# Offline for "freebsd-update" "portsnap"



## ipfreak (Feb 2, 2016)

Hello,

I built one FreeBSD on internal network (remote VM, no usb) which locks outside connections. so I can't do anything in terms of keeping the system up to date.

I have two questions for this scenario:

1) Where and what files I need to get in order to conduct offline updates?
2) any specific procedures for this offline updates?

Thanks

_dave


----------



## SirDice (Feb 2, 2016)

ipfreak said:


> 1) Where and what files I need to get in order to conduct offline updates?


That depends on the update.



> 2) any specific procedures for this offline updates?


Yes, there aren't any. It's assumed the machine is able to access the internet. 


Alternatively, you can configure freebsd-update(8) to update via a proxy. It's plain HTTP(S) traffic so it's easily proxied and cached. For ports/packages I highly recommend setting up your own (internal) repository.


----------



## ipfreak (Feb 2, 2016)

SirDice said:


> That depends on the update.
> 
> 
> Yes, there aren't any. It's assumed the machine is able to access the internet.
> ...




Thanks. sorry, I am using 10.1. not sure what kinda of hypervisor underneath of my VM machine.

Could you be more specific about this https proxy method?

Thanks

_dave


----------



## SirDice (Feb 3, 2016)

This is what I used to configure an Apache 2.2 server to proxy freebsd-update(8):

```
<VirtualHost *:80>
  ServerAdmin info@example.com
  ServerName fbsd-update.example.com

  ProxyRequests Off
  ProxyPreserveHost Off

  <Proxy *>
    Order Deny,Allow
    Allow from All
  </Proxy>

  ProxyPass / http://update.freebsd.org/

  <Location />
    ProxyPassReverse /
    Order Allow,Deny
    Allow from All
  </Location>

  <IfModule cache_module>
    <IfModule disk_cache_module>
      CacheEnable disk /
      CacheRoot /var/cache/freebsd-update/
    </IfModule>
  </IfModule>

</VirtualHost>
```

You can then configure each client's /etc/freebsd-update.conf and change this line:

```
ServerName fbsd-update.example.com
```

This uses HTTP but can be easily changed to include HTTPS.


----------

