需求
因为网络环境不允许直接访问公网,需要有内部的 NPM 镜像源。
可以充当内部缓存。减少对外请求的时间。
私有包也可以向上放。
Verdaccio
Verdaccio 是一个 Node.js 创建的轻量的私有 npm proxy registry。
- 它是基于 Node.js 的网页应用程序
- 它是私有 npm registry
- 它是本地网络 proxy
- 它是可插入式应用程序
- 它相当容易安装和使用
- 我们提供 Docker 和 Kubernetes 支持
- 它与 yarn, npm 和 pnpm 100% 兼容
- 它 forked 于sinopia@1.4.0并且 100% 向后兼容。
- Verdaccio 表示意大利中世纪晚期 fresco 绘画中流行的一种绿色的意思。
上面都是来自于官方的介绍。
搭建
我这边采用的是 docker 搭建。一拉镜像就起来了,不用想太多。
docker-compose.yml
version: '3.1'
services:
verdaccio:
image: verdaccio/verdaccio:4
container_name: "verdaccio"
networks:
- node-network
environment:
- VERDACCIO_PORT=4873
ports:
- "4873:4873"
volumes:
- "./storage:/verdaccio/storage"
- "./config/config.yaml:/verdaccio/conf/config.yaml"
- "./plugins:/verdaccio/plugins"
networks:
node-network:
driver: bridge
配置文件
config.yaml
#
# This is the config file used for the docker images.
# It allows all users to do anything, so don't use it on production systems.
#
# Do not configure host and port under `listen` in this file
# as it will be ignored when using docker.
# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#
# path to a directory with all packages
storage: /verdaccio/storage/data
# path to a directory with plugins to include
plugins: /verdaccio/plugins
web:
# WebUI is enabled as default, if you want disable it, just uncomment this line
#enable: false
title: Verdaccio
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc
auth:
htpasswd:
file: /verdaccio/storage/htpasswd
# Maximum amount of users allowed to register, defaults to "+infinity".
# You can set this to -1 to disable registration.
# max_users: 1000
# a list of other known repositories we can talk to
uplinks:
taobao:
url: https://registry.npm.taobao.org/
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: taobao
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: taobao
middlewares:
audit:
enabled: true
# log settings
logs:
- { type: stdout, format: pretty, level: warn }
#- {type: file, path: verdaccio.log, level: info}
#experiments:
# # support for npm token command
# token: false
Nginx 反代配置
server {
listen 80;
listen 443 ssl;
server_name npm.yourMainDomain.cn;
access_log /data/wwwlogs/npm.yourMainDomain.cn.log;
error_log /data/wwwlogs/npm.yourMainDomain.cn.error.log error;
client_max_body_size 20m;
client_body_buffer_size 256k;
client_body_temp_path /etc/nginx/proxy_temp;
ssl_certificate /usr/local/nginx/conf/ssl/*.yourMainDomain.cn.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/*.yourMainDomain.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.20.2.8:4873;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}