To run the Snap Store Proxy, you will need:
- A server running Ubuntu 18.04 LTS or newer on AMD64.
- The ability (e.g. firewall rules) for the server to initiate network connections to https://api.snapcraft.io, https://public.apps.ubuntu.com, and https://login.ubuntu.com.
- A domain name for the server.
- A PostgreSQL instance (see the Database section).
- An RSA key pair to register the snap-store-proxy identity (these can be
generated for you with:
First, if your network requires an HTTPS proxy to get to the above domains, you must first configure snapd on the installation server to use that HTTPS proxy in order to be able to install the snap-store-proxy snap package.
Do this by adding the appropriate environment variables (
https_proxy) to the server’s
/etc/environment file, and restarting
sudo systemctl restart snapd
Installing the stable release of the Snap Store Proxy is as simple as:
sudo snap install snap-store-proxy
This will install the snap, which provides a collection of systemd
services, and the
snap-proxy CLI tool to control the proxy.
The Snap Store Proxy will require a domain or IP address to be set for the configuration and access by other devices.
sudo snap-proxy config proxy.domain="<domain>"
This can be done after the database is created, but is required before registration can succeed.
The proxy will listen on all interfaces on port 443 (with a redirect from 80).
When setting up a Snap Store Proxy for production usage, we recommend you have a properly configured PostgreSQL service set up, with backups and possibly HA. However, if you are evaluating the Snap Store Proxy or using it in a local deployment, you can use a local PostgreSQL.
The example below illustrates the expected PostgreSQL set up in terms of a role, database, and a database extension that are required by the Snap Store Proxy.
Ensure that proper PostgreSQL database, user and database extensions are set up.
This can be done by adjusting the following script to your needs and running it
psql as your PostgreSQL server superuser:
CREATE ROLE "snapproxy-user" LOGIN CREATEROLE PASSWORD 'snapproxy-password'; CREATE DATABASE "snapproxy-db" OWNER "snapproxy-user"; \connect "snapproxy-db" CREATE EXTENSION "btree_gist";
Simple local Ubuntu setup can look like this:
sudo apt install postgresql
Save the above PostgreSQL script as proxydb.sql and run it:
sudo -u postgres psql < proxydb.sql
Once the database is prepared, set the connection string:
sudo snap-proxy config proxy.db.connection="postgresql://snapproxy-user@localhost:5432/snapproxy-db"
After doing this, you will be prompted to enter the password for that PostgreSQL user.
You can check that the Proxy can access all the network locations it needs to with:
If you require traffic between your Snap Store Proxy and the internet to go via another HTTP proxy, you can configure your Snap Store Proxy to do so with:
sudo snap-proxy config proxy.https.proxy="https://myproxy.internal:3128"
Snap Store Proxy also uses the
https_proxy environment variable if it's set.
http_proxy is ignored as all outgoing traffic is encrypted.
You can override this default behavior and configure your Snap Store Proxy to only trust a specific list of CAs:
cat your-ca.crt another-ca.crt | sudo snap-proxy use-ca-certs
This can be useful in cases when you want your Snap Store Proxy to trust your internal CA for example.
To reset CA certificates back to defaults, run:
sudo snap-proxy remove-ca-certs
You can run multiple instances of the Snap Store Proxy, load balanced using round-robin DNS. All instances need to have the same configuration and connect to the same shared database. Once a key pair has been registered, it will not need registering on other instances.
Note: The download caching will currently be less efficient when running multiple instances, as the instances are not aware of each other. Support for shared caching is planned for later releases of the Snap Store Proxy.