1APT-TRANSPORT-HTTP(1) APT APT-TRANSPORT-HTTP(1)
2
3
4
6 apt-transport-http - APT transport for downloading via the Hypertext
7 Transfer Protocol (HTTP)
8
10 This APT transport allows the use of repositories accessed via the
11 Hypertext Transfer Protocol (HTTP). It is available by default and
12 probably the most used of all transports. Note that a transport is
13 never called directly by a user but used by APT tools based on user
14 configuration.
15
16 HTTP is an unencrypted transport protocol meaning that the whole
17 communication with the remote server (or proxy) can be observed by a
18 sufficiently capable attacker commonly referred to as a "man in the
19 middle" (MITM). However, such an attacker can not modify the
20 communication to compromise the security of your system, as APT's data
21 security model is independent of the chosen transport method. This is
22 explained in detail in apt-secure(8). An overview of available
23 transport methods is given in sources.list(5).
24
26 Various options can be set in an apt.conf(5) file to modify its
27 behavior, ranging from proxy configuration to workarounds for specific
28 server limitations.
29
30 Proxy Configuration
31 The environment variable http_proxy is supported for system wide
32 configuration. Proxies specific to APT can be configured via the option
33 Acquire::http::Proxy. Proxies which should be used only for certain
34 hosts can be specified via Acquire::http::Proxy::host. Even more
35 fine-grained control can be achieved via proxy autodetection, detailed
36 further below. All these options use the URI format
37 scheme://[[user][:pass]@]host[:port]/. Supported URI schemes are
38 socks5h (SOCKS5 with remote DNS resolution), http and https.
39 Authentication details can be supplied via apt_auth.conf(5) instead of
40 including it in the URI directly.
41
42 The various APT configuration options support the special value DIRECT
43 meaning that no proxy should be used. The environment variable no_proxy
44 is also supported for the same purpose.
45
46 Furthermore, there are three settings provided for cache control with
47 HTTP/1.1 compliant proxy caches: Acquire::http::No-Cache tells the
48 proxy not to use its cached response under any circumstances.
49 Acquire::http::Max-Age sets the allowed maximum age (in seconds) of an
50 index file in the cache of the proxy. Acquire::http::No-Store
51 specifies that the proxy should not store the requested archive files
52 in its cache, which can be used to prevent the proxy from polluting its
53 cache with (big) .deb files.
54
55 Automatic Proxy Configuration
56 Acquire::http::Proxy-Auto-Detect can be used to specify an external
57 command to discover the HTTP proxy to use. The first and only parameter
58 is a URI denoting the host to be contacted, to allow for host-specific
59 configuration. APT expects the command to output the proxy on stdout as
60 a single line in the previously specified URI format or the word DIRECT
61 if no proxy should be used. No output indicates that the generic proxy
62 settings should be used.
63
64 Note that auto-detection will not be used for a host if a host-specific
65 proxy configuration is already set via Acquire::http::Proxy::host.
66
67 See the squid-deb-proxy-client(1) and auto-apt-proxy(1) packages for
68 example implementations.
69
70 This option takes precedence over the legacy option name
71 Acquire::http::ProxyAutoDetect.
72
73 Connection Configuration
74 The option Acquire::http::Timeout sets the timeout timer used by the
75 method; this value applies to the connection as well as the data
76 timeout.
77
78 The used bandwidth can be limited with Acquire::http::Dl-Limit which
79 accepts integer values in kilobytes per second. The default value is 0
80 which deactivates the limit and tries to use all available bandwidth.
81 Note that this option implicitly disables downloading from multiple
82 servers at the same time.
83
84 The setting Acquire::http::Pipeline-Depth can be used to enable HTTP
85 pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e.g. on
86 high-latency connections. It specifies how many requests are sent in a
87 pipeline. APT tries to detect and work around misbehaving webservers
88 and proxies at runtime, but if you know that yours does not conform to
89 the HTTP/1.1 specification, pipelining can be disabled by setting the
90 value to 0. It is enabled by default with the value 10.
91
92 Acquire::http::AllowRedirect controls whether APT will follow
93 redirects, which is enabled by default.
94
95 Acquire::http::User-Agent can be used to set a different User-Agent for
96 the http download method as some proxies allow access for clients only
97 if the client uses a known identifier.
98
99 Acquire::http::SendAccept is enabled by default and sends an Accept:
100 text/* header field to the server for requests without file extensions
101 to prevent the server from attempting content negotiation.
102
104 Acquire::http {
105 Proxy::example.org "DIRECT";
106 Proxy "socks5h://apt:pass@127.0.0.1:9050";
107 Proxy-Auto-Detect "/usr/local/bin/apt-http-proxy-auto-detect";
108 No-Cache "true";
109 Max-Age "3600";
110 No-Store "true";
111 Timeout "10";
112 Dl-Limit "42";
113 Pipeline-Depth "0";
114 AllowRedirect "false";
115 User-Agent "My APT-HTTP";
116 SendAccept "false";
117 };
118
120 apt.conf(5) apt_auth.conf(5) sources.list(5)
121
123 APT bug page[1]. If you wish to report a bug in APT, please see
124 /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.
125
127 APT team
128
130 1. APT bug page
131 http://bugs.debian.org/src:apt
132
133
134
135APT 2.3.11 04 April 2019 APT-TRANSPORT-HTTP(1)