138 lines
6.8 KiB
XML
138 lines
6.8 KiB
XML
<?xml version="1.0" encoding="utf-8" standalone="no"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % aptent SYSTEM "apt.ent"> %aptent;
|
|
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment;
|
|
<!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor;
|
|
]>
|
|
|
|
<refentry>
|
|
|
|
<refentryinfo>
|
|
&apt-author.team;
|
|
&apt-email;
|
|
&apt-product;
|
|
<!-- The last update date -->
|
|
<date>2019-04-04T00:00:00Z</date>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>apt-transport-http</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
<refmiscinfo class="manual">APT</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<!-- Man page title -->
|
|
<refnamediv>
|
|
<refname>apt-transport-http</refname>
|
|
<refpurpose>APT transport for downloading via the Hypertext Transfer Protocol (HTTP)</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsect1><title>Description</title>
|
|
<para>This APT transport allows the use of repositories accessed via the
|
|
Hypertext Transfer Protocol (HTTP). It is available by default and probably the
|
|
most used of all transports. Note that a transport is never called directly by
|
|
a user but used by APT tools based on user configuration.</para>
|
|
<para>HTTP is an unencrypted transport protocol meaning that the
|
|
whole communication with the remote server (or proxy) can be observed by a
|
|
sufficiently capable attacker commonly referred to as a "man in the middle" (MITM).
|
|
However, such an attacker can <emphasis>not</emphasis> modify the communication to compromise
|
|
the security of your system, as APT's data security model is independent of the
|
|
chosen transport method. This is explained in detail in &apt-secure;. An overview of
|
|
available transport methods is given in &sources-list;.</para>
|
|
</refsect1>
|
|
|
|
<refsect1><title>Options</title>
|
|
<para>Various options can be set in an &apt-conf; file to modify its behavior,
|
|
ranging from proxy configuration to workarounds for specific
|
|
server limitations.</para>
|
|
|
|
<refsect2><title>Proxy Configuration</title>
|
|
<para>The environment variable <envar>http_proxy</envar> is supported for system wide configuration.
|
|
Proxies specific to APT can be configured via the option <literal>Acquire::http::Proxy</literal>.
|
|
Proxies which should be used only for certain hosts can be specified via
|
|
<literal>Acquire::http::Proxy::<replaceable>host</replaceable></literal>. Even more fine-grained control
|
|
can be achieved via proxy autodetection, detailed further below.
|
|
All these options use the URI format <literal><replaceable>scheme</replaceable>://[[<replaceable>user</replaceable>][:<replaceable>pass</replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/</literal>.
|
|
Supported URI schemes are <literal>socks5h</literal> (SOCKS5 with remote DNS resolution), <literal>http</literal> and <literal>https</literal>.
|
|
Authentication details can be supplied via &apt-authconf; instead of including it in the URI directly.</para>
|
|
<para>The various APT configuration options support the special value <literal>DIRECT</literal> meaning that
|
|
no proxy should be used. The environment variable <envar>no_proxy</envar> is also supported for the same purpose.</para>
|
|
<para>Furthermore, there are three settings provided for cache control with HTTP/1.1 compliant proxy caches:
|
|
<literal>Acquire::http::No-Cache</literal> tells the proxy not to use its
|
|
cached response under any circumstances.
|
|
<literal>Acquire::http::Max-Age</literal> sets the allowed maximum age (in
|
|
seconds) of an index file in the cache of the proxy.
|
|
<literal>Acquire::http::No-Store</literal> specifies that the proxy should not
|
|
store the requested archive files in its cache, which can be used to prevent
|
|
the proxy from polluting its cache with (big) .deb files.</para>
|
|
</refsect2>
|
|
|
|
<refsect2><title>Automatic Proxy Configuration</title>
|
|
<para><literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to
|
|
specify an external command to discover the HTTP proxy to use. The first
|
|
and only parameter is a URI denoting the host to be contacted, to allow
|
|
for host-specific configuration. APT expects the command to output the
|
|
proxy on stdout as a single line in the previously specified URI format
|
|
or the word <literal>DIRECT</literal> if no proxy should be used. No output
|
|
indicates that the generic proxy settings should be used.</para>
|
|
<para>Note that auto-detection will not be used for a host if a host-specific proxy
|
|
configuration is already set via <literal>Acquire::http::Proxy::<replaceable>host</replaceable></literal>.</para>
|
|
<para>See the &squid-deb-proxy-client; and &auto-apt-proxy; packages for example implementations.</para>
|
|
<para>This option takes precedence over the legacy option name <literal>Acquire::http::ProxyAutoDetect</literal>.</para>
|
|
</refsect2>
|
|
|
|
<refsect2><title>Connection Configuration</title>
|
|
<para>The option <literal>Acquire::http::Timeout</literal> sets the timeout timer used by the method;
|
|
this value applies to the connection as well as the data timeout.</para>
|
|
<para>The used bandwidth can be limited with
|
|
<literal>Acquire::http::Dl-Limit</literal> which accepts integer values in
|
|
kilobytes per second. The default value is 0 which deactivates the limit and
|
|
tries to use all available bandwidth. Note that this option implicitly
|
|
disables downloading from multiple servers at the same time.</para>
|
|
<para>The setting <literal>Acquire::http::Pipeline-Depth</literal> can be used to
|
|
enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e.g. on
|
|
high-latency connections. It specifies how many requests are sent in a pipeline.
|
|
APT tries to detect and work around misbehaving webservers and proxies at runtime, but
|
|
if you know that yours does not conform to the HTTP/1.1 specification, pipelining can
|
|
be disabled by setting the value to 0. It is enabled by default with the value 10.</para>
|
|
<para><literal>Acquire::http::AllowRedirect</literal> controls whether APT will follow
|
|
redirects, which is enabled by default.</para>
|
|
<para><literal>Acquire::http::User-Agent</literal> can be used to set a different
|
|
User-Agent for the http download method as some proxies allow access for clients
|
|
only if the client uses a known identifier.</para>
|
|
<para><literal>Acquire::http::SendAccept</literal> is enabled by default and
|
|
sends an <literal>Accept: text/*</literal> header field to the server for
|
|
requests without file extensions to prevent the server from attempting content
|
|
negotiation.</para>
|
|
</refsect2>
|
|
</refsect1>
|
|
|
|
<refsect1><title>Examples</title>
|
|
<literallayout>
|
|
Acquire::http {
|
|
Proxy::example.org "DIRECT";
|
|
Proxy "socks5h://apt:pass@127.0.0.1:9050";
|
|
Proxy-Auto-Detect "/usr/local/bin/apt-http-proxy-auto-detect";
|
|
No-Cache "true";
|
|
Max-Age "3600";
|
|
No-Store "true";
|
|
Timeout "10";
|
|
Dl-Limit "42";
|
|
Pipeline-Depth "0";
|
|
AllowRedirect "false";
|
|
User-Agent "My APT-HTTP";
|
|
SendAccept "false";
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>&apt-conf; &apt-authconf; &sources-list;
|
|
</para>
|
|
</refsect1>
|
|
|
|
&manbugs;
|
|
|
|
</refentry>
|