Package Proxy Cache
If you want to install the same Arch packages over and over - like for testing AIF profiles - it could help if you wouldn't have to get the packages every time from the internet. This article shows you how to setup a Squid proxy that only caches arch packages and can be used with aif/pacman/wget/etc with minimal configuration on the client system.
This is the minimum configuration to get squid cache arch packages.
Before defining these rules, remove/comment (if you do not need them) all the default refresh_patterns
refresh_pattern \.pkg\.tar\. 0 20% 4320 reload-into-ims refresh_pattern . 0 0% 0
That should define that *.pkg.tar.* gets cached, and anything else should not.
Objects larger than this size will NOT be saved on disk:
maximum_object_size 256 MB
Set the cache dir and its maximum size and subdirs:
cache_dir aufs /var/cache/squid 10000 16 256
Time to wait until all active client sockets are closed:
shutdown_lifetime 1 seconds
Every time you change the cache_dir path (and after fresh install), you need to (re)create this directory:
# squid -z
and it could be helpful to check the config file before running squid:
# squid -k parse
# systemctl start squid.service
or if squid is already running:
# systemctl restart squid.service
It could be helpful to check the config file before running:
# squid -k check
Follow Squid access log
To see the access to squid:
# tail -f /var/log/squid/access.log
You should see this for packages that are directed to original host:
and for packages that are delivered from the cache:
Manual Arch Install
Before running /arch/setup, add variables for your proxy. To do so, run on the console:
# export http_proxy='http://your_squid_machine_ip:3128/' # export ftp_proxy='ftp://your_squid_machine_ip:3128/'
Now just use /arch/setup to normally install the system, and it should use your proxy. Watch the squid logs to verify this.
Intercepting local requests
If you want all HTTP requests on local machine automagically go through squid, we first need to add an intercepting port for squid:
http_port 3127 intercept
and iptables rules to redirect all (except the ones from squid) port 80 requests to squid:
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT # iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3127
virtionetwork device type.