moby: https://get.docker.io/ubuntu breaks apt-cacher
Following #7422
Since the recent switch from http
to https
, it broke any setup relying on apt-cacher-ng
.
Your get HTTP code 403 from proxy after CONNECT
when performing an apt update.
In my case, with ansible, it breaks any further apt
commands.
Removing the apt-cacher is not an option (orchestrating hundreds of machines).
About this issue
- Original URL
- State: closed
- Created 10 years ago
- Comments: 22 (13 by maintainers)
@lancehudson - Ah yes, you’re correct. I am not sure why I didn’t even think about that.
So there are four possibly solutions. These must be done per server as there isn’t anything that can be done to fix it Docker side as there isn’t anything wrong:
Add a PassThroughPattern to your acng.conf (thanks @mandoonandy):
Disable your apt proxy for HTTPS:
Configure apt to bypass the proxy just for get.docker.com (works for get.docker.io too but it is probably a good idea to update to .com anyway…):
Change your /etc/apt/sources.list.d/docker.list to use http instead of https:
Or even better. Follow the notes in the apt-cacher-ng config file that show how SSL can be passed through.
In your apt-cacher-ng config file (acng.conf) add the following line:
PassThroughPattern: get\.docker\.com
I have also had the same issue. For anyone not aware, if you are using
Acquire::http::Proxy
to set yourapt-cacher-ng
proxy, you can bypass the apt proxy setting by adding a line in/etc/apt/apt.conf
or/etc/apt/apt.conf.d/<your-config-file>
(whichever you prefer) on a per-machine basis:Acquire::HTTP::Proxy::get.docker.com "DIRECT";
or if you useget.docker.io
:Acquire::HTTP::Proxy::get.docker.io "DIRECT";
I’ve attempted to configure a direct proxy connection from the apt-cacher-ng configuration on my caching server so that it does not have to be defined per server but I haven’t been successful yet/haven’t spent much time trying.