Apt Mirror for HomeLabs

July 12, 2022

Mirror, mirror, on the VM.

Having a local mirror in your homelab speeds up the update process when installing new OS's or generally updating. Most cloud providers have their own mirrors to speed up the process as well. Here is how you can make one for your lab.

A local mirrors download and serve updates to any VM or device that it has updates for. It is the equivalent of having a Windows WSUS server; all updates get downloaded by one device, and all others receive their updates from there. This is great for a lab that stays off the Internet, a security professional learning the faults and issues of the update process, a hobbyist looking to add to their homelab to keep building technical experience and more. This project is specifically covering Debian based system; I'm sure it is not too hard to replicate for the other major flavors.

Host Requirements

• Ubuntu VM (I used Ubuntu 22)
• 2 CPUs
• 2 GB RAM
• minimum recommended storage: 2 TB

Server Installation & Configuration

Install

Install apache and aptmirror together, as all the other systems will use http to get their updates (interestingly insecure!)

sudo apt update && sudo apt install apache2 apt-mirror -y

Mirror Configuration

Apt-mirror's configuration files sit in /etc/apt/mirror.list.

The important areas in the file are:

• set base path: This is the location where all the updates will be saved.
• set nthreads: How many threads will establish connections with the main mirrors
• deb These are all the regular locations where programs and updates come from
• deb-src: Optional source code of the same programs and updates

Adjust the base path to wherever you want to save your mirror to. The bottom section's length depends on what version of Debian or Ubuntu you wish to store. For example, if you wanted to store all the Ubuntu 18 updates and programs, you would add lines that instead of saying "artful" as it does in the example picture, you would have it say "focal."

Apache Configuration

Ideally, the location where your updates will be saved (the set base path variable from /etc/apt/mirror.list) must be readable by Apache. If you decided to save your updates at "/updates" for example, you would need to make a symbolic link in /var/www/html in order for them to be accessible by the clients.

sudo ln -s /updates /var/www/html/mirror

This way, your updates will be accessible to Apache and the clients. You can verify by using your browser and going to "http://_your_IP_address_/mirror" and see if it shows a folder.

If you run into issues with apt-mirror (such as missing cnf files), I suggest following the instructions from Stifler6996 in order to get a more up-to-date version of apt-mirror working locally.

Running Apt-Mirror

Enabling a cronjob to run apt-mirror to your liking will ensure you have the latest updates downloaded from all the repositories you chose. The more repositores you list in mirror.list, the more data will be downloaded.

Client Configuration

Configuring Debian based clients is as simply as running a Find and Replace function on /etc/apt/sources.list. You would simply replace all instances of "http://us.archive.ubuntu.com/ubuntu" with your apt mirror's IP address or DNS name and the folder where the updates are saved, such as "http://192.168.2.3/mirror/archive.ubuntu.com/ubuntu."