# Proxmox VE 9 & Debian 13 Air-Gapped Update Guide This guide describes how to set up an intermediate APT cache on an internet-connected machine (via VirtualBox) and transfer that cache to an air-gapped environment to update Proxmox VE 9 installations. ## Phase 1: VirtualBox Setup (Internet-Facing Host) On your internet-connected machine, you need two virtual entities: the **Cache Server** and a **Template Proxmox VM** to "pull" the initial data. ### 1.1 Debian 13 (Trixie) Cache VM 1. **Create VM:** 2 vCPUs, 2GB RAM, 50GB+ Disk (depending on how many packages you cache). 2. **Networking:** Use **Bridged Adapter** to ensure it has its own IP on your local network. 3. **OS Installation:** Install a minimal Debian 13 (Netinst). Ensure `SSH server` and `Standard system utilities` are selected. I did set it up with the hostname `prox-cache` in my lan with the domain `lan.zn80.net` with the IP `192.168.0.240/24`. When you get asked what to install in addition to the basis system, deselct the `Desktop Environment` and select only `WebServer`, `SSH Server` and `Standard System Utilities`. After starting the system, enable the `sshd.service` ```bash systemctl enable sshd.service systemctl start sshd.service ``` Also add a static IP address by editing the `/etc/network/interfaces` file: ```bash # The primary network interface allow-hotplug enp0s3 iface enp0s3 inet static address 192.168.0.240/24 gateway 192.168.0.1 ``` This should be it for now. Continue with installing the Proxmox-Feeder. ### 1.2 Proxmox VE 9 "Feeder" VM To populate the cache, you need a machine that requests the specific Proxmox 9 packages. 1. **Create VM:** 2 vCPUs, 4GB RAM, 20GB Disk. 2. **OS Installation:** Install Proxmox VE 9 (or Debian 13 + PVE 9 packages). 3. **Networking:** Ensure it can reach the Debian 13 Cache VM. Id did set it up with the hostname `prox-feeder` in my lan with the domain `lan.zn80.net` with the IP `192.168.0.241/24`. After installing the proxmox feeder vm we need to configure the in the next steps. Do not update the initial installation yet. --- ## Phase 2: Setting up APT-Cacher-NG (Cache Server) Before installing the cache, we will optimize the Debian mirror selection to ensure the fastest download speeds. ### 2.1 Optimization: Selecting the Fastest Mirror Install `netselect-apt` to automatically determine the best mirror for Debian 13. ```bash # Install netselect-apt sudo apt update sudo apt install netselect-apt -y # Find the fastest mirror for Debian 13 (Trixie) # This creates a 'sources.list' file in the current directory sudo netselect-apt trixie # Backup existing sources and apply the new optimized list sudo mv /etc/apt/sources.list /etc/apt/sources.list.bak sudo mv sources.list /etc/apt/sources.list sudo apt update ``` ### 2.2 Install and Configure APT-Cacher-NG Now, install the caching service which will use the fast mirrors selected above. ### Installation ```bash sudo apt install apt-cacher-ng -y ``` ### Configuration Edit the configuration to ensure it allows Proxmox repositories: ```bash sudo nano /etc/apt-cacher-ng/acng.conf ``` Ensure the following line is active to allow HTTPS tunneling if necessary: `PassThroughPattern: .*` ### Restart Service ```bash sudo systemctl restart apt-cacher-ng ``` --- ## Phase 3: Populating the Cache On your **Proxmox VE 9 "Feeder" VM**, tell APT to use the Cache Server. 1. Create a proxy configuration file: ````bash echo 'Acquire::http::Proxy "http://:3142";' | sudo tee /etc/apt/apt.conf.d/00proxy ```` 2. Run the updates to pull data into the cache: ````bash apt update apt dist-upgrade -y ``` Now, all downloaded `.deb` files are stored on the Debian 13 Cache VM in `/var/cache/apt-cacher-ng`. ```` --- ## Phase 4: Exporting the Cache to the Air-Gapped System Since the target system is air-gapped, we must physically move the data. ### 4.1 On the Internet-Connected Cache VM: Compress the cache data: ```bash sudo tar -cvzf pve-cache-export.tar.gz /var/cache/apt-cacher-ng ``` Copy `pve-cache-export.tar.gz` to a USB drive or mobile storage. ### 4.2 On the Air-Gapped Target System: You need a machine (or LXC container) in the air-gapped network to act as the **Local Cache Server**. 1. Install a Debian 13 LXC or VM on your air-gapped Proxmox. 2. Install `apt-cacher-ng` (you might need to install this manually via `.deb` files once if the container isn't prepared). 3. Import the data: ```bash # Extract the data to the correct location sudo tar -xvzf /path/to/usb/pve-cache-export.tar.gz -C / sudo chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng sudo systemctl restart apt-cacher-ng ``` --- ## Phase 5: Configuring Air-Gapped Proxmox Clients Now, configure all your air-gapped Proxmox 9 nodes to use the internal cache server. ### 5.1 Set the Proxy Edit `/etc/apt/apt.conf.d/00proxy` on **every** node: ````markdown ```text Acquire::http::Proxy "http://:3142"; ``` ```` ### 5.2 Update Repository Sources Ensure your `/etc/apt/sources.list` and `/etc/apt/sources.list.d/pve-enterprise.list` point to standard URLs. Even though there is no internet, `apt-cacher-ng` will trick APT into thinking it's talking to the real servers, while actually serving the files from the local disk. **Example for Proxmox 9 (No-Subscription):** ````text deb [http://download.proxmox.com/debian/pve](http://download.proxmox.com/debian/pve) trixie pve-no-subscription ```` ### 5.3 Run Update ```bash apt update apt dist-upgrade ``` --- ## Troubleshooting & Maintenance * **Maintenance:** To update the air-gapped system again, repeat Phase 3 (on the internet host) and Phase 4 (transfer). * **Disk Space:** Monitor `/var/cache/apt-cacher-ng`. You can use the web interface at `http://:3142/acng-report.html` to manage the expiration of old packages. --- Soll ich dir noch spezifische Konfigurationsparameter für die Proxmox Enterprise Repositories heraussuchen, falls du diese über den Cache spiegeln möchtest?