It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy (e.g. Squid) for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls.
In a datacenter where you could have hundreds of host instances all needing the same package/kernel/security patch, having a cache of packages inside your network can save a significant amount of network bandwidth and operator time.
And just like an internet proxy that whitelists only specific domains, a package proxy can have a whitelist of apt repositories, as well as a blacklist of specific packages.
In this article we’ll go through installation and configuration of squid-deb-proxy, which is just a packaging of Squid3 with specific tunings for package caching. Since most Security and Operations teams are familiar with Squid already, this makes it easier to get deployment approval versus other package caching solutions.