Verdaccio

[toc]

# verdaccio是什么?

[官网地址](https://verdaccio.org/)
A lightweight private npm proxy registry

一个轻量级的npm中心代理仓库!采用node实现的
简单点说,就是npm私有部署仓库,类似npm官方付费的私有仓.

# 搞的动机
为什么会搞这个?
是想把我们公司的npm私有仓从nexus迁移出来.
我们目前和后端共用nexus,因为nexus也能管理maven这些!
npm私有仓库独立出来,后续好推向整个公司!!
我们这里采用docker自己部署(用的是v4.6.x),方便后续滚动更新.
配置文件及模块缓存目录是从外部映射进去,维护比较弹性
外网访问是通过nginx代理,内网集群是通过安全组策略授权.
注意: 非采用官方docker镜像.

# docker安装
[官方各版本 docker-example](https://github.com/verdaccio/verdaccio/blob/master/docker-examples)
## docker-compose.yaml
```
version: '3.4'

services:
  verdaccio:
    image: verdaccio/verdaccio
    restart: always
    container_name: "verdaccio"
    environment:
      - VERDACCIO_PORT=4873
      - NODE_DEBUG=request verdaccio
      - DEBUG=verdaccio* verdaccio

ports:
      - "4873:4873"
    volumes:
      - "./data/storage:/verdaccio/storage"
      - "./data/config:/verdaccio/conf"
      - "./data/plugins:/verdaccio/plugins"

```

## verdaccio配置文件-config.yaml
[verdaccio官方-配置文档](https://verdaccio.org/zh-cn/docs/configuration/)
```
[root@drone-agent npm-reg]# cat verdaccio-data/config/config.yaml 
#
# This is the config file used for the docker images.
# It allows all users to do anything, so don't use it on production systems.
#
# Do not configure host and port under `listen` in this file
# as it will be ignored when using docker.
# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: /verdaccio/storage # 包存储地址
# path to a directory with plugins to include
plugins: /verdaccio/plugins # 插件存储地址

web:
  # WebUI is enabled as default, if you want disable it, just uncomment this line
  enable: true      # 开启 Web 页面
  title: Verdaccio  # Web 页面标题
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc
  # darkMode: true

# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
#   web: en-US

auth:
  htpasswd:   # 默认情况下使用的 htpasswd 插件作为身份认证
    file: /verdaccio/storage/htpasswd   # htpasswd 文件为加密认证信息文件
    # Maximum amount of users allowed to register, defaults to "+infinity".
    # You can set this to -1 to disable registration.
    # max_users: 1000   # 最大用户数量， -1 表示禁用新用户注册

# a list of other known repositories we can talk to
uplinks:
  npmjs:    # 上行名称，随便定义
    url: https://registry.npmjs.org/ # 上行地址
      timeout: 30s  # 超时时间
  taobao:    # 上行名称
    url: https://registry.npm.taobao.org/   # 上行地址
    timeout: 30s

# 包访问设置, 可以根据名称对包做不同权限设置
packages:
  '@*/*':
    # scoped packages
    access: $all    # 所有人都可以访问
    publish: $authenticated   # 登录用户才允许发布
    unpublish: $authenticated # 登录用户才允许撤销发布
    proxy: npmjs

'**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

# allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

# if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

server:
 keepAliveTimeout: 30    # 服务器保持活动链接的时间,较大的包可能会消耗一定时间,此属性就是设置活动链接时间

middlewares:
  audit:
    enabled: true

# log settings
logs:
  - { type: stdout, format: pretty, level: http }
  #- {type: file, path: verdaccio.log, level: info}
#experiments:
#  # support for npm token command
#  token: false
#  # support for the new v1 search endpoint, functional by incomplete read more on ticket 1732
#  search: false

# This affect the web and api (not developed yet)
#i18n:
#web: en-US

```

## 客户端配置
![title](/api/file/getImage?fileId=62675c292f0f82000b0001e8)

## auth(身份认证)
### htpasswd插件
auth 是设置 用户身份凭证的属性

Verdaccio 项目默认使用了 htpasswd 插件作为 用户认证 服务。

htpasswd 插件需要提供一个存储用户凭证的文件：/verdaccio/conf/htpasswd。

max_users 属性表示最大注册用户， 当值为 -1 时，表示禁止用户注册；当值不为 -1时，可以使用 npm adduser 命令添加用户。

禁用用户注册时，可以使用 [htpasswd-generator](https://hostingcanada.org/htpasswd-generator/)工具 生成身份凭证，然后存储在 /verdaccio/conf/htpasswd。
### ldap
>[ldap插件](https://www.npmjs.com/package/verdaccio-ldap)
这个还未测试过，应该需要基于官方镜像加入插件功能。

账号机制及授权
我们是公司内部使用,所以走ldap是必然的。
verdaccio支持插件机制,这里我们用了这个插件:
verdaccio-ldap : 这个插件基本满足账号的打通!
授权机制也是通过ldap插件给定某个组,
对应的资源发包和撤回权限采用授权组即可.
当然也可以特定到某个用户!如图
![title](/api/file/getImage?fileId=626769132f0f82000b0001e9)
![title](/api/file/getImage?fileId=6267691b2f0f82000b0001ea)

# 反向代理
[官方配置](https://verdaccio.org/zh-CN/docs/reverse-proxy)
用到nginx SSL example
```
server {
    listen 80;
    return 302 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name localhost;

ssl_certificate     /etc/nginx/cert.crt;
    ssl_certificate_key /etc/nginx/cert.key;

ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_pass          http://verdaccio_v4_root;
        proxy_read_timeout  600;
        proxy_redirect off;
    }

location ~ ^/verdaccio/(.*)$ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://verdaccio_v4_root/$1;
        proxy_redirect off;
    }
}
```

## 参考
https://www.cnblogs.com/yan7/p/15889942.html
https://juejin.cn/post/6844904193501691917

导航

最近发表

友情链接