Most Debian software source configuration files use the traditional One-Line-Style, with the path being /etc/apt/sources.list; however, for container images, starting from Debian 12, the software source configuration file is changed to the DEB822 format, with the path being /etc/apt/sources.list.d/debian.sources. In general, replace the Debian default source address http://deb.debian.org/ in the corresponding file with the mirror address.

Debian Buster and above versions support HTTPS sources by default. If you are unable to pull the HTTPS source, please use the HTTP source and install it first:

{{sudo}}apt install apt-transport-https ca-certificates

Traditional format (/etc/apt/sources.list)

# The source mirror is commented out by default to increase the speed of apt update. You can uncomment it if necessary
{{#sid}}
deb {{endpoint}}/ sid main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src {{endpoint}}/ sid main contrib{{#nf}}{{nonfree}}{{/nf}}
{{/sid}}
{{^sid}}
deb {{endpoint}}/ {{release}} main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src {{endpoint}}/ {{release}} main contrib{{#nf}}{{nonfree}}{{/nf}}

deb {{endpoint}}/ {{release}}-updates main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src {{endpoint}}/ {{release}}-updates main contrib{{#nf}}{{nonfree}}{{/nf}}

deb {{endpoint}}/ {{release}}-backports main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src {{endpoint}}/ {{release}}-backports main contrib{{#nf}}{{nonfree}}{{/nf}}

# The following security update software sources include official sources and mirror site configurations. If necessary, you can modify the comments and switch them yourself
{{#mirror_security}}
deb {{endpoint}}-security {{release}}{{security}} main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src {{endpoint}}-security {{release}}{{security}} main contrib{{#nf}}{{nonfree}}{{/nf}}
{{/mirror_security}}
{{^mirror_security}}
deb https://security.debian.org/debian-security {{release}}{{security}} main contrib{{#nf}}{{nonfree}}{{/nf}}
{{src}}deb-src https://security.debian.org/debian-security {{release}}{{security}} main contrib{{#nf}}{{nonfree}}{{/nf}}
{{/mirror_security}}
{{/sid}}

DEB822 format (/etc/apt/sources.list.d/debian.sources)

{{#sid}}
Types: deb
URIs: {{endpoint}}
Suites: sid
Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# The source image is commented by default to improve the speed of apt update. You can uncomment it if necessary
{{src}}Types: deb-src
{{src}}URIs: {{endpoint}}
{{src}}Suites: sid
{{src}}Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
{{src}}Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
{{/sid}}
{{^sid}}
Types: deb
URIs: {{endpoint}}
Suites: {{release_deb822}} {{release_deb822}}-updates {{release_deb822}}-backports
Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# The source image is commented by default to improve the speed of apt update. You can uncomment it if necessary
{{src}}Types: deb-src
{{src}}URIs: {{endpoint}}
{{src}}Suites: {{release_deb822}} {{release_deb822}}-updates {{release_deb822}}-backports
{{src}}Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
{{src}}Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# The following security update software sources include official sources and mirror site configurations. If necessary, you can modify the comments and switch them yourself
{{#mirror_security}}
Types: deb
URIs: {{endpoint}}-security
Suites: {{release_deb822}}-security
Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

{{src}}Types: deb-src
{{src}}URIs: {{endpoint}}-security
{{src}}Suites: {{release_deb822}}-security
{{src}}Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
{{src}}Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
{{/mirror_security}}
{{^mirror_security}}
Types: deb
URIs: https://security.debian.org/debian-security
Suites: {{release_deb822}}-security
Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

{{src}}Types: deb-src
{{src}}URIs: https://security.debian.org/debian-security
{{src}}Suites: {{release_deb822}}-security
{{src}}Components: main contrib{{#nf}} non-free non-free-firmware{{/nf}}
{{src}}Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
{{/mirror_security}}
{{/sid}}

For quick and easy configuration, the debian-security configuration is also included here. Generally speaking, mirror sites will also provide debian-security. For more accurate information, you can go to Debian Security Help to confirm.

However, in general, in order to obtain security updates more promptly, it is not recommended to use the mirror site security update software source, because mirror sites often have synchronization delays. Reference https://www.debian.org/security/faq.en.html#mirror

The purpose of security.debian.org is to make security updates available as quickly and easily as possible.

Encouraging the use of unofficial mirrors would add extra complexity that is usually not needed and that can cause frustration if these mirrors are not kept up to date.

Connection reset by peer

In apt 2.1.9 and later versions, the HTTP Pipelining feature of apt is suspected to be incompatible with the Nginx server, which may cause occasional Connection reset by peer errors when downloading a large number of packages from mirror sites with high bandwidth (such as system upgrades) (see Debian bug #973581 for details).

Currently, users can solve this problem by turning off the HTTP Pipelining feature.
If you need to disable it, you can add the -o Acquire::http::Pipeline-Depth=0 parameter when using the apt command,
or use the following command to add the relevant settings to the apt system configuration:

echo "Acquire::http::Pipeline-Depth \"0\";" > /etc/apt/apt.conf.d/99nopipelining