Package Proxy Cache
If you want to install the same Arch packages over and over - like for testing AIF profiles - it could help if you would not have to get the packages every time from the internet. This article shows you how to setup a Squid proxy that only caches arch packages and can be used with aif/pacman/wget/etc with minimal configuration on the client system.
Install Squid
Install squid.
Configure Squid
This is the minimum configuration to get squid cache arch packages.
Cache Rules
Before defining these rules, remove/comment (if you do not need them) all the default refresh_patterns
/etc/squid/squid.conf
refresh_pattern \.pkg\.tar\. 0 20% 4320 reload-into-ims refresh_pattern . 0 0% 0
That should define that *.pkg.tar.* gets cached, and anything else should not.
Maximum Filesize
Objects larger than this size will NOT be saved on disk:
/etc/squid/squid.conf
maximum_object_size 256 MB
Cache Directory
Set the cache dir and its maximum size and subdirs:
/etc/squid/squid.conf
cache_dir aufs /var/cache/squid 10000 16 256
Shutdown Lifetime
Time to wait until all active client sockets are closed:
/etc/squid/squid.conf
shutdown_lifetime 1 seconds
Every time you change the cache_dir path (and after fresh install), you need to (re)create this directory:
# squid -z
and it could be helpful to check the configuration file before running squid:
# squid -k parse
Start Squid
Just start squid.service
or if squid is already running restart it.
It could be helpful to check the configuration file before running:
# squid -k check
Follow Squid access log
To see the access to squid:
# tail -f /var/log/squid/access.log
You should see this for packages that are directed to original host:
...TCP_MISS/200...DIRECT...
and for packages that are delivered from the cache:
...TCP_HIT/200...NONE...
Manual Arch Install
Before running /arch/setup, add variables for your proxy. To do so, run on the console:
# export http_proxy='http://your_squid_machine_ip:3128/' # export ftp_proxy='ftp://your_squid_machine_ip:3128/'
Now just use /arch/setup to normally install the system, and it should use your proxy. Watch the squid logs to verify this.
Intercepting local requests
If you want all HTTP requests on local machine automagically go through squid, we first need to add an intercepting port for squid:
/etc/squid/squid.conf
http_port 3127 intercept
and iptables rules to redirect all (except the ones from squid) port 80 requests to squid:
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT # iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3127
virtio
network device type.