Install internalized Chocolatey packages from your offline repository

While people frequently use Chocolatey for personal devices, it is also an excellent tool to use for managing software for organizations. One of the great components of Chocolatey is the community software repository, which has over 5,800 unique Windows packages at the moment. For personal use, it is not a terrible idea to install packages from here directly. However, an organization needs to use Chocolatey more in an offline fashion, without depending on the internet to manage their software.

On the server you would like Chocolatey Server to run on, you have to execute this:

Set-ExecutionPolicy Bypass -Scope Process -Force
choco upgrade chocolatey.server -y --pre

Chocolatey will add the IIS feature, create a site, and do some additional configuring to get it ready to be a feed. It won’t do all of the tasks you probably need though. So I recommend you do these tasks as well:

  • Change the ApiKey in web.config
  • Set up basic authentication to restrict access to the IIS site
  • Install an SSL certificate

After completing this, you have your own Chocolatey package feed that you can start populating with packages.

Configuring Chocolatey clients ^

To install the Chocolatey client software, we usually point to Chocolatey itself, which downloads the install script. Since we have Chocolatey Server set up (hostname choco-1), we can actually just point our clients there from PowerShell:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://choco-1/install.ps1'))

Now that we’ve installed Chocolatey, there is some additional configuring to do for organizational use. I will illustrate a few examples here.

First, let’s remove the Chocolatey community feed as a source. Organizations should never have clients install packages from the community repository:

choco source remove --name="'chocolatey'"

Next, let’s add our internal repository as a source:


Comments are closed.