Issues with tinyproxy and external apt-cacher-ng

I’m running an external apt-cacher-ng instance to cache packages on my network, however it seems there’s an issue with tinyproxy Upstream option and the HTTPS/// rewrite on apt-cacher-ng.

Flow is as follow
Fedora 38 Template <-> Tinyproxy (On sys-net) <-> Apt-Cacher-NG (On another PC)

Fedora 38 /etc/yum.repos.d/fedora.repo

Adjusted:

metalink=http://HTTPS///mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch&protocol=http

Tinyproxy /etc/tinyproxy/tinyproxy-updates.conf

Added:

Upstream $apt-cacher-ng-ip:port

However, requests are arriving at apt-cacher-ng as:

1686930988|E|647|$sys-net-ip|HTTPS/mirrors.fedoraproject.org/metalink?repo=fedora-38 [HTTP error, code: 503]

If I try curling directly from sys-net using apt-cacher-ng ip as all_proxy, things work correctly:

all_proxy=$apt-cacher-ng-ip:port curl -v http://HTTPS///mirrors.fedoraproject.org/metalink?repo=fedora-38&arch=x86_64
1686931962|M|Download of fedora/metalink?repo=fedora-38 started
1686931962|M|Download of fedora/metalink?repo=fedora-38 finished
1686931962|I|1162|$sys-net-ip|fedora/metalink?repo=fedora-38
1686931962|O|523|$sys-net-ip|fedora/metalink?repo=fedora-38

This is how request is arriving at apt-cacher-ng

Using tinyproxy:

GET http://HTTPS:80///mirrors.fedoraproject.org/metalink?repo=fedora-38 HTTP/1.0
Host: HTTPS
Connection: close
Accept: */*
User-Agent: curl/8.0.1

Using apt-cacher-ng as proxy directly

GET http://HTTPS///mirrors.fedoraproject.org/metalink?repo=fedora-38 HTTP/1.1
Host: HTTPS
User-Agent: curl/8.0.1
Accept: */*
Proxy-Connection: Keep-Alive

Not fully sure if the bug is on tinyproxy or apt-cacher-ng end, however I found libcurl violates RFC7230 when constructing a proxy request with an explicit port ":80" in the URL · Issue #6769 · curl/curl · GitHub and that :80 is the only relevant difference between these 2 requests, probably making apt-cacher-ng rewrite fail.

Just tried with a docker curl 7.71.1 image (as reported in the issue) and I confirm it also fails on apt-cacher-ng with 503 Host not found.

all_proxy=$apt-cacher-ng-ip:port curl -v http://HTTPS:80///mirrors.fedoraproject.org/m
etalink?repo=fedora-38&arch=x86_64

< HTTP/1.1 503 Host not found

If this is a RFC thing then I guess the bug must be solved on tinyproxy, in the meanwhile there’re some workarounds:

  • Using another proxy (nginx, squid, mitmproxy) in sys-net
  • Add $apt-cacher-ng-ip package-cacher entry on sys-net /etc/hosts, disable Upstream on tinyproxy and specify mirror as:
http://package-cacher/HTTPS///mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch&protocol=http