# freebsd update



## balanga (Jul 4, 2021)

Is there any way I can find out what the files under /var/db/freebsd-update/ are composed of, and can I tell what was getting updated?

I have a number of disks in which this directory is populated and I would like to use the files to create my own local freebsd-update(8) repository but don't know version of FreeBSD is being updated.

Also, is it possible to have multiple repos for updating 12.0 to 12.1 or 12.2 or 13.0?


----------



## Deleted member 30996 (Jul 4, 2021)

```
jitte@bakemono:~ $ freebsd-version -kru
12.2-RELEASE-p7
12.2-RELEASE-p7
12.2-RELEASE-p9
jitte@bakemono:~ $ uname -a
FreeBSD bakemono 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENERIC  amd64
jitte@bakemono:~ $
```


----------



## SirDice (Jul 5, 2021)

Build Your Own FreeBSD Update Server
					

Building your own freebsd-update server allows a system administrator to perform fast updates for a number of machines from a local mirror




					docs.freebsd.org


----------



## SirDice (Jul 5, 2021)

I better solution, in my opinion, if you have multiple servers that need to access freebsd-update(8) is to set up a specific caching proxy server for this. I've set this up with nginx (at home) and Apache (for a client). The first machine will force the proxy to download the patches from the internet, the next machine to update will get its patches from the cached data. That's usually a lot faster and sped up my updates tremendously. You also don't need to allow all your systems direct access to the internet in order to update your machines as everything will go through the proxy server and only the proxy server needs access to update.freebsd.org.


----------



## Alain De Vos (Jul 5, 2021)

An update server is interesting when you have alot of machines to update. Otherwise do it manually?


----------



## SirDice (Jul 5, 2021)

There's nothing being automated here, you still have to run freebsd-update(8). The article just describes how you can set up your own update.freebsd.org server. It doesn't automate the updating itself.


----------



## Alain De Vos (Jul 5, 2021)

If i understand it correclty it's just the source that changes. So you can do it offline.


----------



## tux2bsd (Jul 5, 2021)

Since updates are the topic, *you can* update & install regardless of what changes:  `env PAGER=cat freebsd-update cron install` or immediately `env PAGER=cat freebsd-update fetch install`.  I found the latter very useful (I don't run the latter via cron).

edit: Note, "you can" doesn't mean "you should".  It's also good to know how to do things differently if you want to or have some need to, someone else might find it useful.


----------



## SirDice (Jul 5, 2021)

I don't use automatic updates. I like to plan these ahead of time and do them myself.


----------



## balanga (Jul 18, 2021)

SirDice said:


> I better solution, in my opinion, if you have multiple servers that need to access freebsd-update(8) is to set up a specific caching proxy server for this. I've set this up with nginx (at home) and Apache (for a client). The first machine will force the proxy to download the patches from the internet, the next machine to update will get its patches from the cached data. That's usually a lot faster and sped up my updates tremendously. You also don't need to allow all your systems direct access to the internet in order to update your machines as everything will go through the proxy server and only the proxy server needs access to update.freebsd.org.


Could you explain how you do this?

I have a system which has the freebsd update in /var/db/freebsd-update/. I presume this what you mean by the cached data. How do I use this to update a subsequent system?


----------



## SirDice (Jul 19, 2021)

Set up DNS so you can access the proxy server via fbsd-update.example.com for example.
Apache:

```
<VirtualHost *:80>
  ServerAdmin admin@example.com
  ServerName fbsd-update.example.com

  ProxyRequests Off
  ProxyPreserveHost Off

  <Proxy *>
    Require all granted
  </Proxy>

  ProxyPass / http://update.freebsd.org/

  <Location />
    ProxyPassReverse /
    Require all granted
  </Location>

  <IfModule cache_module>
    <IfModule cache_disk_module>
      CacheEnable disk /
      CacheRoot /var/cache/freebsd-update/
    </IfModule>
  </IfModule>

</VirtualHost>
```
Or nginx:

```
server {
      listen 192.168.x.x:80;
      server_name fbsd-update.example.com

      root /var/cache/fbsd-update;

      access_log /var/log/nginx/proxy-access.log;

      location / {
        proxy_cache fbsdupdate_cache;
        proxy_cache_lock on;
        proxy_buffering on;
        proxy_http_version 1.1;
        proxy_cache_revalidate  on;
        proxy_cache_valid      200  7d;
        expires max;
        add_header X-Proxy-Cache $upstream_cache_status;

        proxy_pass http://update.freebsd.org;
      }
    }
```

Then edit /etc/freebsd-update.conf and set `ServerName fbsd-update.example.com`


----------



## BjarneB (Jul 19, 2021)

SirDice: Are you sure that actually works?
you have recommended this solution a couple of times, so  before I updated my servers to Freebsd 13, i installed a squid server and pointed all updates through that.
Worked like a charm - almost!

The problem is that freebsd-update requests different files and from different servers, example of the latest filename:


			http://update1.freebsd.org/13.0-RELEASE/amd64/f/600331c7b65419a4b15de909fdb34e8744855338dc2d83b759f7876a1a0082ee.gz
		

And as long as the following servers request that file all is good since it it is in the cache. It is a delight to watch the update speeding along.

However, maybe the next server request files from (just a made up example)



			http://update2.freebsd.org/13.0-RELEASE/amd64/g/60726d3a302d84c72f513b947d0e00f739521b10bfe7187b8426df4932d7cbe6.gz
		


And the caching server does not recognize the file as an existing file and downloads a new copy.
i know there is the exact same problem for microsoft updates.

I have tried several times and varying all sort of stuff, but is literally a hit or miss in the cache.
Maybe I missed something obvious.


----------



## SirDice (Jul 19, 2021)

It does work (I have it implemented here). But you're right, it doesn't seem to cache everything and some things still get downloaded from the internet. Still significantly sped up the upgrade process though, so most of it should be coming from the cache.


----------

