我刚在我们的本地网络中构建了一个NPM Verdaccio私有注册服务器,我想配置一个UPLINK到我们在AWS上托管的远程NPM Verdaccio服务器(并保留原来的npmjs注册表)。
来自Verdaccio config.yaml 的摘录
uplinks:
npmjs:
url: https://registry.npmjs.org/
our-NPM-AWS-server:
url: https://our-NPM-AWS-server.com
基于文档(Verdaccio_UPLINK),无论如何我必须在那里设置Authentication参数。 我找到了UPLINKS here - uplink authorization&的使用情况。 here - getting an Auth Token,但这对我来说非常混乱,因为我不确定要将其设置为AUTH方法:
auth:
token:
type: bearer | basic,
token: "token",
token_env: true | <get name process.env> `NPM_TOKEN`
我无法找到任何可以指导我的教程,所以我想要一些见解&amp;帮助 - 在内部NPM服务器和设备上设置的必要条件也在远程NPM AWS服务器上。
配置:
内部NPM服务器
ubuntu 16.04,节点v8.11.1,npm v5.8,Verdaccio v.2.7.4,访问权限由.htpasswd控制,NPM可在端口80上访问(侦听http://127.0.0.1:4873)
AWS的远程自己的NPM服务器
ubuntu 14.04,节点v6.14.1,npm v3.10.10,Verdaccio v.2.7.4,访问权限由.htpasswd控制,NPM只能通过443从外部访问(proxy_http监听http://127.0.0.1:4873 url_prefix:https://our-NPM-AWS-server.com)
两台服务器都正常运行(您可以使用您的NPM帐户登录,推送软件包等)。
非常感谢
编辑2018-04-26
AWS NPM服务器已注册到应用程序ELB中,该服务器ELB侦听端口443. AWS NPM服务器侦听端口443并位于私有子网中。 我试图将AWS Verdaccio实例放入公共子网并直接访问它而不使用ELB,但是它没有任何影响并且行为相同。
AWS NPM的config.yaml文件 UPLINKS部分未更改
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $authenticated
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
我试图设置
'**':
access: $all
然而,它没有任何效果。
内部Verdaccio服务器的config.yaml
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: aws
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: aws
在内部Verdaccio实例上,我尝试从AWS Verdaccio实例获取一些软件包
npm pack --verbose verdaccio-bitbucket
这是来自AWS Verdaccio的日志:
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}
这是来自内部Verdaccio的日志,其中命令来自:
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
答案 0 :(得分:1)
您的配置正确但稍有不妥。我来解决它。
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Bearer <token_which_I_harvested_from_/.npmrc_file>"
不要使用Basic,它是Bearer verdaccio使用JWT,遗憾的是,verdaccio中间件不接受小写的 bearer (自verdaccio@v3.0.0-beta以来0.7)。
关于Basis和JWT的澄清。从版本verdaccio@2.3.0开始,所有的tokes都是用JWT库生成的,不知怎的,对于遗留/单元测试的原因我们仍然接受Basis authentification标头,但是,自verdaccio@2.3.0生成的所有新标记都必须生成在标题中使用Bearer而不是Basis。
我会报告几个问题Github,次要问题,但仍会导致像这样的问题。
我希望它有所帮助。