Having a local Ubuntu repository mirror greatly improves package download speed and removes external dependencies during system updates. For my lab setup, I created a dedicated VM to host the mirror, exposed securely over HTTPS using Apache.

This post documents the complete setup—from installing apt-mirror to configuring TLS and preparing the repository structure.

Note on Storage Requirements

As of now, the complete Ubuntu 22.04 (Jammy) repository mirror occupies approximately 573 GB. Since the mirror grows over time with updates, new packages, and additional components, it’s best to plan extra headroom. I allocated 900 GB of storage for the mirror VM to ensure long-term capacity and avoid running into space issues during future syncs.

1. Update the Server

Always start by updating the system:

apt update -y

2. Install Required Packages

Install the Ubuntu mirror tool and Apache web server:

apt install -y apt-mirror apache2

apt-mirror handles syncing Ubuntu repositories
Apache provides the HTTPS endpoint for serving the packages

3. Prepare the Mirror Directory

Create the directory where mirrored packages will live:

mkdir -p /var/www/ubuntu

Set correct ownership and permissions for Apache:

chown -R root:www-data /var/www/ubuntu
chmod -R 755 /var/www/ubuntu

Apache will later expose this directory securely.

4. Enable HTTPS on Apache

Activate SSL and supporting modules:

a2enmod ssl
a2enmod headers
systemctl restart apache2

These modules allow encrypted connections and apply basic security headers.

5. Install SSL Certificates

Copy your certificates into place:

/etc/ssl/certs/yourdomain.crt
/etc/ssl/private/yourdomain.key
/etc/ssl/certs/ca_bundle.crt

Set secure permissions:

Private Key

chmod 640 /etc/ssl/private/yourdomain.key
chown root:www-data /etc/ssl/private/yourdomain.key

Certificate

chmod 644 /etc/ssl/certs/yourdomain.crt
chown root:root /etc/ssl/certs/yourdomain.crt

CA Bundle

chmod 644 /etc/ssl/certs/ca_bundle.crt
chown root:root /etc/ssl/certs/ca_bundle.crt

6. Create Apache Virtual Host Configuration

Create the file:

/etc/apache2/sites-available/mirror.conf

Add the following:

<VirtualHost *:80>
    ServerName mirror.yourdomain.net
    Redirect / https://mirror.yourdomain.net/
</VirtualHost>

<VirtualHost *:443>
    ServerName mirror.yourdomain.net

    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/yourdomain.crt
    SSLCertificateKeyFile   /etc/ssl/private/yourdomain.key
    SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt

    # SSL hardening
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    Header always set X-Content-Type-Options nosniff

    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

Add a global server name to avoid warnings:

Edit /etc/apache2/apache2.conf:

ServerName mirror.yourdomain.net

Since this VM is dedicated to the repository, using a fixed ServerName is appropriate.

7. Enable the Mirror Site

Disable default sites:

a2dissite 000-default
a2dissite default-ssl

Enable your new mirror configuration:

a2ensite mirror
systemctl restart apache2

8. Create Symlink for the Repository

Link the mirrored Ubuntu archive into the Apache document root:

ln -s /var/www/ubuntu/mirror/archive.ubuntu.com/ubuntu /var/www/html/ubuntu

Now the mirror is accessible at:

https://mirror.yourdomain.net/ubuntu

9. Configure apt-mirror

Edit the mirror configuration file:

/etc/apt/mirror.list

Use the following template:

set base_path     /var/www/ubuntu
set nthreads      5
set _tilde        0
set arch          amd64

deb http://archive.ubuntu.com/ubuntu jammy main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu jammy-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse

clean http://archive.ubuntu.com/ubuntu

Adjust the Ubuntu version (jammy, focal, etc.) based on your environment.

10. Start the Mirror Sync

Start a long-running mirror sync inside a screen session:

screen -S ubuntu-mirror
apt-mirror

The initial sync can take several hours depending on:

CPU and disk speed
Number of threads
Internet bandwidth
Repository size

Subsequent syncs are incremental and significantly faster.

Conclusion

You now have a fully functional, HTTPS-enabled local Ubuntu repository mirror hosted inside your infrastructure. This setup offers:

Faster package downloads
Reduced load on external networks
Improved availability during outages
A controlled and reproducible update environment

This mirror can be used by all Ubuntu servers in your lab by pointing /etc/apt/sources.list to:

https://mirror.yourdomain.net/ubuntu