From owner-freebsd-questions@freebsd.org Sat Aug 13 13:38:16 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A949FBB81E4 for ; Sat, 13 Aug 2016 13:38:16 +0000 (UTC) (envelope-from vlad-fbsd@acheronmedia.com) Received: from mail.irealone.com (fawn.irealone.com [IPv6:2001:1af8:4010:a07b:10::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 74AB51940 for ; Sat, 13 Aug 2016 13:38:16 +0000 (UTC) (envelope-from vlad-fbsd@acheronmedia.com) Received: by mail.irealone.com (Postfix, from userid 1002) id BFB1460F26; Sat, 13 Aug 2016 15:38:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=acheronmedia.com; s=mail; t=1471095494; bh=nUWIQPo/jCdFBBUev2EEK6y0xR40p9WBnG6FYrYRWl0=; h=To:Subject:Date:From:In-Reply-To:References:From; b=E2rcvohkUbElBdmrjmb+XFz+NG8jW7fGTrdNLuSQDTmNwxto0qmWRJLX3d48ZoZ09 ghlIfHrUA1jyZ6YLY6lk8tZfFkjup0VNHhhwZ7HjO28fF649l73Vgd6AtP9BiYurHy 0r3tPMA8R0xHKAqaxc4FZBUay4sOB4+2VgOtNhII= To: freebsd-questions@freebsd.org Subject: Re: freebsd-update's "Fetching patches" phase? X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 13 Aug 2016 15:38:14 +0200 From: "Vlad K." Organization: Acheron Media In-Reply-To: <20160813142023.620de294@gumby.homeunix.com> References: <823dd643595a5be72671fd5d9c7199b0@acheronmedia.com> <20160813142023.620de294@gumby.homeunix.com> Message-ID: <0f41085ce2c14ad63627a3379dfaee5a@acheronmedia.com> X-Sender: vlad-fbsd@acheronmedia.com User-Agent: Roundcube Webmail/1.1.5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Aug 2016 13:38:16 -0000 On 2016-08-13 15:20, RW via freebsd-questions wrote: > On Sat, 13 Aug 2016 12:28:43 +0200 > > That's where the updates are downloaded. Yes, but I mean specifically the patches, since this is binary upgrade, and is followed by "Fetching files" of equally large number of them. > It might be because of the MITM vulnerability in freebsd-update. Ah, that might explain it. But is that the case? > If you use a proxy each client should be have HTTP_PROXY set to the > same thing as this is used the seed the random selection of origin > servers. If you intercept the connections it wont cache well. Actually I'm not using HTTP_PROXY at all, but I've set ServerName in /etc/freebsd-update.conf to hostname where the rev proxy is. There nginx is running with proxy cache, including cached 404s. Thanks for your reply! -- Vlad K.