --no-pager -weight: 500;">apt-cacher-ng # UFW example -weight: 600;">sudo ufw allow from 192.168.1.0/24 to any port 3142 proto tcp # UFW example -weight: 600;">sudo ufw allow from 192.168.1.0/24 to any port 3142 proto tcp # UFW example -weight: 600;">sudo ufw allow from 192.168.1.0/24 to any port 3142 proto tcp -weight: 500;">curl -I http://192.168.1.50:3142/ -weight: 500;">curl -I http://192.168.1.50:3142/ -weight: 500;">curl -I http://192.168.1.50:3142/ -weight: 600;">sudo tee /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy >/dev/null <<'EOF' Acquire::http::Proxy "http://192.168.1.50:3142"; EOF -weight: 600;">sudo tee /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy >/dev/null <<'EOF' Acquire::http::Proxy "http://192.168.1.50:3142"; EOF -weight: 600;">sudo tee /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy >/dev/null <<'EOF' Acquire::http::Proxy "http://192.168.1.50:3142"; EOF -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo rm -f /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo rm -f /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo rm -f /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/99proxy -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update # Allow CONNECT passthrough to TLS port PassThroughPattern: ^(.*):443$ # Allow CONNECT passthrough to TLS port PassThroughPattern: ^(.*):443$ # Allow CONNECT passthrough to TLS port PassThroughPattern: ^(.*):443$ -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">restart -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 600;">sudo -weight: 500;">apt clean -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y -weight: 500;">curl jq -weight: 500;">curl -s http://127.0.0.1:3142/acng-report.html | grep -Ei 'Hits|Misses|Data' -weight: 500;">curl -s http://127.0.0.1:3142/acng-report.html | grep -Ei 'Hits|Misses|Data' -weight: 500;">curl -s http://127.0.0.1:3142/acng-report.html | grep -Ei 'Hits|Misses|Data' -weight: 600;">sudo journalctl -u -weight: 500;">apt-cacher-ng -n 100 --no-pager -weight: 600;">sudo -weight: 500;">systemctl is-active -weight: 500;">apt-cacher-ng -weight: 600;">sudo journalctl -u -weight: 500;">apt-cacher-ng -n 100 --no-pager -weight: 600;">sudo -weight: 500;">systemctl is-active -weight: 500;">apt-cacher-ng -weight: 600;">sudo journalctl -u -weight: 500;">apt-cacher-ng -n 100 --no-pager -weight: 600;">sudo -weight: 500;">systemctl is-active -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install --only--weight: 500;">upgrade -y -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install --only--weight: 500;">upgrade -y -weight: 500;">apt-cacher-ng -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install --only--weight: 500;">upgrade -y -weight: 500;">apt-cacher-ng - first machine downloads packages from upstream - the cache keeps those package files locally - next machines reuse cached packages over LAN - Package payloads over HTTP can be cached and reused. - For HTTPS repos, a common approach is CONNECT pass-through. That keeps transport encrypted but generally does not cache HTTPS payloads in that mode. - Put the cache on wired LAN if possible; Wi-Fi bottlenecks can erase gains. - Keep proxy config explicit in /etc/-weight: 500;">apt/-weight: 500;">apt.conf.d/ so rollback is one file delete. - For laptops moving between trusted/untrusted networks, avoid blind auto-discovery unless you trust that network. - Treat this as an optimization layer, not a trust bypass. APT signature verification still matters. - less repeated bandwidth - faster repeated installs/updates - better control over patch windows - Debian Wiki — AptCacherNg: https://wiki.debian.org/AptCacherNg - Apt-Cacher NG User Manual (official): https://www.unix-ag.uni-kl.de/~bloch/acng/html/index.html - -weight: 500;">apt.conf(5) Debian manpage: https://manpages.debian.org/bookworm/-weight: 500;">apt/-weight: 500;">apt.conf.5.en.html

🏷️ Tags

toolsutilitiessecurity toolsspeedlinuxupdatesacrosshomelabcacherpractical

More from Tools

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

2026-03-30 0
Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

2026-03-30 0
Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

2026-03-30 0
Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

2026-03-30 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views