Nginx Inc. provides access to the nginx-plus package and repository using SSL certificates. Their instructions include the configuration of apt for Ubuntu, but for people using apt-mirror and Puppet to manage their internal servers, additional custom configurations are required.
The standard apt configuration for nginx-plus might look like this:
$ cat /etc/apt/apt.conf.d/90nginx
Acquire::https::plus-pkgs.nginx.com::Verify-Peer "true";
Acquire::https::plus-pkgs.nginx.com::Verify-Host "true";
Acquire::https::plus-pkgs.nginx.com::CaInfo "/etc/ssl/nginx/CA.crt";
Acquire::https::plus-pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt";
Acquire::https::plus-pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key";
The connection to the nginx-plus repository must be made using HTTPS and authentication is handled by client certificates. As provided, apt-mirror is not able to manage SSL certificates, so two sections in the apt-mirror script must be modified. The %config_variables
array defines the settings read from its configuration files. We will add the ‘certificate’, ‘private_key’, and ‘ca_certificate’ settings to the array.