Build and Run Apt-Cacher-NG Proxy in a Docker Container

Speed up Your Network With This Caching Server

Post cover image displaying the Docker and Apt-Cacher-NG logos
Contain It!

Apt-Cacher-NG is a write-through caching proxy that caches apt repositories metadata and packages for other hosts connected to it, the proxy is mostly used on the same network of the hosts to speed things up.

In this post, we will be building the Docker image and running the apt-cacher-ng server along with configuring the clients to use it as their apt caching proxy.

You can find the source code at the end of the post.

Table of contents


Do We Need a Proxy?

The main use case is having multiple machines running systems that use apt as their package manager, where you want to speed up the process of updating and upgrading metadata and packages.

Why Use It Inside a Docker Container?

Mainly for the idea of isolating the host from the apps running on it and the ease of management of those apps, Docker fits perfectly for this.

Setup Dockerfile

In order to run the proxy in a Docker container, we need first to create a Dockerfile for it.

Let's start by creating a directory for the Docker file:

mkdir custom-apt-cacher-ng

Get into the directory and create the file:

cd custom-apt-cacher-ng && touch Dockerfile

Paste the following content into it:

FROM ubuntu:21.04

# Expose the cache directory for volume binding
VOLUME ["/var/cache/apt-cacher-ng"]

# Update apt-get cache
RUN apt-get update -y && \
        # Install apt-cacher-ng package
        apt-get install apt-cacher-ng -y && \
        # Clean up
        rm -rf /var/lib/apt/lists/*

# Expose the apt-cacher-ng port to be binded

# Set cache directory permissions
CMD chmod 777 /var/cache/apt-cacher-ng && \
        # Append PassThroughPattern config for SSL/TLS proxying (optional)
        echo "PassThroughPattern: .*" >> /etc/apt-cacher-ng/acng.conf && \
        # Start the service
        /etc/init.d/apt-cacher-ng start && \
        # Output all logs of apt-cacher-ng
        tail -f /var/log/apt-cacher-ng/*

Dockerfile Breakdown

Let's explain this Dockerfile, we see that we are based on a stable version of Ubuntu with version 21.04 and, exposing the caching directory to be used for persistence, and running the main command which is installing the apt-cacher-ng package itself, then exposing the port the package uses, and finally, we are setting up permissions and appending the PassThroughPattern (we will get to this below) before starting the service.

What is PassThroughPattern?

This config allows us to proxy/tunnel everything including the secured repositories via SSL/TLS throw the apt-cacher-ng server, keep in mind that it will not cache the secured ones since the traffic is encrypted.

Setup Docker Compose file

Let's set up the Docker Compose file, now this is an optional part but it's very recommended.

Create the file in the same root directory:

touch docker-compose.yml

Paste the following content into it:

version: "3"

    build: .
    image: custom-apt-cacher-ng
    container_name: apt-cacher-ng
    restart: unless-stopped
      # To connect to apt-cacher-ng from outside of local host, change to or whatever interface you want
      - ./cache:/var/cache/apt-cacher-ng

This Docker Compose file will expose the 3142 port (feel free to change it to whatever you want) and bind the local directory cache in the host for the apt-cacher-ng caching directory.

Start and Verification

We can start the proxy in two ways, Docker or Docker Compose, we will cover both of them below.

The Docker way

Build the proxy image:

docker build -t custom-apt-cacher-ng .

Run an instance of that image in detached mode:

docker run -d -p --name apt-cacher-ng custom-apt-cacher-ng

Now the container should be running, to verify run:

docker ps -a | grep "custom-apt-cacher-ng"

Build the proxy image:

docker-compose build

Run the service using:

docker-compose up -d

You can verify that the container is up using the same command as above.

We are done setting up the proxy, the next step will be setting up the clients to use the cache proxy.

Clients Setup

We can use the host where the server lives as a client for the proxy too, and that's what we will be doing here as a first step.

Create an apt proxy file:

sudo touch /etc/apt/apt.conf.d/01proxy

Paste the following in the proxy file

Acquire::http { Proxy "http://SERVER_IP:3142"; };

Make sure to change the SERVER_IP before saving (It will be localhost or in this client setup).

Now before we start installing packages with the proxy we need to reset the apt lists and cache.

Execute the following commands each at a time:

sudo apt-get clean
cd /var/lib/apt
sudo mv lists lists.bak # or delete it, preferred to keep a backup
sudo mkdir -p lists/partial
sudo apt-get clean
sudo apt-get update

That's it, we are done setting up the server and the client for the proxying process.

Setup Verification

Let's verify that the setup is working via a simple sudo apt-get update, then head to http://localhost:3142/acng-report.html and we should see some content being downloaded and cached for the next requests.


We just set up the apt proxy using either Docker or Docker Compose with ease, and we tested the setup using the local host.

GitHub - razinj/docker-custom-apt-cacher-ng: Docker image for apt-cacher-ng that allows SSL/TLS proxying along with exposing the cache volume
Docker image for apt-cacher-ng that allows SSL/TLS proxying along with exposing the cache volume - GitHub - razinj/docker-custom-apt-cacher-ng: Docker image for apt-cacher-ng that allows SSL/TLS pr...
Source Code

As always, I hope you learned something.

Found this useful? feel free to share it with your friends.

Join the newsletter from to notify you of new posts and updates.

Like the post? consider buying us a coffee ❤️.