通过 apt-cacher-ng 从 elastic.co 获取 debian 软件包

通过 apt-cacher-ng 从 elastic.co 获取 debian 软件包

我正在尝试使用 apt-cacher-ng 来获取 elasticsearch、kibana 和logstash 的包,但没有成功。该缓存服务器不应充当通用代理,因此PassThroughPattern: .*对我来说这听起来不是一个好主意。

我尝试在中执行重写规则/etc/apt-cacher-ng/acng.conf(注意从 http 重写为 https)

Remap-elastic: http://artifacts.elastic.co ; https://artifacts.elastic.co

在客户端上,我在`/etc/apt/apt.conf.d/02proxy中有以下行

Acquire::http::Proxy "http://192.168.140.18:3142";

/etc/apt/sources.list.d/elastic-7.x.list我有

deb http://artifacts.elastic.co/packages/7.x/apt stable main

apt update当我在客户端执行结果时

Err:4 http://artifacts.elastic.co/packages/7.x/apt stable InRelease
  Connection failed [IP: 192.168.140.18 3142]
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease  Connection failed [IP: 192.168.140.18 3142]
W: Some index files failed to download. They have been ignored, or old ones used instead.

在服务器上,调试选项设置为 7,详细程度设置为 2,我进入/var/log/apt-cacher-ng/apt-cacher.err

Thu Jul  1 12:22:44 2021|Returning to last state, 6
Thu Jul  1 12:23:10 2021|fileitem::DoDelayedUnregAndCheck, nextRunTime now: 1625134998
Thu Jul  1 12:23:13 2021|Detected incoming connection from the TCP socket
Thu Jul  1 12:23:13 2021|Client name: 192.168.140.5
Thu Jul  1 12:23:13 2021|Decoded request URI: http://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease
Thu Jul  1 12:23:13 2021|Processing new job, GET http://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease HTTP/1.1
Thu Jul  1 12:23:15 2021|Outgoing connection for Connection timed outartifacts.elastic.co, Port: 443
Thu Jul  1 12:23:15 2021|Outgoing connection for Network is unreachableartifacts.elastic.co, Port: 443
Thu Jul  1 12:23:16 2021|tcpconnect::ExpireCache, nextRunTime now: 1625135005
Thu Jul  1 12:23:18 2021|fileitem::DoDelayedUnregAndCheck, nextRunTime now: 9223372036854775805
Thu Jul  1 12:23:25 2021|tcpconnect::ExpireCache, nextRunTime now: 9223372036854775805
Thu Jul  1 12:23:45 2021|Outgoing connection for Connection timed outartifacts.elastic.co, Port: 443
Thu Jul  1 12:23:45 2021|Outgoing connection for Network is unreachableartifacts.elastic.co, Port: 443

所以我尝试了 apt-cacher-ng 的作者喜欢的方法,这次我没有在服务器上对 elastic.co 进行任何特定的重写,而是在客户端的文件中进行/etc/apt/sources.list.d/elastic-7.x.list重写

deb http://192.168.140.18:3142/HTTPS///artifacts.elastic.co/packages/7.x/apt stable main

apt update在客户端执行结果

Err:4 http://192.168.140.18:3142/HTTPS///artifacts.elastic.co/packages/7.x/apt stable InRelease
  Connection failed [IP: 192.168.140.18 3142]
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://192.168.140.18:3142/HTTPS///artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease  Connection failed [IP: 192.168.140.18 3142]
W: Some index files failed to download. They have been ignored, or old ones used instead.

在服务器上,/var/log/apt-cacher-ng/apt-cacher.err调试选项设置为 7,详细程度设置为 2,我得到

Thu Jul  1 11:40:39 2021|Returning to last state, 6
Thu Jul  1 11:40:39 2021|Decoded request URI: /HTTPS///artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease
Thu Jul  1 11:40:39 2021|Processing new job, GET /HTTPS///artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease HTTP/1.1
Thu Jul  1 11:41:09 2021|Detected incoming connection from the TCP socket
Thu Jul  1 11:41:09 2021|Client name: 192.168.140.5
Thu Jul  1 11:41:09 2021|Decoded request URI: /HTTPS///artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease
Thu Jul  1 11:41:09 2021|Processing new job, GET /HTTPS///artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease HTTP/1.1
Thu Jul  1 11:41:10 2021|Outgoing connection for Connection timed outartifacts.elastic.co, Port: 443
Thu Jul  1 11:41:10 2021|Outgoing connection for Network is unreachableartifacts.elastic.co, Port: 443
Thu Jul  1 11:41:40 2021|Outgoing connection for Connection timed outartifacts.elastic.co, Port: 443
Thu Jul  1 11:41:40 2021|Outgoing connection for Network is unreachableartifacts.elastic.co, Port: 443

除了 Debug 和 Verbosity 之外,acng.conf文件中的所有其他选项都为默认设置,并且它对于像 debian 这样的普通存储库运行良好,但我无法让它适用于 elastic 或 proxmox。

欢迎所有想法。

答案1

这对我来说太愚蠢了。

我尝试通过命令行从 elastic.co 服务器下载 InRelease 文件(我应该从这里开始),但发现它被阻止了。

查看 Proxmox 级别的防火墙规则,你会发现,端口 443 是不允许的(默认规则是阻止)。允许端口 443 上的传出流量,然后我尝试的第一个版本工作正常。

如果不是 DNS,那就是防火​​墙吧?

相关内容