BLUF: What do I need to do to make this work?
I'm trying to use a jail to act as a proxy for pkg.freebsd.org so that all jails on my network pull their updates from that jail and it is the only jail that has direct access to the internet.
I have a basic reverse proxy set up with
When testing it by trying to make one of my jails update through it, it fails with the following error:
The config being used is as follows:
I've tried using http and none mirror types with removing the pkg+ part from the url, but nothing is successful.
My reverse proxy configuration is as follows:
Curling the proxy jail from a lan host:
And just to see that it can reach deeper:
I'm trying to use a jail to act as a proxy for pkg.freebsd.org so that all jails on my network pull their updates from that jail and it is the only jail that has direct access to the internet.
I have a basic reverse proxy set up with
apache24
, and it seems to be working fine at least for serving the pkg.freebsd.org page - when I curl the jail's IP from another host, it returns exactly what I see when curling pkg.freebsd.org itself. I assume it must be that it needs more than a basic reverse proxy to fully work here, but I can't figure out what.When testing it by trying to make one of my jails update through it, it fails with the following error:
Code:
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
pkg: No SRV record found for the repo 'FreeBSD'
pkg: An error occured while fetching package
pkg: packagesite URL error for pkg+http://172.18.100.133/FreeBSD:14:amd64/quarterly/meta.txz -- pkg+:// implies SRV mirror type
repository FreeBSD has no meta file, using default settings
pkg: packagesite URL error for pkg+http://172.18.100.133/FreeBSD:14:amd64/quarterly/data.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+http://172.18.100.133/FreeBSD:14:amd64/quarterly/data.txz -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+http://172.18.100.133/FreeBSD:14:amd64/quarterly/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+http://172.18.100.133/FreeBSD:14:amd64/quarterly/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository FreeBSD
Error updating repositories!
The config being used is as follows:
Code:
FreeBSD: {
url: "pkg+http://172.18.100.133/${ABI}/quarterly",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
I've tried using http and none mirror types with removing the pkg+ part from the url, but nothing is successful.
My reverse proxy configuration is as follows:
Code:
<VirtualHost *:80>
ServerName 172.18.100.133
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://pkg.freebsd.org/
ProxyPassReverse / http://pkg.freebsd.org/
</VirtualHost>
Curling the proxy jail from a lan host:
Code:
[user@workstation]$ curl 172.18.100.133
<!DOCTYPE html lang="en">
<html>
<head>
<title>pkg0.nyi.FreeBSD.org</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<h1>FreeBSD.org pkg mirror</h1>
<p>This is <a href="http://pkg0.nyi.freebsd.org">pkg0.nyi.FreeBSD.org</a> - an east coast US regional mirror for pkg(8).</p>
<p>It is generously hosted by <a href="https://365datacenters.com/">365 Data Centers</a> in New Jersey, USA.</p>
<p>We use MaxMind GeoLite based geo-dns to choose a close mirror for you.</p>
<p><b>IMPORTANT: We do <u>NOT</u> guarantee uptime of any particular mirror.</b> We provide SRV fallbacks for redundancy.</p>
<p>This server's package sets:</p>
<ul>
<li><a href="FreeBSD%3A13%3Ai386">FreeBSD:13:i386</a>
<li><a href="FreeBSD%3A13%3Aamd64">FreeBSD:13:amd64</a>
<li><a href="FreeBSD%3A13%3Aaarch64">FreeBSD:13:aarch64</a>
<li><a href="FreeBSD%3A14%3Ai386">FreeBSD:14:i386</a>
<li><a href="FreeBSD%3A14%3Aamd64">FreeBSD:14:amd64</a>
<li><a href="FreeBSD%3A14%3Aaarch64">FreeBSD:14:aarch64</a>
<li><a href="FreeBSD%3A15%3Aamd64">FreeBSD:15:amd64</a>
<li><a href="FreeBSD%3A15%3Aaarch64">FreeBSD:15:aarch64</a>
</ul>
<p>Tier-2 support package sets:</p>
<ul>
<li><a href="FreeBSD%3A13%3Aarmv6">FreeBSD:13:armv6</a>
<li><a href="FreeBSD%3A13%3Aarmv7">FreeBSD:13:armv7</a>
<li><a href="FreeBSD%3A13%3Apowerpc">FreeBSD:13:powerpc</a> (only quarterly is updated)
<li><a href="FreeBSD%3A13%3Apowerpc64">FreeBSD:13:powerpc64</a> (only quarterly is updated)
<li><a href="FreeBSD%3A13%3Apowerpc64le">FreeBSD:13:powerpc64le</a> (only quarterly is updated)
<li><a href="FreeBSD%3A14%3Aarmv6">FreeBSD:14:armv6</a>
<li><a href="FreeBSD%3A14%3Aarmv7">FreeBSD:14:armv7</a>
<li><a href="FreeBSD%3A14%3Apowerpc">FreeBSD:14:powerpc</a> (only quarterly is updated)
<li><a href="FreeBSD%3A14%3Apowerpc64">FreeBSD:14:powerpc64</a> (only quarterly is updated)
<li><a href="FreeBSD%3A14%3Apowerpc64le">FreeBSD:14:powerpc64le</a> (only quarterly is updated)
<li><a href="FreeBSD%3A15%3Aarmv7">FreeBSD:15:armv7</a>
<li><a href="FreeBSD%3A15%3Apowerpc">FreeBSD:15:powerpc</a>
<li><a href="FreeBSD%3A15%3Apowerpc64">FreeBSD:15:powerpc64</a>
<li><a href="FreeBSD%3A15%3Apowerpc64le">FreeBSD:15:powerpc64le</a>
</ul>
<p>Other mirrors:</p>
<ul>
<li><a href="http://pkg0.bbt.freebsd.org/">pkg0.bbt.freebsd.org</a>
<li><a href="http://pkg0.bra.freebsd.org/">pkg0.bra.freebsd.org</a>
<li><a href="http://pkg0.chi.freebsd.org/">pkg0.chi.freebsd.org</a>
<li><a href="http://pkg0.fmt.freebsd.org/">pkg0.fmt.freebsd.org</a>
<li><a href="http://pkg0.fra.freebsd.org/">pkg0.fra.freebsd.org</a>
<li><a href="http://pkg0.jinx.freebsd.org/">pkg0.jinx.freebsd.org</a>
<li><a href="http://pkg0.kul.freebsd.org/">pkg0.kul.freebsd.org</a>
<li><a href="http://pkg0.kwc.freebsd.org/">pkg0.kwc.freebsd.org</a>
<li><a href="http://pkg0.sjb.freebsd.org/">pkg0.sjb.freebsd.org</a>
<li><a href="http://pkg0.syd.freebsd.org/">pkg0.syd.freebsd.org</a>
<li><a href="http://pkg0.tuk.freebsd.org/">pkg0.tuk.freebsd.org</a>
<li><a href="http://pkg0.twn.freebsd.org/">pkg0.twn.freebsd.org</a>
</ul>
<p><a href="https://www.FreeBSD.org/">FreeBSD.org home</a></p>
</body></html>
And just to see that it can reach deeper:
Code:
[user@workstation ]$ wget http://172.18.100.133/FreeBSD:14:amd64/quarterly/data.txz
--2024-05-11 16:51:00-- http://172.18.100.133/FreeBSD:14:amd64/quarterly/data.txz
Connecting to 172.18.100.133:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7272160 (6.9M) [application/octet-stream]
Saving to: ‘data.txz’
data.txz 100%[================================================================================================================>] 6.93M 10.6MB/s in 0.7s
2024-05-11 16:51:01 (10.6 MB/s) - ‘data.txz’ saved [7272160/7272160]