Control: retitle -1 apt-cacher-ng: deal/document https proxy handling Control: reassign -1 apt-cacher-ng Control: severity -1 wishlist
Hi, On Wed, Feb 25, 2015 at 08:13:19AM +0100, Harald Dunkel wrote: > My /etc/apt/apt.conf.d/proxy.conf says > > Acquire::http::Proxy "http://debian-proxy:3142/";; > > debian-proxy is a local host running apt-cacher-ng. > > Problem: On apt-get update I get > > Err https://get.docker.com docker/main amd64 Packages > Received HTTP code 403 from proxy after CONNECT > > If I drop the proxy redirection, then it works. apt.conf (5) documents this fallback in Acquire Group → https: | The Cache-control, Timeout, AllowRedirect, Dl-Limit and proxy options | work for HTTPS URIs in the same way as for the http method, and default | to the same values if they are not explicitly set. The section above this one is detailing http configuration and mentions the "DIRECT" keyword which is the solution to your problem here: + Acquire::https::Proxy "DIRECT"; (there are other solutions like proxy auto-detection if you want more) > Since there is no "https" in the Acquire line, shouldn't the > proxy be omitted for https traffic automagically? The fallback is in place as a proxy tends to be the only connection to the outside world. While a http proxy can't do its usual work on a https connection, it is still responsible for the connection to the outside, so these types of proxies accept https traffic and pass it through. Might not be the worst idea to implement something like it in apt-cacher-ng and/or hinting at the DIRECT config in its configuration, hence reassigning to them to decide on further actions. Best regards David Kalnischkies
signature.asc
Description: Digital signature
