Issues with tinyproxy and external apt-cacher-ng

I’m running an external apt-cacher-ng instance to cache packages on my network, however it seems there’s an issue with tinyproxy Upstream option and the HTTPS/// rewrite on apt-cacher-ng.

Flow is as follow
Fedora 38 Template <-> Tinyproxy (On sys-net) <-> Apt-Cacher-NG (On another PC)

Fedora 38 /etc/yum.repos.d/fedora.repo



Tinyproxy /etc/tinyproxy/tinyproxy-updates.conf


Upstream $apt-cacher-ng-ip:port

However, requests are arriving at apt-cacher-ng as:

1686930988|E|647|$sys-net-ip|HTTPS/ [HTTP error, code: 503]

If I try curling directly from sys-net using apt-cacher-ng ip as all_proxy, things work correctly:

all_proxy=$apt-cacher-ng-ip:port curl -v http://HTTPS///
1686931962|M|Download of fedora/metalink?repo=fedora-38 started
1686931962|M|Download of fedora/metalink?repo=fedora-38 finished

This is how request is arriving at apt-cacher-ng

Using tinyproxy:

GET http://HTTPS:80/// HTTP/1.0
Connection: close
Accept: */*
User-Agent: curl/8.0.1

Using apt-cacher-ng as proxy directly

GET http://HTTPS/// HTTP/1.1
User-Agent: curl/8.0.1
Accept: */*
Proxy-Connection: Keep-Alive

Not fully sure if the bug is on tinyproxy or apt-cacher-ng end, however I found libcurl violates RFC7230 when constructing a proxy request with an explicit port ":80" in the URL · Issue #6769 · curl/curl · GitHub and that :80 is the only relevant difference between these 2 requests, probably making apt-cacher-ng rewrite fail.

Just tried with a docker curl 7.71.1 image (as reported in the issue) and I confirm it also fails on apt-cacher-ng with 503 Host not found.

all_proxy=$apt-cacher-ng-ip:port curl -v http://HTTPS:80///

< HTTP/1.1 503 Host not found

If this is a RFC thing then I guess the bug must be solved on tinyproxy, in the meanwhile there’re some workarounds:

  • Using another proxy (nginx, squid, mitmproxy) in sys-net
  • Add $apt-cacher-ng-ip package-cacher entry on sys-net /etc/hosts, disable Upstream on tinyproxy and specify mirror as: