What layout/files should debian repository have?

Solution 1:

  1. Is Debian repository just an HTTP file storage that fulfill some specific rules?

    Yes, but it can also be an FTP storage or just a local directory.

  2. What are the rules & the structure which are used to store packages?

    Debian Wiki: Debian Repository Format documents the structure of the official Debian repository and the format that is officially understood by clients.

  3. Is it enough to add deb http://my-repository.com stable non-free to /etc/apt/sources.list to use this repository?

    Yes but it depends on how you set up you repository. However the simplest is to setup a flat repository which have same setup as the trivial archive/repository (local directory)

    1. Better to create a folder for each release, ex: trusty.

    2. Copy your Debian packages into it.

    3. Generate package list (run it from its parent directory):

       dpkg-scanpackages -m trusty /dev/null | gzip -9c > ./trusty/Packages.gz
      
    4. Upload the whole folder to your site

    5. Now you can access it by adding the repository in this format:

       deb http://my-repository.com trusty/
      

      Note: / is a must here, as trusty is directory in this setup.

Update Note (2021-05-28): What's next?

That above will be somehow okay in a confined/closed private network. But publishing Debian packages into the public need more safety measures like:

  1. Signing: each package release file (while building), repository package lists
  2. And publish the public key from key pair used for signing so user can add it to APT.

Here is a Debian page with good overview about Secure APT