For over a year I've been successfully using apt-get through squid proxy on my home network. I use it to cache updates for multiple computers running Linux Mint 17 (an Ubuntu Trusty derivative, if anyone doesn't already know). I have squid running on a headless Ubuntu Trusty server installation.
I haven't changed anything in the configuration of either apt or squid, but suddenly since two days ago I can't connect to security.ubuntu.com via apt-get. The error returned is '503 Service Unavailable'. No other ubuntu mirror or website is blocked.
When I set up the proxy, I created the file '/etc/apt/apt.conf.d/80proxy' containing a single line pointing to my squid server:
Code:
Acquire::http::proxy "http://emachine:3128";
and it's been working without any problem until now. If I comment out the line the updates from security.ubuntu.com proceed correctly.
I've been trying to figure this out for two days now and I've hit a wall. I can't see any reason why this has occurred.
Any ideas as to why this has suddenly occurred? Has something changed with the downloads from security.ubuntu.com that requires changing my squid configuration?
In case it's useful, here is my /etc/squid3/squid.conf file:
Code:
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
acl SSL_ports port 443 21
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ftp proto FTP
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ftp
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_replacement_policy heap LFUDA
minimum_object_size 0
maximum_object_size 5120000 KB
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh-ims
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 ignore-no-cache
refresh_pattern . 0 20% 4320
cache_mgr bogus@bogus.com
cache_dir ufs /var/spool/squid3 15360 64 256phil@emachine:/etc/squid3$
and this is the output when I run apt-get update on the server itself via ssh:
Code:
Ign http://security.ubuntu.com trusty-security InRelease
Ign http://security.ubuntu.com trusty-security Release.gpg
Ign http://security.ubuntu.com trusty-security Release
Ign http://security.ubuntu.com trusty-security/main Sources/DiffIndex
Ign http://security.ubuntu.com trusty-security/restricted Sources/DiffIndex
Ign http://security.ubuntu.com trusty-security/universe Sources/DiffIndex
Ign http://security.ubuntu.com trusty-security/multiverse Sources/DiffIndex
Ign http://security.ubuntu.com trusty-security/main i386 Packages/DiffIndex
Ign http://security.ubuntu.com trusty-security/restricted i386 Packages/DiffIndex
Ign http://security.ubuntu.com trusty-security/universe i386 Packages/DiffIndex
Ign http://security.ubuntu.com trusty-security/multiverse i386 Packages/DiffIndex
Ign http://mirror.internode.on.net trusty InRelease
Hit http://mirror.internode.on.net trusty-updates InRelease
Hit http://mirror.internode.on.net trusty-backports InRelease
Hit http://mirror.internode.on.net trusty Release.gpg
Hit http://mirror.internode.on.net trusty-updates/main Sources
Ign http://security.ubuntu.com trusty-security/main Translation-en_AU
Ign http://security.ubuntu.com trusty-security/main Translation-en
Ign http://security.ubuntu.com trusty-security/multiverse Translation-en_AU
Ign http://security.ubuntu.com trusty-security/multiverse Translation-en
Ign http://security.ubuntu.com trusty-security/restricted Translation-en_AU
Ign http://security.ubuntu.com trusty-security/restricted Translation-en
Ign http://security.ubuntu.com trusty-security/universe Translation-en_AU
Ign http://security.ubuntu.com trusty-security/universe Translation-en
Err http://security.ubuntu.com trusty-security/main Sources
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/restricted Sources
503 Service Unavailable
Hit http://mirror.internode.on.net trusty-updates/restricted Sources
Err http://security.ubuntu.com trusty-security/universe Sources
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/multiverse Sources
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/main i386 Packages
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/restricted i386 Packages
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/universe i386 Packages
503 Service Unavailable
Err http://security.ubuntu.com trusty-security/multiverse i386 Packages
503 Service Unavailable
Hit http://mirror.internode.on.net trusty-updates/universe Sources
Hit http://mirror.internode.on.net trusty-updates/multiverse Sources
Hit http://mirror.internode.on.net trusty-updates/main i386 Packages
Hit http://mirror.internode.on.net trusty-updates/restricted i386 Packages
Hit http://mirror.internode.on.net trusty-updates/universe i386 Packages
Hit http://mirror.internode.on.net trusty-updates/multiverse i386 Packages
Hit http://mirror.internode.on.net trusty-updates/main Translation-en
Hit http://mirror.internode.on.net trusty-updates/multiverse Translation-en
Hit http://mirror.internode.on.net trusty-updates/restricted Translation-en
Hit http://mirror.internode.on.net trusty-updates/universe Translation-en
Hit http://mirror.internode.on.net trusty-backports/main Sources
Hit http://mirror.internode.on.net trusty-backports/restricted Sources
Hit http://mirror.internode.on.net trusty-backports/universe Sources
Hit http://mirror.internode.on.net trusty-backports/multiverse Sources
Hit http://mirror.internode.on.net trusty-backports/main i386 Packages
Hit http://mirror.internode.on.net trusty-backports/restricted i386 Packages
Hit http://mirror.internode.on.net trusty-backports/universe i386 Packages
Hit http://mirror.internode.on.net trusty-backports/multiverse i386 Packages
Hit http://mirror.internode.on.net trusty-backports/main Translation-en
Hit http://mirror.internode.on.net trusty-backports/multiverse Translation-en
Hit http://mirror.internode.on.net trusty-backports/restricted Translation-en
Hit http://mirror.internode.on.net trusty-backports/universe Translation-en
Hit http://mirror.internode.on.net trusty Release
Hit http://mirror.internode.on.net trusty/main Sources
Hit http://mirror.internode.on.net trusty/restricted Sources
Hit http://mirror.internode.on.net trusty/universe Sources
Hit http://mirror.internode.on.net trusty/multiverse Sources
Hit http://mirror.internode.on.net trusty/main i386 Packages
Hit http://mirror.internode.on.net trusty/restricted i386 Packages
Hit http://mirror.internode.on.net trusty/universe i386 Packages
Hit http://mirror.internode.on.net trusty/multiverse i386 Packages
Hit http://mirror.internode.on.net trusty/main Translation-en_AU
Hit http://mirror.internode.on.net trusty/main Translation-en
Hit http://mirror.internode.on.net trusty/multiverse Translation-en_AU
Hit http://mirror.internode.on.net trusty/multiverse Translation-en
Hit http://mirror.internode.on.net trusty/restricted Translation-en_AU
Hit http://mirror.internode.on.net trusty/restricted Translation-en
Hit http://mirror.internode.on.net trusty/universe Translation-en_AU
Hit http://mirror.internode.on.net trusty/universe Translation-en
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/main/source/Sources 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/restricted/source/Sources 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/universe/source/Sources 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/multiverse/source/Sources 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-i386/Packages 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/restricted/binary-i386/Packages 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/universe/binary-i386/Packages 503 Service Unavailable
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/multiverse/binary-i386/Packages 503 Service Unavailable
E: Some index files failed to download. They have been ignored, or old ones used instead.
Any help appreciated, preferably before my head explodes in frustration.
P.S. I just realised that glibc got updated to version 6.7 a couple of days ago due to a vulnerability in getaddrinfo(), that looks up domain information. It's probably just a coincidence that this occurred at about the same time as the problem I'm having with the squid proxy... isn't it?
P.P.S. This may be something to do with IPV6. 'ping security.ubuntu.com' works, but 'ping6 security.ubuntu.com' produces the error 'connect: Network is unreachable'. My web browser is configured to use the squid proxy, and trying to connect to 'security.ubuntu.com' in a browser produces the error 'Connection to 2001:67c:1360:8c01::18 failed. The system returned: (101) Network is unreachable.' If I disable the proxy config in the browser, though, the browser successfully redirects to 'http://www.ubuntu.com/usn/'.
P.P.P.S. I've applied a temporary workaround by adding
Code:
Acquire::http::proxy {
security.ubuntu.com DIRECT;
};
to /etc/apt/apt.conf.d/80proxy, but it isn't really a solution because it doesn't explain why this problem occurred in the first place.